Blog

Moving beyond T4 – Deconstructing Nmap Tuning

By Red Siege | July 6, 2022

by Alex Norman, Senior Security Consultant Nmap -T4 -iL targets.txt This is a very common scan string that many people use to get initial recon done on assessments and, to […]

Learn More
Moving beyond T4 – Deconstructing Nmap Tuning

Creating a Simple Windows Domain for Offensive Testing: Part 4

By Red Siege | June 23, 2022

By: Justin Palk, Security Consultant This is part four of my series of blog posts on creating a windows domain for offensive security testing. In part 1, I stood up […]

Learn More
Creating a Simple Windows Domain for Offensive Testing: Part 4

Creating a Simple Windows Domain for Offensive Testing: Part 3

By Red Siege | June 15, 2022

by Security Consultant Justin Palk Welcome back to my series on setting up a Windows domain for offensive testing. In the first two installments (Part 1, Part 2), I stood […]

Learn More
Creating a Simple Windows Domain for Offensive Testing: Part 3

Creating a Simple Windows Domain for Offensive Testing: Part 2

By Red Siege | June 7, 2022

By: Justin Palk, Security Consultant Welcome back to my series on setting up a Windows domain for offensive testing. In the first installment, I did my basic network setup, created […]

Learn More
Creating a Simple Windows Domain for Offensive Testing: Part 2

Creating a Simple Windows Domain for Offensive Testing : Part 1

By Red Siege | June 1, 2022

By: Justin Palk, Security Consultant While doing some tool development recently I realized that for the first time I was writing a tool specifically targeting an Active Directory domain and […]

Learn More
Creating a Simple Windows Domain for Offensive Testing : Part 1

SiegeCast: Practical People Hacking

By Justin Connors | April 25, 2022

  Social Engineering should be in the toolkit for every Security professional, whether that is to execute it, or defend against it. In this Siegecast Corey Overstreet and Jason Downey […]

Learn More
SiegeCast: Practical People Hacking

HTTPSC2DoneRight (and Working)

By Red Siege | February 17, 2022

tl;dr If you want an updated and working copy of httpsc2doneright, grab it here   If you’re a Cobalt Strike user, it’s almost certain that at some point you’ve used […]

Learn More
HTTPSC2DoneRight (and Working)

Attacking SAML implementations

By Red Siege | November 2, 2021

SAML and SAML Attacks Recently a client mentioned that they wanted me to pay particular attention to the SAML authentication on an app I was going to be testing. It’s […]

Learn More
Attacking SAML implementations

SiegeCast: Properly Preparing for a Pentest

By Justin Connors | October 25, 2021

October 26th at 3pm Eastern. Defenders, we know you want to make sure you are getting the maximum value from your penetration test. On this SiegeCast, Senior Security Consultant Alex […]

Learn More
SiegeCast: Properly Preparing for a Pentest

SiegeCast: Cobalt Strike Basics

By Red Siege | September 13, 2021

Sept 14th at 3pm Eastern. Tim Medin breaks down everything you need to know about Cobalt Strike with its very own Tech Director, Joe Vest   How to watch: Youtube: […]

Learn More
SiegeCast: Cobalt Strike Basics