Latest Articles

Burp Suite and Beyond: Exploring non-HTTP protocols using MITM_RELAY

By Muhammet Ali Arıtürk In this article, Muhammet takes us on a deep technical journey to persevere beyond the limitations of the proxy tool Burp Suite, and explore non-HTTP, application-layer protocols using ‘MITM RELAY’. IntroductionAs an offensive security tester, we often rely on Burp Suite. While an excellent resource when penetration testing, it’s not without limitations, as we explored in our previous article on utilising custom python scripts. To get around some particular limitations in a recent case, I used a cool tool called MITM_RELAY which is described as a “hackish way to intercept and modify non-HTTP protocols through Burp & others”. 

Read more →

August 24, 2021,dray

Running Once, <del>Running Twice</del>, Pwned! Windows Registry Run Keys

By Dray Agha The Windows registry is a vast and complex topic and cannot be understood and defended in one article. One particular area of interest from a security perspective is registry run keys. In this article, we discuss who uses run keys, how to uncover abuse, and how to eradicate evil from them. An Introduction to Run Keys What are registry run keys? Run keys are an obscure mechanism of the registry to execute something on a Windows system when a user logs in or the machine boots up. 

Read more →

August 11, 2021,dray

Can Depix deobfuscate your data?

The censored text cracking tool By Caleb Herbert In this post, Caleb explores Depix and its potential to recover sensitive text from reports that were redacted by the original authors. You can use our guidance to enter the challenge and test your GPU’s mettle against the gauntlet we’ve thrown down! 1. What is Depix and how is it used?When sensitive information is about to be displayed to a reader, an author may blur the sensitive text so it can no longer be recognised. Blurring is intended to be used to redact text FOREVER… but I think that isn’t true anymore. We have some tooling that can unblur that text, and uncover quite interesting things that the original authors would have rather we didn’t know.

Read more →

August 3, 2021,dray