With the prior knowledge in mind, I come up with a simple idea. It’s common to see multiple Exchange Servers in corporate networks for high availability and site resilience. Can we relay the NTLM authentication among Exchange Servers?

Microsoft’s Office Online Server is the next generation of Office Web Apps Server; it provides a browser based viewer/editor for Word, PowerPoint, Excel and OneNote documents. The product can be...

Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.

Azure function to insert MISP data in to Azure Sentinel - GitHub - zolderio/misp-to-sentinel: Azure function to insert MISP data in to Azure Sentinel

A new critical vulnerability CVE-2022-42889 a.k.a Text4shell was reported on the popular Apache Commons Text library.

BlueBleed covers multiple misconfigured servers with sensitive data detected by SOCRadar's in-house cloud security module.

I recently documented a dangerous reverse-proxy behaviour called first-request routing, which enables host-header attacks on back-end systems. In this post, I'll show how first-request routing also en

Introduction Several vulnerabilities with the popular ASP.NET web application add-on Telerik UI for ASP.NET AJAX have become a frequent source of “easy-wins” for operators at BLS. Discovery and exploitation are usually straightforward, and they result in…

Introduction In this blog series, we will cover the topic of rootkits — how they are built and the basics of kernel driver analysis — specifically on the Windows platform. In this first part, we...

Every week, almost without fail, I come across one thing that confuses, entertains, or most commonly infuriates me. I’ve decided to keep a…

This blog post will untangle the question of 'who has access to what' in an Azure Active Directory environment. A PowerShell tool will also be released to automatically enumerate this.

An Evil OIDC Server. Contribute to doyensec/oidc-ssrf development by creating an account on GitHub.

Some time ago I was using Logic Pro to record some of my music and I needed a way to start and stop the recording from an iPhone, so I found about Logic Remote and was quite happy with it.After the se

FullHunt released an update to Log4J-Scan to detect Apache Commons Text RCE (CVE-2022-42889).Detecting Apache Commons Text RCE (CVE-2022-42889)The Apache Com...

A framework for OAuth 2.0 device code authentication grant flow phishing.

Source code and examples for Antignis. Contribute to huntandhackett/Antignis development by creating an account on GitHub.