2025

• 12 Jun Malware-as-a-Smart-Contract – Part 1: Weaponising BSC to Target Windows Users via WordPress
• 11 Apr A Closer Look at Microsoft’s Latest Email Security Requirements – Tooling Release Included!
• 13 Mar The Anatomy of a Phishing Investigation: How Attackers Exploit Health-Related Fears
• 06 Mar Tutorial – How to setup a forward proxy with HAProxy that routes TOR through a VPN…in docker
• 27 Feb Ranking MFA Methods – From Least to Most Secure
• 19 Feb Please Mind the CAP – Modern Conditional Access Policy circumvention and what it means for your organisation (webinar recording)
• 06 Feb Bring Your Own Trusted Binary (BYOTB) – BSides Edition

2024

• 20 Dec TokenSmith – Bypassing Intune Compliant Device Conditional Access
• 02 Dec BCP, as easy as ABC?
• 30 Oct Weaponize Your Word – Malicious Template Injection
• 24 Oct Breaking into Libraries – DLL Hijacking
• 15 Oct Active Cyber Defence – Taking back control
• 17 Sep NTLM Relaying – Making the Old New Again
• 11 Sep Building Forensic Expertise: A Two-Part Guide to Investigating a Malicious USB Device (Part 2)
• 28 Aug Building Forensic Expertise: A Two-Part Guide to Investigating a Malicious USB Device (Part 1)
• 20 Aug Adversary at the Door – Initial Access and what’s currently on the menu
• 13 Aug SSH Tunnelling to Punch Through Corporate Firewalls – Updated take on one of the oldest LOLBINs
• 06 Aug How to Handle Development Projects in a Pentest Company
• 04 Jul How Cloud Migration is Affecting AppSec – A Red Teamer’s Perspective
• 28 Jun Putting the C2 in C2loudflare
• 19 Jun Bullet Proofing Your Email Gateway
• 13 Jun What’s in a Name? Writing custom DNS tunnelling protocol, exploiting unexpected AWS Lambda misconfiguration – in a web app Pen test (Part 2)
• 06 Jun What’s in a Name? Writing custom DNS tunnelling protocol, exploiting unexpected AWS Lambda misconfiguration – in a web app Pen test (Part 1)
• 31 May WASM Smuggling for Initial Access and W.A.L.K. Tool Release
• 16 May Adventures and Accidental Honeypots in Network Infrastructure: Unravelling Internet Shenanigans
• 09 May Poisoning Pipelines: Azure DevOps Edition
• 02 May Why sneak when you can walk through the front door – A Love letter to Password Spraying against M365 in Red Team Engagements

2023

• 21 Dec Advisory CVE-2023-43042 – IBM Backup Products Superuser Information Disclosure
• 19 Dec Red Teaming the Cloud: A Shift in Perspective
• 21 Jun Advisory: IDOR in Microsoft Teams Allows for External Tenants to Introduce Malware
• 19 Jun Hunting the Snake: An Overview of Threat Hunting with Velociraptor
• 09 Jun Ligolo: Quality of Life on Red Team Engagements
• 26 May Hunting for ‘Snake’
• 23 May Advisory CVE-2023-30382 – Half-Life Local Privilege Escalation
• 17 Apr Butting Heads with a Threat Actor on an Engagement

2022

• 15 Dec Advisory CVE-2022-37832 – Mutiny Network Monitoring Appliance hardcoded credentials
• 12 Dec Online Machine Learning: how to integrate user feedback
• 23 Nov Implementation and Dynamic Generation for Tasks in Apache Airflow
• 08 Sep QUEST KACE Desktop Authority Pre-Auth Remote Code Execution (CVE-2021-44031)
• 11 Aug Abusing SharedUserData For Defense Evasion and Exploitation
• 02 Aug (ZOHO) ManageEngine Desktop Central – Path Traversal / Arbitrary File Write
• 02 Aug (ZOHO) ManageEngine Desktop Central – SQL Injection / Arbitrary File Write
• 14 Jul Azure – Securing Shared Access Signatures (SAS)
• 26 Jan Advisory CVE-2021-41551 Leostream Connection Broker – Authenticated Zip Slip
• 26 Jan Advisory CVE-2021-41550 Leostream Connection Broker – Authenticated Remote Code Execution

2021

• 22 Nov No Logs? No Problem! Incident Response without Windows Event Logs
• 07 Oct PowerShell Jobs
• 24 Aug Burp Suite and Beyond: Exploring non-HTTP protocols using MITM_RELAY
• 11 Aug Running Once, Running Twice, Pwned! Windows Registry Run Keys
• 03 Aug Can Depix deobfuscate your data?
• 22 Jul Car Hacking – Manual Bypass of Modern Rolling Code Implementations
• 16 Jul Obfuscating C2 During a Red Team Engagement
• 07 Jul PRINTNIGHTMARE NETWORK ANALYSIS
• 06 Jul Securing against new offensive techniques abusing active directory certificate service
• 28 Apr Overcoming Issues Using Custom Python Scripts with Burp Suite Professional

2020

• 21 Dec Win a place @HackFu 2021 Community Edition!
• 13 Nov Detecting known DLL hijacking and named pipe token impersonation attacks with Sysmon
• 13 Nov Advisory CVE-2020-13773 – Ivanti Unified Endpoint Manager Reflected XSS
• 13 Nov Advisory CVE-2020-13769 – Ivanti Unified Endpoint Manager SQL injection
• 13 Nov Advisory CVE-2020-13772 – Ivanti Unified Endpoint Manager system information disclosure
• 12 Nov Advisory CVE-2020-13774 – Ivanti Unified Endpoint Manager authenticated RCE via file upload
• 11 Nov Advisory CVE-2020-13770 – Ivanti Unified Endpoint Manager named pipe token impersonation privilege escalation
• 11 Nov Advisory CVE-2020-13771 – Ivanti Unified Endpoint Manager DLL search order hijacking privilege escalation
• 04 Sep Pwning Windows Event Logging with YARA rules
• 11 Aug Defending Your Malware
• 07 Jun Thunder Eye – Threat Intelligence Aggregator
• 07 Jun API Hooking Framework
• 03 Jun shad0w
• 20 Apr A Defender’s Guide For Rootkit Detection: Episode 1 – Kernel Drivers

2019

• 20 Jun Bypassing Antivirus with Golang – Gopher it!
• 06 Feb Enhanced logging to detect common attacks on Active Directory– Part 1

2016

• 28 Jun Short introduction to Network Forensics and Indicators of Compromise (IoC)
• 07 Mar CVE 2015-7547 glibc getaddrinfo() DNS Vulnerability
• 28 Jan Research and Development

2015

• 24 Apr Covert channels – (Mis)Using ICMP protocol for file transfers with scapy
• 01 Mar Microsoft Onenote Image Caching Bug (Confidential Information Leakage)
• 19 Jan Ghost In The Shellcode 2015 CTF: Write-up for cloudfs challenge

2014

• 10 Nov LAYER 8 – Patching the un-patchable….
• 10 Nov Playing with MS14-060 and MS14-058 [CVE-2014-4113 CVE-2014-4114] : Attacks and Defenses
• 07 Nov GPU Password Cracking Hype