Quick Guide to Security Headers - Part One

A month ago, we finished a series of six web application assessments for local and regional banks. In addition to common web vulnerabilities, like SQLi, we

Continue Reading
Remotely Host MSBuild Payloads

tl;dr Separate your C# payload from a MSBuild XML file and host it remotely on a WebDav server. Red teams and attackers frequently repurpose MSBuild,

Continue Reading
EyeWitness - Potential Modifications

This is the second post in relation to the new .Net implementation of EyeWitness and it will cover a few things that you should possibly do

Continue Reading
Ngrok for Local Infrastructure

IntroductionHello, meet ngrok (https://ngrok.com/), an easy way to tunnel traffic from a local machine (i.e. VM) to an external address. With ngrok, you

Continue Reading
MiddleOut: a C# Compression Tool

MiddleOut (a salute to Silicon Valley) is a tool written in C# that compresses any number of files passed to it. I wanted to learn .Net

Continue Reading