Research and tooling development around the ESC7 attack at Active Directory Certificate Services (AD CS) for Red Team operations

Perfect wordlist for discovering directories and files on target site - GitHub - aels/subdirectories-discover: Perfect wordlist for discovering directories and files on target site

Little Snitch is a host-based firewall for macOS, used for monitoring and restricting egress network traffic.

Varonis has observed the ALPHV (BlackCat) ransomware, actively recruiting new affiliates and targeting organizations across multiple sectors worldwide.

Pwnkit is a vulnerability that uses a bug in polkit to elevate permissions to root. This write-up shows how to reproduce it using Ubuntu and what to do to check whether a system is vulnerable.
What went wrong? Quoting from the original researchers:
This…

With FaPro, you can create a virtual network and simulate several different devices in it with a single command.

$100,500 Apple Bug Bounty for hacking the webcam via a Safari Universal Cross-Site Scripting (UXSS) bug. CVE-2021-30861, CVE-2021-30975

A few years ago, I was asked to define an auditd configuration which would serve as the primary detection technology for a large…

PwnKit: CVE-2021-4034 avoid privilege escalation. CrowdSec developed a scenario to give you insight on whether you have been compromised by this vulnerability.

Contribute to jfrog/polkit-tools development by creating an account on GitHub.

Learn about how we discovered CVE-2022-22583, a vulnerability that allows attackers to bypass macOS SIP and take control of the system.

The story of a phishing and malware campagin, overcomming MFA and taking over accounts.

:cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud - GitHub - DataDog/stratus-red-team: :cloud: Granular, Actionable Adversary Emulation for the Cloud

Did that get your attention? Good. The goal of this short post is to evangelize engineering teams to end the psychosis that is storing se...

Rip Raw is a small tool to analyse the memory of compromised Linux systems. - GitHub - cado-security/rip_raw: Rip Raw is a small tool to analyse the memory of compromised Linux systems.

Today I wanted to do a blog post on pivoting with SSH tunnels and using Plink to forward connections to other computers, once you have a foothold in an environment. For this scenario, I used two Vi…

Local privilege escalation bug in SUID-set program ‘pkexec’. CVE-2021-4034 and nicknamed “pwnkit” by the vulnerability finders.

We provide on-site and remote computer repair, IT Consulting, Mac, PC, Linux, and network support. Yes we make WiFi better!