top of page
Additional Resources:
-
Red Team Tips: https://github.com/vysecurity/redtips
-
Vincent Yiu's Technical Blog: https://www.vincentyiu.com
Search
Jul 152 min read
PacketParser - Parsing Network Traffic Capture Files
As part of our engagements, we may compromise access to network devices that can be used to capture traffic in various network segments....
Jul 102 min read
Hunting for Fireprox
As part of our red team engagements, we may sometimes utilize Fireprox to obtain a larger number of IP addresses for various actions,...
Jul 102 min read
Teams User Enumeration in 2024
Often we have customers that require Red Teaming from a black-box perspective where we don't get provided an e-mail list. A relevant...
Dec 14, 20236 min read
Protecting Evilginx3
Evilginx3: A Favorite Tool for Many Red Teamers As part of our authorized engagements, customers often request us to simulate phishing...
Nov 24, 20236 min read
Using AI to assist in the creation of Personas
We often get asked to perform targeted social engineering as part of our engagements. Personas and sock puppet accounts are usually...
Oct 1, 20231 min read
Azure App C2 Revisited
Azure Applications are often recognized by the well-known *.azurewebsites.net domains. We've long abused Azure-related infrastructure...
Sep 25, 20233 min read
Bypassing Web Proxies, Static Rules, and Google Safe Browsing at Scale
TLDR We got fed up with Google Safe Browsing, so we quickly whipped up a piece of code that fetches the origin, encodes it, and renders...
Aug 30, 20233 min read
Rise of AI: Stable Diffusion Web UI
Introduction Wikipedia: Stable Diffusion is a deep learning, text-to-image model released in 2022 based on diffusion techniques. It is...
Aug 30, 20234 min read
DevTunnels for C2
What are DevTunnels? Dev tunnels allow developers to share local web services across the internet securely. It enables you to connect...
bottom of page