The Current State of Exploit Development, Part 2
In Part 1 of this two-part blog series, we addressed binary exploitation on Windows systems, including some legacy and contemporary mitigations that…
The Current State of Exploit Development, Part 1
Memory corruption exploits have historically been one of the strongest accessories in a good red teamer's toolkit. They present an easy win…
Staying Off the Land: A Threat Actor Methodology
With offense-focused methodologies being created around “living off the land” and “bring your own land,” we would like to cover a somewhat…
Your Jenkins Belongs to Us Now: Abusing Continuous Integration Systems
"Continuous integration (CI) is the process of automating the build and testing of code every time a team member commits a change."…
Hidden Administrative Accounts: BloodHound to the Rescue
Defending an organization from today’s sophisticated attacks is no easy task. It often requires security teams to be ready at a moment’s…