July 2023

GPO Abuse

July 31, 2023

Group Policy Objects (GPOs) are a powerful tool administrators use to manage and enforce security policies across a domain. However, in the wrong hands, GPOs

Fox-hooded figure managing multiple servers and monitors, representing command and control (C2) frameworks in cybersecurity.

Introduction to C2 Frameworks

July 27, 2023

Command and Control (C2) frameworks have emerged as a sophisticated and consequential dimension in the ever-evolving cybersecurity landscape. These frameworks are commonly employed by threat

Fox-hooded figure analyzing server access logs, symbolizing cybersecurity risks from ACL misconfigurations.

Abusing ACL Misconfigurations

July 25, 2023

Access Control Lists (ACLs) are a crucial component of securing data and resources in an IT infrastructure. By assigning permissions to users and groups, ACLs

Fox-hooded analyst at a multi-monitor station overlooking a neon city, symbolizing using Shodan to find internet-accessible devices for security research.

Discovering Internet Accessible Devices with Shodan

July 24, 2023

In the vast landscape of the internet, a hidden world of devices is waiting to be discovered. These devices, ranging from servers and routers to

A fox-hooded figure monitors multiple data screens in a neon-lit server room, symbolizing the role of vulnerability scans and pen testing in cybersecurity.

The Importance of Vulnerability Scans and Pen Testing

July 22, 2023

As cyber-attacks have evolved, businesses must protect their applications against vulnerabilities that open them to attack. Vulnerability scans and penetration testing come into play here.

A fox-hooded figure works on multiple glowing monitors in a neon-lit cyber lab, symbolizing the power of the Covenant C2 Framework.

Power of Covenant C2 Framework

July 22, 2023

In the ever-evolving world of cybersecurity, staying one step ahead of malicious actors is crucial. Command and control (C2) frameworks play a vital role in

DOM-Based Cross-Site Scripting

July 21, 2023

As the digital landscape continues to evolve, so do the threats that target web applications. Cross-site scripting (XSS) remains a persistent and dangerous vulnerability among

A fox-hooded figure monitors dual screens displaying code and alerts in a neon-lit lab, symbolizing defense against phishing attacks.

Defending Against Phishing Attacks

July 21, 2023

As technology continues to advance, so do the tactics of cybercriminals. Phishing attacks trick individuals into divulging sensitive information or downloading harmful software. In this

A fox-hooded figure holding a device analyzes glowing screens with code in a neon-lit lab, symbolizing CRLF injection attacks.

Understanding CRLF Injection Attacks

July 19, 2023

In web security, CRLF Injection Attacks remain a potent threat. This blog aims to provide comprehensive insight into this malicious technique, its implications, and the

Fox-in-hoodie at workstation overlooking city — visual for a guide on Active Directory Certificate Services (AD CS) abuse and defensive controls.

Exploiting MS SQL Servers

July 18, 2023

As companies continue to rely on databases to store sensitive information, securing the data has become a top priority. MS SQL Server is a popular

BloodHound Cheat Sheet

July 17, 2023

BloodHound is a powerful security tool that uses graph theory to reveal the relationships between users, groups, and computers in a domain. In this comprehensive

Resource-Based Constrained Delegation (RBCD) Attack

July 15, 2023

Resource-Based Constrained Delegation (RBCD) is a feature introduced in Windows Server 2012 that allows administrators to configure which accounts are trusted to delegate on their