Exploring Agent based Cloud Review Capabilities
Adopting AI-driven tools for reviews and automation. This post examines how cloud-focused plugins can be combined with existing tooling to perform semi-autonomous cloud security reviews.
Pentest Blog Posts
Patch Diffing Microsoft Windows Wi-Fi Driver Vulnerability (CVE-2024-30078) - Part 2
Analysing the Microsoft Windows Wi-Fi driver patch to understand the vulnerability (CVE-2024-30078) - Part2
Modifying Certipy to Evade Microsoft Defender for Identity PKINIT Detection
Bypassing Microsoft Defender for Identity Suspicious certificate usage over Kerberos protocol (PKINIT) high severity alert.
A Cost Effective Covert Implant for Red Teamers
A quick post about making a more cost effective cover implant using a common wired mouse.
Patch Diffing Microsoft Windows Wi-Fi Driver Vulnerability (CVE-2024-30078) - Part 1
Analysing the Microsoft Windows Wi-Fi driver patch to understand the vulnerability (CVE-2024-30078) - Part1
Don't Click Evil.txt: CVE-2024-30050 and Other Windows Silliness
Bypassing security prompts with file shares and more
Git-Rotate: Leveraging GitHub Actions to Bypass Microsoft Entra Smart lockout
Explore how GitHub Actions can be leveraged to rotate IP addresses during password spraying attacks to bypass IP-Based blocking such as Entra Smart lockout.
Hook, Line, and Phishlet: Conquering AD FS with Evilginx
A detailed walkthrough of the process and hurdles faced in leveraging Evilginx3 to conduct a successful phishing campaign on a AD FS protected domain.
Bee-yond Capacity: Unauthenticated RCE in Extreme Networks/Aerohive Wireless APs - CVE-2023-35803
CVE-2023-35803 - An adventure in finding and exploiting a buffer overflow in Extreme Networks/Aerohive Wireless Access Points
