Introduction to Sliver
By Red Siege | November 7, 2022
By: Justin Palk, Security Consultant Around the time Tim decided he was going to give a Siegecast on selecting a C2, I finished building out a test Windows AD domain […]
Learn MoreMoving beyond T4 – Deconstructing Nmap Tuning
By Red Siege | July 6, 2022
by Alex Norman, Senior Security Consultant Nmap -T4 -iL targets.txt This is a very common scan string that many people use to get initial recon done on assessments and, to […]
Learn MoreCreating a Simple Windows Domain for Offensive Testing: Part 4
By Red Siege | June 23, 2022
By: Justin Palk, Security Consultant This is part four of my series of blog posts on creating a windows domain for offensive security testing. In part 1, I stood up […]
Learn MoreCreating a Simple Windows Domain for Offensive Testing: Part 3
By Red Siege | June 15, 2022
by Security Consultant Justin Palk Welcome back to my series on setting up a Windows domain for offensive testing. In the first two installments (Part 1, Part 2), I stood […]
Learn MoreCreating a Simple Windows Domain for Offensive Testing: Part 2
By Red Siege | June 7, 2022
By: Justin Palk, Security Consultant Welcome back to my series on setting up a Windows domain for offensive testing. In the first installment, I did my basic network setup, created […]
Learn MoreCreating a Simple Windows Domain for Offensive Testing : Part 1
By Red Siege | June 1, 2022
By: Justin Palk, Security Consultant While doing some tool development recently I realized that for the first time I was writing a tool specifically targeting an Active Directory domain and […]
Learn MoreAttacking SAML implementations
By Red Siege | November 2, 2021
SAML and SAML Attacks Recently a client mentioned that they wanted me to pay particular attention to the SAML authentication on an app I was going to be testing. It’s […]
Learn MoreBypassing Signature-Based AV
By Red Siege | August 25, 2021
If you want to execute arbitrary code on an endpoint during a penetration test, red team, or assumed breach, chances are you’ll have to evade some kind of antivirus solution. […]
Learn MoreSans Core Netwars Tournament of Champions Europe
By Red Siege | August 9, 2021
From Justin Palk, Security Consultant: I’ll be honest, it feels good to win. Popping a shell sends a shiver down my spine. But getting into a duel with another team […]
Learn MoreHacking OAuth2.0
By Red Siege | March 22, 2021
The intent of this blog is to help penetration testers and security researchers get a deeper understanding of the OAuth protocol. We are going to learn how to bypass authentication […]
Learn More