Hacking Humans: Social Engineering and the Psychology
#specterops
TL;DR : Social engineering engagements are the most exciting and heart pumping, “in my opinion”. It doesn’t begin at the badge reader or the front desk. The access occurs when someone makes a decision. The cameras work. The badges work. The locks work. Failure happens when an employee makes a decision: “Does this person belong […]
via SpecterOps Blog (author: John Wotton)
#specterops
TL;DR : Social engineering engagements are the most exciting and heart pumping, “in my opinion”. It doesn’t begin at the badge reader or the front desk. The access occurs when someone makes a decision. The cameras work. The badges work. The locks work. Failure happens when an employee makes a decision: “Does this person belong […]
via SpecterOps Blog (author: John Wotton)
How I sped up exploit validation in Repeater using Burp AI
#portswigger
Note: This is a guest post by IT security consultant Adarsh Kumar. I’ve been using Burp Suite day to day for years, so when Burp AI was introduced, I was curious how it would actually hold up dur
via PortSwigger Blog
#portswigger
Note: This is a guest post by IT security consultant Adarsh Kumar. I’ve been using Burp Suite day to day for years, so when Burp AI was introduced, I was curious how it would actually hold up dur
via PortSwigger Blog
LDAP Channel Binding and LDAP Signing
#trustedsec
With Microsoft “enforcing” Lightweight Directory Access Protocol (LDAP) Signing by default in Server 2025, it once again seems like a good time to revisit our old friends LDAP Channel Binding and LDAP Signing. It’s…
via TrustedSec Blog (author: Scott Blake)
#trustedsec
With Microsoft “enforcing” Lightweight Directory Access Protocol (LDAP) Signing by default in Server 2025, it once again seems like a good time to revisit our old friends LDAP Channel Binding and LDAP Signing. It’s…
via TrustedSec Blog (author: Scott Blake)
Introducing BloodHound Enterprise On-Premises: Why On-Prem Identity Attack Path Management Still Matters in a Cloud World
#specterops
TL;DR : BloodHound Enterprise on-premises brings enterprise-grade identity attack path management to air-gapped, classified, and highly regulated environments. It uses the same engine as our SaaS solution while keeping all identity data within your security boundary. Cloud adoption has transformed how organizations deploy and scale security tools. For many use cases, SaaS delivers speed, simplicity, […]
via SpecterOps BH Blog (author: Sev Kocharian)
#specterops
TL;DR : BloodHound Enterprise on-premises brings enterprise-grade identity attack path management to air-gapped, classified, and highly regulated environments. It uses the same engine as our SaaS solution while keeping all identity data within your security boundary. Cloud adoption has transformed how organizations deploy and scale security tools. For many use cases, SaaS delivers speed, simplicity, […]
via SpecterOps BH Blog (author: Sev Kocharian)
Weaponizing Whitelists: An Azure Blob Storage Mythic C2 Profile
#specterops
TL;DR: Mature enterprises lock down egress but often carve out broad exceptions for trusted cloud services. This post shows how reviewing deployment guides can help identify those exceptions and weaponize them with a new Mythic C2 profile called azureBlob. During a recent Hackathon, we discussed some common issues operators run into. One unfortunately common one: […]
via SpecterOps Blog (author: Andrew Gomez)
#specterops
TL;DR: Mature enterprises lock down egress but often carve out broad exceptions for trusted cloud services. This post shows how reviewing deployment guides can help identify those exceptions and weaponize them with a new Mythic C2 profile called azureBlob. During a recent Hackathon, we discussed some common issues operators run into. One unfortunately common one: […]
via SpecterOps Blog (author: Andrew Gomez)
Beyond ACLs: Mapping Windows Privilege Escalation Paths with BloodHound
#synacktiv
via Synacktiv Blog (author: Webmaster)
#synacktiv
via Synacktiv Blog (author: Webmaster)
MCP in Burp Suite: From Enumeration to Targeted Exploitation
#trustedsec
MCP-ASD Burp extension has been submitted to the BApp Store and is awaiting approval.MCP OVERVIEWMCP (Model Context Protocol) servers are becoming more common thanks to their ease of integration with AI systems such as…
via TrustedSec Blog (author: Drew Kirkpatrick)
#trustedsec
MCP-ASD Burp extension has been submitted to the BApp Store and is awaiting approval.MCP OVERVIEWMCP (Model Context Protocol) servers are becoming more common thanks to their ease of integration with AI systems such as…
via TrustedSec Blog (author: Drew Kirkpatrick)
Get the Most from Testing Your AI-Powered Application
#bishopfox
Pen tests don’t fail because testers miss bugs. They fail when no one agrees what questions the test should answer. In today’s cloud- and AI-driven apps, scoping, execution, and follow-through determine whether results drive real decisions or just become another filed report.
via BishopFox Blog
#bishopfox
Pen tests don’t fail because testers miss bugs. They fail when no one agrees what questions the test should answer. In today’s cloud- and AI-driven apps, scoping, execution, and follow-through determine whether results drive real decisions or just become another filed report.
via BishopFox Blog
Keys to JWT Assessments - From a Cheat Sheet to a Deep Dive
#trustedsec
The Cheat Sheet section is for quick reference.The Learn section is for those who have never touched the topic before.The Implement section is for more detailed denoscriptions of each Cheat Sheet…
via TrustedSec Blog (author: Aaron James)
#trustedsec
The Cheat Sheet section is for quick reference.The Learn section is for those who have never touched the topic before.The Implement section is for more detailed denoscriptions of each Cheat Sheet…
via TrustedSec Blog (author: Aaron James)
Top 10 web hacking techniques of 2025
#portswigger
Welcome to the Top 10 Web Hacking Techniques of 2025, the 19th edition of our annual community-powered effort to identify the most innovative must-read web security research published in the last year
via PortSwigger Research
#portswigger
Welcome to the Top 10 Web Hacking Techniques of 2025, the 19th edition of our annual community-powered effort to identify the most innovative must-read web security research published in the last year
via PortSwigger Research
Get the Most from Testing Your Applications
#bishopfox
Pen tests don’t fail because testers miss bugs. They fail when no one agrees what questions the test should answer. In today’s cloud- and AI-driven apps, scoping, execution, and follow-through determine whether results drive real decisions or just become another filed report.
via BishopFox Blog
#bishopfox
Pen tests don’t fail because testers miss bugs. They fail when no one agrees what questions the test should answer. In today’s cloud- and AI-driven apps, scoping, execution, and follow-through determine whether results drive real decisions or just become another filed report.
via BishopFox Blog
Rust’s Role in Embedded Security
#netspi
Rust enhances memory safety in embedded systems, but rigorous security testing remains essential to address logic, hardware, and cryptographic vulnerabilities. Explore the benefits and key considerations of using Rust
via NetSPI Technical Blog (author: Andrew Bindner)
#netspi
Rust enhances memory safety in embedded systems, but rigorous security testing remains essential to address logic, hardware, and cryptographic vulnerabilities. Explore the benefits and key considerations of using Rust
via NetSPI Technical Blog (author: Andrew Bindner)
Pipe Dreams: Remote Code Execution via Quest Desktop Authority Named Pipe
#netspi
Discover the risks of the CVE-2025-67813 vulnerability in Quest Desktop Authority. Learn how this RCE flaw impacts your organization and how to mitigate it.
via NetSPI Technical Blog (author: Ceri Coburn)
#netspi
Discover the risks of the CVE-2025-67813 vulnerability in Quest Desktop Authority. Learn how this RCE flaw impacts your organization and how to mitigate it.
via NetSPI Technical Blog (author: Ceri Coburn)
Deep Dive into Arista NG Firewall Vulnerabilities
#bishopfox
Bishop Fox identified six vulnerabilities in Arista NG Firewall version 17.4, including critical command injection flaws allowing root-level code execution with some exploitable by chaining attacks through a single malicious link.
via BishopFox Blog
#bishopfox
Bishop Fox identified six vulnerabilities in Arista NG Firewall version 17.4, including critical command injection flaws allowing root-level code execution with some exploitable by chaining attacks through a single malicious link.
via BishopFox Blog
What If Requesting a Penetration Test Was as Simple as Submitting a URL?
#bishopfox
Bishop Fox's Rob Ragan explores how Cosmos AI transforms application security testing from a logistical bottleneck into a scalable service—enabling organizations to test entire portfolios.
via BishopFox Blog
#bishopfox
Bishop Fox's Rob Ragan explores how Cosmos AI transforms application security testing from a logistical bottleneck into a scalable service—enabling organizations to test entire portfolios.
via BishopFox Blog
Introducing BloodHound Scentry: Accelerate Your Identity Attack Path Management Practice with Expert Guidance
#specterops
SpecterOps is excited to announce the launch of our newest addition to BloodHound Enterprise, BloodHound Scentry. BloodHound Scentry is an expert advisory service that uses the proven expertise of the SpecterOps team to accelerate your Identity Attack Path Management (APM) practice and protect the most critical assets in your environment from attack paths that put […]
via SpecterOps BH Blog (author: Robby Winchester)
#specterops
SpecterOps is excited to announce the launch of our newest addition to BloodHound Enterprise, BloodHound Scentry. BloodHound Scentry is an expert advisory service that uses the proven expertise of the SpecterOps team to accelerate your Identity Attack Path Management (APM) practice and protect the most critical assets in your environment from attack paths that put […]
via SpecterOps BH Blog (author: Robby Winchester)
Securing Entra ID Administration: Tier 0
#trustedsec
<p>Entra ID (formerly Azure AD) is the core service upon which Microsoft 365 applications rely for directory and authentication services. This makes Entra ID security a critical element for any organization that leverages…</p>
via TrustedSec Blog (author: Sean Metcalf)
#trustedsec
<p>Entra ID (formerly Azure AD) is the core service upon which Microsoft 365 applications rely for directory and authentication services. This makes Entra ID security a critical element for any organization that leverages…</p>
via TrustedSec Blog (author: Sean Metcalf)
V8 Heap Archaeology: Finding Exploitation Artifacts in Chrome’s Memory
#specterops
TL;DR : This post aims to introduce readers to the anatomy and detection of JavaScript memory corruption exploits that target Google Chrome’s V8 JavaScript engine. We’ll dive into the primitives attackers need during the first stage of a Chrome full-chain exploit and what artifacts these primitives leave behind in memory. It is these artifacts that defenders […]
via SpecterOps Blog (author: Liam D)
#specterops
TL;DR : This post aims to introduce readers to the anatomy and detection of JavaScript memory corruption exploits that target Google Chrome’s V8 JavaScript engine. We’ll dive into the primitives attackers need during the first stage of a Chrome full-chain exploit and what artifacts these primitives leave behind in memory. It is these artifacts that defenders […]
via SpecterOps Blog (author: Liam D)
ShareHound: An OpenGraph Collector for Network Shares
#specterops
TL;DR: ShareHound is an OpenGraph collector for BloodHound CE and BloodHound Enterprise that maps network shares, permissions, and paths at scale helping identify attack paths to network shares automatically. Introduction In many enterprise environments, network shares can become prime staging targets for ransomware or lateral movement. Attackers who gain access to even a low-privileged user […]
via SpecterOps BH Blog (author: Remi GASCOU)
#specterops
TL;DR: ShareHound is an OpenGraph collector for BloodHound CE and BloodHound Enterprise that maps network shares, permissions, and paths at scale helping identify attack paths to network shares automatically. Introduction In many enterprise environments, network shares can become prime staging targets for ransomware or lateral movement. Attackers who gain access to even a low-privileged user […]
via SpecterOps BH Blog (author: Remi GASCOU)
Most Security Programs Test a Fraction of Their Applications. That Changes Today.
#bishopfox
Bishop Fox's Rob Ragan explores how Cosmos AI transforms application security testing from a logistical bottleneck into a scalable service—enabling organizations to test entire portfolios.
via BishopFox Blog
#bishopfox
Bishop Fox's Rob Ragan explores how Cosmos AI transforms application security testing from a logistical bottleneck into a scalable service—enabling organizations to test entire portfolios.
via BishopFox Blog