Signed, Trusted, and Abused: Proxy Execution via WebView2
An offensive security perspective on Microsoft Edge WebView2 Runtime, including architectural weaknesses, existing vulnerabilities, and exploitation methods.
Author
Cloud Security: Tips and Resources for Securing the Cloud
This overview of the basics of Cloud Security includes some tips and resources for getting started in defending the cloud.
Lessons From A Chatbot Incident
Real-world account of how insecure databases and an AI chatbot left customer data exposed and how it could have been prevented.
How to Lead Effective Tabletops
Learn how to transform boring, meeting-style security tabletop exercises into engaging real-world scenario simulations.
Understanding GRC: How to Navigate Risks and Compliance Standards
“GRC” isn’t all witchcraft and administrative nonsense — it’s the core that drives security initiatives, connects security spend to business outcomes, and powers a well-functioning security team.
The “P” in PAM is for Persistence: Linux Persistence Technique
Learn about a pentesting tool using the Pluggable Authentication Module for privilege escalation, lateral movement, and persistence in Linux.
OSINT: How to Find, Use, and Control Open-Source Intelligence
OSINT stands for open-source intelligence, and it refers to all publicly available information on the open internet which has been obtained without any special requirements (paywalls, invitations, etc.).
What to Do with Your First Home Lab
Having assembled fundamental lab components, you now get to play! However, the ocean of potential projects can be intimidating. Where does one even start?
Social Engineering and Microsoft SSPR: The Road to Pwnage is Paved with Good Intentions
This scenario simultaneously tests identity confirmation tooling (SSPR, MFA, Conditional Access), how users act under pressure, and the organization’s ability to detect and follow-up on social engineering attacks.