Offensive Security
Mythic 3.3 — Out of Beta
Mythic 3.3 — Out of BetaMythic 3.3 was released in a Beta six weeks ago, and since then there has been a bunch of feedback, not just about new Mythic 3.3 features but about the ...
Relay Your Heart Away: An OPSEC-Conscious Approach to 445 Takeover
Even within organizations that have achieved a mature security posture, targeted NTLM relay attacks are still incredibly effective after all these years of abuse. Leveraging several of these NTLM relay primitives, specifically ...
Deepfakes, AI, and the Future of Cybersecurity: Insights from Dan DeCloss of PlexTrac
In this episode, host Tom Eston welcomes Dan DeCloss, founder and CTO of PlexTrac. They exchange insights about their history at Veracode and explore Dan’s journey in cybersecurity. Dan shares his experience ...
Lateral Movement with the .NET Profiler
Lateral Movement with the .NET ProfilerThe accompanying code for this blogpost can be found HERE.IntroI spend a lot of my free time modding Unity games. Since Unity is written in C#, the games are very ...
Offensive Security 101: Everything You Need to Know
For most, the term “offensive” evokes images of aggression and harm. But in cybersecurity, “offensive” takes on a whole new meaning: proactive, strategic, and ultimately, robust security. That’s the essence... The post ...
Mythic v3.2 Highlights: Interactive Tasking, Push C2, and Dynamic File Browser
TL;DR;Mythic v3.2 has Push C2, Interactive Async Tasking, TypedArray parameters, new graphing libraries in the UI, database migrations, dynamic file browser groupings, and more!Image Generated by https://hotpot.ai/art-generatorMythic v3.2It’s been a few months since ...
Long Live the Pwn Request: Hacking Microsoft GitHub Repositories and More
Software supply chain attacks have been increasing both in frequency and severity in recent months. In response to these attacks, the CISA has even released a cybersecurity information sheet (CSI) on how ...
Helpdesk Telephone Attack: How to Close Process and Technology Gaps
Introduction As we have witnessed in recent weeks with the MGM and Caesars Entertainment breaches, helpdesks are prime attack surfaces that are seeing a surge in exploitation. Although much of the press ...
Hacking With Your Nemesis
In the first post in this series, On (Structured) Data, we talked about the gap area of offensive structured data and ended with the question, “If all of our offensive tools produced ...
On (Structured) Data
IntroductionThe offensive security industry is a curious one. On the one hand, we are ahead in various trends (or “thought leadership,” as some would have us term it) and are used to ...
