Auditing GitLab: The CI/CD Kill Chain
Welcome to GoGatoZ — a purpose-built Go tool for GitLab CI/CD security auditing that can perform and automate the entire CI/CD kill chain along with everything those one-off scripts did and then some.
Red Team
Same Problem, Different Angles: When Red Team and Blue Team Actually Talk to Each Other
There is a certain kind of conversation that doesn’t get written up in a post-mortem, doesn’t generate a ticket, and never makes it into an end-of-quarter report. It happens on the margins—at a conference, in a hallway, or, in this case, at 30,000 feet above sea level. It’s the conversation where two people who are solving the same problem from opposite ends of the table finally sit down next to each other.
How to Identify and Exploit New Vulnerabilities
In the ever-evolving world of cybersecurity, staying ahead of the curve is not just a goal—it’s a necessity. As new vulnerabilities emerge, the race to identify and mitigate them begins. But how do we, the guardians of the digital realm, rapidly pinpoint these threats as they become public? Let’s dive into the fascinating world of vulnerability identification and see how the magic happens.
Swapper – A Pure Regex Match/Replace Burp Extension
To get a valid session token to use with Burp Suite tools, I ended up writing a small Python extension (110 lines of code, but who’s counting?) that obtained a new session token for each request, allowing items like Intruder to work as intended. Cool, I was able to use it during the test, but I would like this to be repeatable. So, this blog is releasing Swapper, a regex pattern-based match/replace Burp Suite extension.
A Practical Guide to BloodHound Data Collection
This blog will not dive too deeply into BloodHound itself; instead, we will focus on various methods to collect AD data to provide BloodHound as input.
Signed, Trusted, and Abused: Proxy Execution via WebView2
An offensive security perspective on Microsoft Edge WebView2 Runtime, including architectural weaknesses, existing vulnerabilities, and exploitation methods.
Getting Started In Pentesting – Advice From The BHIS Pentest Lead
Advice about getting started in pentesting from the BHIS pentest lead, including a learning path and why you should go all in on offensive security skills.
The “P” in PAM is for Persistence: Linux Persistence Technique
Learn about a pentesting tool using the Pluggable Authentication Module for privilege escalation, lateral movement, and persistence in Linux.
Social Engineering and Microsoft SSPR: The Road to Pwnage is Paved with Good Intentions
This scenario simultaneously tests identity confirmation tooling (SSPR, MFA, Conditional Access), how users act under pressure, and the organization’s ability to detect and follow-up on social engineering attacks.