Displaying post from category:

Tools and Techniques

HTTPSC2DoneRight (and Working)

By Red Siege | February 17, 2022

tl;dr If you want an updated and working copy of httpsc2doneright, grab it here   If you’re a Cobalt Strike user, it’s almost certain that at some point you’ve used […]

Learn More
HTTPSC2DoneRight (and Working)

Attacking SAML implementations

By Red Siege | November 2, 2021

SAML and SAML Attacks Recently a client mentioned that they wanted me to pay particular attention to the SAML authentication on an app I was going to be testing. It’s […]

Learn More
Attacking SAML implementations

Bypassing Signature-Based AV

By Red Siege | August 25, 2021

If you want to execute arbitrary code on an endpoint during a penetration test, red team, or assumed breach, chances are you’ll have to evade some kind of antivirus solution. […]

Learn More
Bypassing Signature-Based AV

Sans Core Netwars Tournament of Champions Europe

By Red Siege | August 9, 2021

From Justin Palk, Security Consultant: I’ll be honest, it feels good to win. Popping a shell sends a shiver down my spine. But getting into a duel with another team […]

Learn More
Sans Core Netwars Tournament of Champions Europe

Customizing C2Concealer – Part 2

By Red Siege | August 2, 2021

If you haven’t read Part I, we recommend starting there. If you’re ready for further C2Concealer customization, then let’s dive in.   The bulk of C2Concealer’s operations are done in […]

Learn More
Customizing C2Concealer – Part 2

Customizing C2Concealer – Part 1

By Red Siege | July 12, 2021

About a year ago, we publicly released our C2 malleable profile generator for Cobalt Strike, C2Concealer. You can read the initial blog post here. In the GitHub Readme page and […]

Learn More
Customizing C2Concealer – Part 1

Ordinal Values, Windows Functions, and C#

By Red Siege | June 8, 2021

There’s many different techniques that an offensive security professional could use to try to have their code avoid detection by various AV and EDR products. Various options include encrypting part […]

Learn More
Ordinal Values, Windows Functions, and C#

Hacking OAuth2.0

By Red Siege | March 22, 2021

The intent of this blog is to help penetration testers and security researchers get a deeper understanding of the OAuth protocol. We are going to learn how to bypass authentication […]

Learn More
Hacking OAuth2.0

Networking Fundamentals Part I

By Red Siege | February 10, 2021

This blog is the first of three in a series to go over some basic networking fundamentals that every security professional should know. These blogs are geared towards the absolute […]

Learn More
Networking Fundamentals Part I

SiegeCast : Web Api Weaknesses

By Justin Connors | January 11, 2021

Learn More
SiegeCast : Web Api Weaknesses