Sans Core Netwars Tournament of Champions Europe

Sans Core Netwars Tournament of Champions Europe

By Red Siege | August 9, 2021

From Justin Palk, Security Consultant: I’ll be honest, it feels good to win. Popping a shell sends a shiver down my spine. But getting into a duel with another team […]

Hacking OAuth2.0

By Red Siege | March 22, 2021

The intent of this blog is to help penetration testers and security researchers get a deeper understanding of the OAuth protocol. We are going to learn how to bypass authentication […]

Networking Fundamentals Part I

By Red Siege | February 10, 2021

This blog is the first of three in a series to go over some basic networking fundamentals that every security professional should know. These blogs are geared towards the absolute […]

SiegeCast : Web Api Weaknesses

By Justin Connors | January 11, 2021

Threading the Needles: Why Defense in Depth Still Matters

By Mike Saunders | January 6, 2021

I recently performed an assumed breach test against what I would consider an Apex Defender organization. The security team is smart, well-funded, extremely capable, and resourceful. The team has both […]

User Enumeration Part 3 – Windows

By Mike Saunders | April 16, 2020

This is the third installment in a series of blogs on user enumeration. In Part 1 – Building Name Lists, I talked about ways of building usernames from OSINT and […]

User Enumeration Part 2 – Microsoft Office 365

By Mike Saunders | March 10, 2020

It’s not uncommon on external pen tests and red team engagements to find very little attack surface on the customer’s internet-facing networks. Customers have started shifting services to cloud providers, […]

User Enumeration Part 1 – Building Name Lists

By Mike Saunders | January 30, 2020

A common part of pen tests – both network and web app – is password spraying. In order to do that, you need usernames. But how do you find out […]