Pythonic Malware: Evading Detection with Compiled Executables

Creating Python executables during an offensive security engagement used to be an effective method of evasion. However, this tactic has become increasingly difficult on modern Windows endpoints. I...

Apr 11, 2022 Windows

Exploiting Password Reset Poisoning

To date, one of my most lucrative bug bounties came from a password reset poisoning vulnerability. This post walks through the process of finding, exploiting, and fixing this bug to help you earn a...

Nov 13, 2021 Web Security

Hacking Organizations One Document at a Time With Metadata

Metadata is simply defined as data about data. In computer systems, this is used to correctly interpret files and store descriptive attributes. While not always visible, metadata provides far more ...

Feb 3, 2021 Web Security

Information Disclosure in NTLM Authentication

This post introduces the concept of information disclosure through NTLM authentication and demonstrates methods for invoking an NTLM challenge response over HTTP(S) - even when no login page is pre...

Mar 5, 2020 Windows

Pythonic Malware: Evading Detection with Compiled Executables

Exploiting Password Reset Poisoning

Hacking Organizations One Document at a Time With Metadata

Information Disclosure in NTLM Authentication

Trending Tags