Shmoocon

Shmoocon

By Justin Connors | February 22, 2022

The Red Siege Team will be in attendance and is a Proud Sponsor! ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere […]

Attacking SAML implementations

By Red Siege | November 2, 2021

SAML and SAML Attacks Recently a client mentioned that they wanted me to pay particular attention to the SAML authentication on an app I was going to be testing. It’s […]

SiegeCast: Properly Preparing for a Pentest

By Justin Connors | October 25, 2021

October 26th at 3pm Eastern. Defenders, we know you want to make sure you are getting the maximum value from your penetration test. On this SiegeCast, Senior Security Consultant Alex […]

SiegeCast: Cobalt Strike Basics

By Red Siege | September 13, 2021

Sept 14th at 3pm Eastern. Tim Medin breaks down everything you need to know about Cobalt Strike with its very own Tech Director, Joe Vest   How to watch: Youtube: […]

Bypassing Signature-Based AV

By Red Siege | August 25, 2021

If you want to execute arbitrary code on an endpoint during a penetration test, red team, or assumed breach, chances are you’ll have to evade some kind of antivirus solution. […]

Now Streaming SiegeCasts!

By Red Siege | August 17, 2021

We are excited to bring you this brand new SiegeCast in a fresh new format!  On August 24th at 3pm Eastern the new SiegeCast from  Security Consultant Jason Downey will […]

Sans Core Netwars Tournament of Champions Europe

By Red Siege | August 9, 2021

From Justin Palk, Security Consultant: I’ll be honest, it feels good to win. Popping a shell sends a shiver down my spine. But getting into a duel with another team […]

Hacking OAuth2.0

By Red Siege | March 22, 2021

The intent of this blog is to help penetration testers and security researchers get a deeper understanding of the OAuth protocol. We are going to learn how to bypass authentication […]

SiegeCast : Web Api Weaknesses

By Justin Connors | January 11, 2021

Threading the Needles: Why Defense in Depth Still Matters

By Mike Saunders | January 6, 2021

I recently performed an assumed breach test against what I would consider an Apex Defender organization. The security team is smart, well-funded, extremely capable, and resourceful. The team has both […]