Sans Core Netwars Tournament of Champions Europe
By Red Siege | August 9, 2021
From Justin Palk, Security Consultant: I’ll be honest, it feels good to win. Popping a shell sends a shiver down my spine. But getting into a duel with another team […]
Learn MoreHacking OAuth2.0
By Red Siege | March 22, 2021
The intent of this blog is to help penetration testers and security researchers get a deeper understanding of the OAuth protocol. We are going to learn how to bypass authentication […]
Learn MoreNetworking Fundamentals Part I
By Red Siege | February 10, 2021
This blog is the first of three in a series to go over some basic networking fundamentals that every security professional should know. These blogs are geared towards the absolute […]
Learn MoreSiegeCast : Web Api Weaknesses
By Justin Connors | January 11, 2021
Learn MoreThreading the Needles: Why Defense in Depth Still Matters
By Mike Saunders | January 6, 2021
I recently performed an assumed breach test against what I would consider an Apex Defender organization. The security team is smart, well-funded, extremely capable, and resourceful. The team has both […]
Learn MoreUser Enumeration Part 3 – Windows
By Mike Saunders | April 16, 2020
This is the third installment in a series of blogs on user enumeration. In Part 1 – Building Name Lists, I talked about ways of building usernames from OSINT and […]
Learn MoreUser Enumeration Part 2 – Microsoft Office 365
By Mike Saunders | March 10, 2020
It’s not uncommon on external pen tests and red team engagements to find very little attack surface on the customer’s internet-facing networks. Customers have started shifting services to cloud providers, […]
Learn MoreUser Enumeration Part 1 – Building Name Lists
By Mike Saunders | January 30, 2020
A common part of pen tests – both network and web app – is password spraying. In order to do that, you need usernames. But how do you find out […]
Learn More