A CVE in our Executive Summary

What would you say the difference between an "operational" summary and an "executive" summary is? Find out our take on it in this quick read.

Continue Reading
Quick Guide to Security Headers - Part Two

In our last post, we explored 3 of the most important security headers: Content-Security-Policy, Strict-Transport-Security and X-Frame-Options. In this post, we’ll review four additional security

Continue Reading
MalDoc Fu - Some Ideas for Malicious Document Delivery

Introduction "Hey, can you review this document? You might have to enable macros due to formatting lol" Attachment: ImportantDocument.docm We've all seen phishing

Continue Reading
Hot Manchego

tl;dr: Create a macro-enabled Excel workbook using the .NET library EPPlus to bypass some A/V detection. We created Hot Manchego to help pen testers

Continue Reading
Incoming .NET SQLClient

The github repo for SQLClient is available here - https://github.com/FortyNorthSecurity/SqlClient On an assume breach assessment, FortyNorth was able to successfully obtain a

Continue Reading