Offensive Security
Offensive Security 101: Everything You Need to Know
For most, the term “offensive” evokes images of aggression and harm. But in cybersecurity, “offensive” takes on a whole new meaning: proactive, strategic, and ultimately, robust security. That’s the essence... The post ...
Mythic v3.2 Highlights: Interactive Tasking, Push C2, and Dynamic File Browser
TL;DR;Mythic v3.2 has Push C2, Interactive Async Tasking, TypedArray parameters, new graphing libraries in the UI, database migrations, dynamic file browser groupings, and more!Image Generated by https://hotpot.ai/art-generatorMythic v3.2It’s been a few months since ...
Long Live the Pwn Request: Hacking Microsoft GitHub Repositories and More
Software supply chain attacks have been increasing both in frequency and severity in recent months. In response to these attacks, the CISA has even released a cybersecurity information sheet (CSI) on how ...
Helpdesk Telephone Attack: How to Close Process and Technology Gaps
Introduction As we have witnessed in recent weeks with the MGM and Caesars Entertainment breaches, helpdesks are prime attack surfaces that are seeing a surge in exploitation. Although much of the press ...
Hacking With Your Nemesis
In the first post in this series, On (Structured) Data, we talked about the gap area of offensive structured data and ended with the question, “If all of our offensive tools produced ...
On (Structured) Data
IntroductionThe offensive security industry is a curious one. On the one hand, we are ahead in various trends (or “thought leadership,” as some would have us term it) and are used to ...
FOSS BloodHound 4.3.1 release
We are excited to share the release of BloodHound version 4.3.1. We have accepted a lot of pull requests made by BloodHound users for bug fixes and cool improvements in this release ...
Content Discovery: Understanding Your Web Attack Surface
Attack Surface Management (ASM) tools find quite a lot of vulnerabilities on the Web. This really isn’t surprising, given that HTTP/S is by far the most common and broadest of all the ...
C2 and the Docker Dance: Mythic 3.0’s Marvelous Microservice Moves
— Title by ChatGPT for introducing Mythic 3.0What is Mythic?Mythic is a plug-n-play command and control (C2) framework that heavily leverages Docker and a microservice architecture where new agents, communication channels, and modifications can ...
ASM: The Best Defense is a Good Offense
About 10 years ago, security was relatively simple because everything occurred on premises. Change releases were tightly controlled by a change ticket and review process. In contrast, current networks consist of auto-scaling ...