// offensive security research
Find the path.
Document the failure.
Long-form writing on red team operations, exploit development, initial access techniques, and building offensive tooling.
latest posts
Apparition: Browser-in-the-Middle Phishing
Last year Mandiant published a blog post on Browser-in-the-Middle (BitM) phishing. Several of the resources they mentioned as useful in their research, I also found to be helpful:...
I Put a Chatbot on Your Site
As if AI wasn’t already a headache for governance, I thought I’d add one more fun thing into the mix. AI chatbots have become prevalent across many, many...
Your Butler Is My Commander
On a recent internal engagement I came across a Jenkins installation, compromised it through some developer AD users, and started using it as a pivot into the client’s...
Visualizing AWS Relationships and Attack Paths
While performing analysis of AWS environments and attempting to identify attack paths and lateral movement opportunity, I kept wishing for something akin to BloodHound. Running tools like ScoutSuite...