Two different attack methods will be covered: Authentication Downgrade -> Cracking LDAP Relay -> Resource Based Constrained Delegation (RBCD) / Shadow…

Team82 discloses details on vulnerabilities in Dataprobe iBoot-PDUs that expose power distribution units to remote code execution.

Well, it’s been a long time ago since our beloved JuicyPotato has been published. Meantime things changed and got fixed (backported also to Win10 1803/Server2016) leading to the glorious end …

Innovative Evasion Techniques in Roshtyak

The focus of this article isn’t really the history so much as what can OME in M365 do today, right now, what it cannot do, and some of my most frequent recommendations that I share with custo…

HTTP Request Smuggling in NodeJS

Technical Analysis of Crytox Ransomware: A multi-stage ransomware with a weak key generation algorithm. Read more.

If you know who I am, you might think that this post title is clickbait. Maybe it is, a little. But the truth is, you should do printf debugging! Sometimes. Often not. But sometimes, you should!
Let me explain. When most of us first started programming, we…

Hunting for the loading of unsigned DLLs can help you identify attacks and threat actors in your environment. Our examples include well-known APTs.

In this intrusion from May 2022, the threat actors used BumbleBee as the initial access vector. BumbleBee has been identified as an initial access vector utilized by several ransomware affiliates. In this intrusion, we see the threat actor use BumbleBee to…

Hacktivists operating the Telegram channels XakNet Team

Introduction Until last year, hacktivism has primarily been associated with groups like Anonymous – decentralized and unstructured collectives made up of private individuals with a variety of agendas. Anonymous has launched multiple campaigns against a wide…