1. Leveraging the Blue Team's Endpoint Agent as C2
  2. Machine Learning Attack Series: Adversarial Robustness Toolbox Basics
  3. Hacking neural networks - so we don't get stuck in the matrix
  4. What does an offensive security team actually do?
  5. CVE 2020-16977: VS Code Python Extension Remote Code Execution
  6. Machine Learning Attack Series: Stealing a model file
  7. Coming up: Grayhat Red Team Village talk about hacking a machine learning system
  8. Beware of the Shadowbunny - Using virtual machines to persist and evade detections
  9. Participating in the Microsoft Machine Learning Security Evasion Competition - Bypassing malware models by signing binaries
  10. Machine Learning Attack Series: Backdooring models
  11. Machine Learning Attack Series: Perturbations to misclassify existing images
  12. Machine Learning Attack Series: Smart brute forcing
  13. Machine Learning Attack Series: Brute forcing images to find incorrect predictions
  14. Threat modeling a machine learning system
  15. MLOps - Operationalizing the machine learning model
  16. Husky AI: Building a machine learning system
  17. The machine learning pipeline and attacks
  18. Getting the hang of machine learning
  19. Beware of the Shadowbunny! at BSides Singapore
  20. Race conditions when applying ACLs
  21. Red Teaming Telemetry Systems
  22. Illusion of Control: Capability Maturity Models and Red Teaming
  23. Motivated Intruder - Red Teaming for Privacy!
  24. Firefox - Debugger Client for Cookie Access
  25. Remotely debugging Firefox instances
  26. Performing port-proxying and port-forwarding on Windows
  27. Blast from the past: Cross Site Scripting on the AWS Console
  28. Feedspot ranked 'Embrace the Red' one of the top 15 pentest blogs
  29. Using built-in OS indexing features for credential hunting
  30. Shadowbunny article published in the PenTest Magazine
  31. Putting system owners in Security Bug Jail
  32. Red Teaming and Monte Carlo Simulations
  33. Phishing metrics - what to track?
  34. $3000 Bug Bounty Award from Mozilla for a successful targeted Credential Hunt
  35. Cookie Crimes and the new Microsoft Edge Browser
  36. Post-Exploitation: Abusing Chrome's debugging feature to observe and control browsing sessions remotely
  37. Hunting for credentials and building a credential type reference catalog
  38. Attack Graphs - How to create and present them
  39. Cybersecurity Attacks - Red Team Strategies has been released.
  40. 2600 - The Hacker Quarterly - Pass the Cookie Article
  41. Web Application Security Principles Revisited
  42. Zero Trust and Disabling Remote Management Endpoints


  1. Book: Cybersecurity Attacks - Red Team Strategies
  2. MITRE ATT&CK Update for Cloud and cookies!
  3. Coinbase under attack and cookie theft
  4. Cybersecurity - Homefield Advantage
  5. Now using Hugo for the blog
  6. BashSpray - Simple Password Spray Bash Script
  7. Active Directory and MacOS
  8. Google Leaks Your Alternate Email Addresses to Unauthenticated Users
  9. Lyrebird - Hack the hacker (and take a picture)
  10. KoiPhish - The Beautiful Phishing Proxy
  11. McPivot and useful LLDB commands


  1. Pass the Cookie and Pivot to the Clouds