The Tales of the Crimson Foes
A compilation of red team and pentest stories

Prevent Kali Linux, ParrotOS, and Pentoo Linux from throwing GuardDuty alerts by modifying the User Agent string when using the AWS CLI.

In this 2-part “Everyday Ghidra” series post, we’ll walk through creating custom Ghidra data types by parsing C header files. In Everyday…

Recraft's image generation service uses a unique architecture combining an LLM (Claude) with a diffusion model. Learn what led to the discovery that carefully crafted prompts could expose the system's internal instructions.

Well, we’re back again, with yet another fresh-off-the-press bug chain (and associated Interactive Artifact Generator). This time, it’s in Citrix’s “Virtual Apps and Desktops” offering.

This is a tech stack that enables end-users (and likely, your friendly…

Probely has been acquired by Snyk, an industry leader in developer security. Learn more about the acquisition in this article.

On September 10th, 2024, a critical security flaw was disclosed in the Ruby-SAML and OmniAuth-SAML libraries, exposing a vulnerability that allows complete authentication bypass. This flaw, CVE-2024-45409, earned the highest possible score of 10 on GitHub's…

Intro This series of articles describes fault injection attack techniques in order to understand their real potential by testing their […]

Team82 researched the security of the OvrC cloud platform, which is used by businesses and consumers to remotely manage IoT devices. We uncovered 10 different vulnerabilities that, when chained, allow attackers to execute code on OvrC cloud-connected devices…

For the past year, we’ve worked with the Python Package Index (PyPI) on a new security feature for the Python ecosystem: index-hosted digital attestations, as specified in PEP 740. These attestations improve on traditional PGP signatures (which have been…

In this blog post, we document Linux process injection techniques, and explain how to detect and mitigate them.

It’s been a tricky time for Fortinet (and their customers) lately - arguably, even more so than usual. Adding to the steady flow of vulnerabilities in appliances recently was a nasty CVSS 9.8 vulnerability in FortiManager, their tool for central management…

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perfor...

Discover how to reproduce CVE-2024-10979, a vulnerability in PostgreSQL's trusted PL/Perl, through this detailed step-by-step guide. Learn about the security implications and the importance of applying patches to safeguard your database systems.

Authenticated Gaia users, at least read-only privilege, can inject code or commands by global variables through HTTP requests.

Learn how to identify, understand, attack, and remediate SMB shares configured with excessive privilege in active directory environments with the help of new charts, graphs, and LLM capabilities.

The Gogs self-hosted Git service is vulnerable to symbolic link path traversal that enables remote code execution (CVE-2024-44625). The latest version at the time of writing (0.13.0) is affected. This vulnerability is exploitable against a default install…