Building Better Tests: Assumed Breach Testing

This is a direct copy of a blog I published for my current organisation. However, I thought I would also host it here to retain it for myself 🙂 Current modern networks are often sprawling with multiple areas of ingress. The growth of remote working and cloud computing has removed traditional boundaries and networks can … Continue reading Building Better Tests: Assumed Breach Testing →

MiTM as Service

A number of recent articles and posts around the rise of evil proxy have started to emerge. Evil Proxy is a service based offering allowing "anyone" (providing you pass the bad guy vetting process) access to a web based platform to launch and manage MiTM phishing campaigns. These phishing techniques are not new and have … Continue reading MiTM as Service →

XLS 4.0 Macros and Covenant

XLS4.0 And Covenant

HTB – Haystack Writeup

Haystack was a fun easy box over on HTB. Although perhaps only easy if you were at least aware of the tech stack being used on the machine. The initial path to user is perhaps not realistic but a fun mix of steg and research into elasticsearch in order to get credentials. This if then … Continue reading HTB – Haystack Writeup →

Netmon

So Netmon was a nice little box, not much digging was required for the first flag thats for sure. Nice little exploit of another network / sysadmin web application these seem to always be quite fun and straightforward as they are often designed to execute code on a server. Anyway on with the box! Kicks … Continue reading Netmon →