Technical Resources

Technical

Latest Technical Resources

Recent InfoSec Talks, Defcon 32 - SSHamble: Unexpected Exposures in the Secure Shell
Aug 26, 2024 Will Vandevanter

Recent InfoSec Talks, Defcon 32 - SSHamble: Unexpected Exposures in the Secure Shell

Will Vandevanter discusses a talk he saw at Defcon 2024 that was jam-packed with knowledge, hunting an international criminal, 0 days, and a new open-source tool. Will also talks about some takeaways he got from the talk.
READ MORE
One Proxy to Rule Them All
Jul 15, 2024 Joseph Morris

One Proxy to Rule Them All

Bypass WAFs with gigaproxy: an HTTP proxy that rotates IPs using mitmproxy, AWS API Gateway, and Lambda. Read the blog to learn more.
READ MORE
Exploring Modern Password Spraying: Introduction to Entra Smart Lockout
Jun 21, 2024 Nicholas Anastasi

Exploring Modern Password Spraying: Introduction to Entra Smart Lockout

Delve into the modern techniques and security controls surrounding password spraying. This series will explore the current techniques, tactics, and procedures (TTPs) for password spraying.
READ MORE
Pwning SPA’s With Semgrep
May 30, 2024 Nate Fair

Pwning SPA’s With Semgrep

Semgrep, or Semantic Grep (For Code) should be a part of your pentesting toolkit. If you think otherwise, read on to see why.
READ MORE
From Twitter to Exploit: The Sprocket Security Lifecycle of Exploitation
May 16, 2024 Nate Fair

From Twitter to Exploit: The Sprocket Security Lifecycle of Exploitation

Our approach to mass exploitation of the latest and greatest vulnerability. On the chopping block, this time around: CVE-2024-3400.
READ MORE
Zip Slip Exploitation in File Uploads with Hackvertor
May 09, 2024 Will Vandevanter

Zip Slip Exploitation in File Uploads with Hackvertor

Custom Tags are one of Hackvertor's most powerful features. They allow you to run Python, Java, or JavaScript with a one-liner inside any Burp request. In this blog post, we will discuss performing Zip Slip testing with a custom Hackvertor tag.
READ MORE
« 1 2 3 4 5 »