Displaying post from category:

Tools and Techniques

Attacking SAML implementations

By Red Siege | November 2, 2021

SAML and SAML Attacks Recently a client mentioned that they wanted me to pay particular attention to the SAML authentication on an app I was going to be testing. It’s […]

Learn More
Attacking SAML implementations

Bypassing Signature-Based AV

By Red Siege | August 25, 2021

If you want to execute arbitrary code on an endpoint during a penetration test, red team, or assumed breach, chances are you’ll have to evade some kind of antivirus solution. […]

Learn More
Bypassing Signature-Based AV

Sans Core Netwars Tournament of Champions Europe

By Red Siege | August 9, 2021

From Justin Palk, Security Consultant: I’ll be honest, it feels good to win. Popping a shell sends a shiver down my spine. But getting into a duel with another team […]

Learn More
Sans Core Netwars Tournament of Champions Europe

Hacking OAuth2.0

By Red Siege | March 22, 2021

The intent of this blog is to help penetration testers and security researchers get a deeper understanding of the OAuth protocol. We are going to learn how to bypass authentication […]

Learn More
Hacking OAuth2.0

Networking Fundamentals Part I

By Red Siege | February 10, 2021

This blog is the first of three in a series to go over some basic networking fundamentals that every security professional should know. These blogs are geared towards the absolute […]

Learn More
Networking Fundamentals Part I

SiegeCast : Web Api Weaknesses

By Justin Connors | January 11, 2021

Learn More
SiegeCast : Web Api Weaknesses

Threading the Needles: Why Defense in Depth Still Matters

By Mike Saunders | January 6, 2021

I recently performed an assumed breach test against what I would consider an Apex Defender organization. The security team is smart, well-funded, extremely capable, and resourceful. The team has both […]

Learn More
Threading the Needles: Why Defense in Depth Still Matters

Free Backgrounds for Everyone!

By Justin Connors | December 8, 2020

No one knows what the future holds, but 2021 is shaping up to be another year of remote work and video conferences. With that in mind, we wanted to provide […]

Learn More
Free Backgrounds for Everyone!

Netcat and MFD’s – The Gifts That Keep on Giving

By Mike Saunders | October 30, 2020

It’s fairly well known that printers and MFDs can be a gateway to compromise on otherwise secured networks. We regularly encounter networks filled with these devices internal tests and (ab)use […]

Learn More
Netcat and MFD’s – The Gifts That Keep on Giving

Detecting Kerberoasting

By Tim Medin | October 21, 2020

Kerberoasting is an effective method for privilege escalation, pivoting, and even persistence. Let’s take a look at ways to detect (and prevent) this attack. Jump to the portion of this […]

Learn More
Detecting Kerberoasting