A Beginner’s Guide to EDR EvasionOr, how to get past Crowdstrike/Defender ATP/Carbon Black on your next engagementSep 25, 2021Sep 25, 2021
Dumping Stored Enterprise Wifi Credentials with Invoke-WifiSquidLearn how to decrypt stored WiFi network credentials with a new PowerShell toolJun 28, 2021Jun 28, 2021
Stealing Saved Browser Passwords: Your New Favorite Post-Exploitation TechniqueLearn how to dump passwords from common browsers for post-exploitation and lateral movementJun 24, 2021Jun 24, 2021
Impacket Deep Dives Vol. 2: Attacking KerberosThere are lots of tools out there for attacking Kerberos, but lots of them are written in PowerShell, so they don’t work well with Linux.Jun 5, 2021Jun 5, 2021
Published inCodeLighthouseXSS: What it is, how it works, and how to prevent itIf you’re a developer, chances are that you’ve heard of cross-site scripting. Cross-site scripting, commonly known as XSS, is one of the…Jan 18, 20212Jan 18, 20212
Published inCodeLighthouseDemystifying JWT: How to secure your next web appHow are you securing your web applications? Are you using session cookies? Third party-based authentication? SAML? Today I’m going to…Jan 5, 2021Jan 5, 2021
Published inCodeLighthouseHow to securely hash and store passwords in your next applicationAre you hashing your user’s passwords? More importantly, are you doing it correctly? There’s a lot of information out there on password…Dec 27, 2020Dec 27, 2020
Published inCodeLighthouseBotocore is awful, so I wrote a better Python client for AWS S3If you’ve ever been unfortunate enough to have had to work with botocore, Amazon Web Services’ Python API, you know that it’s awful. There…Dec 22, 2020Dec 22, 2020