• Josh Abraham

    Signed Binaries Proxy Execution - T1218


    Posted by Josh Abraham

    The MITRE ATTACK April release included is a new TTP known as 'Signed Binaries Proxy Execution' which is T1218. This TTP is based on an attacker using signed binaries to perform malicious activities.


    read more »



  • Josh Abraham

    Signed Scripts Proxy Execution - T1216


    Posted by Josh Abraham

    Many organizations trust all signed code from Microsoft. Unfortunately, there are many ways in which attackers can use this trust against them. Previously, we covered using signed binaries to perform malicious activities. In this post, we will be covering how to use signed scripts.


    read more »



  • Josh Abraham

    How to use Kerberoasting - T1208 for Privilege Escalation


    Posted by Josh Abraham

    In our experience, Kerberoasting is an attack that is similar to others in that defenders need to fully under it to be able to properly migrate the risks. It’s our goal that through pushing this content into the MITRE ATT&CK framework we have increased the awareness of this TTP so that organizations can be better protected in the future.


    read more »



  • Josh Abraham

    Summary of April MITRE ATT&CK RELEASE


    Posted by Josh Abraham

    MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s lifecycle and the platforms they are known to target. ATT&CK is useful for understanding security risk against known adversary behavior, for planning security improvements, and verifying defenses work as expected.


    read more »



  • Kesten Broughton

    Privilege Escalation in AWS with PassRole Attacks


    Posted by Kesten Broughton

    All instances launched by AWS by default have instance credentials supplied by the AWS metadata service. AWS operators can attach PassRole policies given to an instance at launch time.


    read more »



  • Anna Pobletts

    Path.Combine Security Issues in ASP.NET Applications


    Posted by Anna Pobletts

    Path traversal vulnerabilities are a common class of web application vulnerability, where an attacker aims to access files outside of the intended directory by using “../” patterns to traverse directories or by using absolute paths. These vulnerabilities are commonly found in file upload or download functionality of an application.


    read more »



  • Blake Luther

    KRACK (Key Installation Attack) Against Wi-Fi Networks


    Posted by Blake Luther

    A flaw in the implementation of WPA2-based encryption allows for an attacker within physical range of the wireless network to decrypt traffic from a vulnerable client, allowing for viewing, intercepting, and modifying data in transit. This vulnerability has been assigned CVE numbers CVE-2017-13077 through CVE-2017-13088. There does not yet exist a working public exploit for this attack. However, the research group who discovered it have published their efforts, and working exploit code is likely a matter of days away.


    read more »



  • Josh Abraham

    Shadow Brokers After Action Report


    Posted by Josh Abraham

    Microsoft released security updates in March that address many of the issues already. Therefore, there are no 0day vulnerabilities included in the toolset that can be used against fully patched versions of Windows. The toolset was built in 2013 which means it doesn’t include Windows 10 and 2016. Legacy versions of Windows are still vulnerable since Microsoft won’t release security updates for them.


    read more »



  • Josh Abraham

    How to Mitigate Mimikatz WDigest Cleartext Credential Theft


    Posted by Josh Abraham

    Penetration testers and malicious adversaries often focus on using the easiest attack vector to achieve their objectives. One common attack vector that has been around for several years is to use a tool called Mimikatz and steal cleartext credentials from memory of compromised Windows systems.


    read more »



  • Elvis Collado

    Reversing and Exploiting Embedded Devices: The Software Stack (Part 1)


    Posted by Elvis Collado

    Over the course of the past few months I've been traveling around educating people on exploiting embedded devices. My slides alone aren't able to provide enough information, so I wanted to write everything out for people to digest online. The following blog post is "Part 1", which will introduce the reader to the software side of embedded devices. I decided to cover software first since most flaws reside within the software stack, ranging from binary applications to drivers. Part 2 will cover the Hardware stack with a focus on educating the reader on how JTAG actually works and how to leverage Hardware modifications to either bypass password protections or to extract secrets that may be baked into the targeted devices.


    read more »




Your World, Secured.


Tech Puzzles

Try our Puzzles

Test your problem solving skills. Do you have what it takes?

Try puzzles »