red

Oct 24 2024 ZombAIs: From Prompt Injection to C2 with Claude Computer Use

Jul 30 2024 Protect Your Copilots: Preventing Data Leaks in Copilot Studio

May 16 2024 Pivot to the Clouds: Cookie Theft in 2024

Dec 20 2023 OpenAI Begins Tackling ChatGPT Data Leak Vulnerability

Jun 11 2023 Exploit ChatGPT and Enter the Matrix to Learn about AI Security

May 28 2023 ChatGPT Plugin Exploit Explained: From Prompt Injection to Accessing Private Data

May 16 2023 ChatGPT Plugins: Data Exfiltration via Images & Cross Plugin Request Forgery

May 14 2023 Indirect Prompt Injection via YouTube Transcripts

May 11 2023 Adversarial Prompting: Tutorial and Lab

May 10 2023 Video: Prompt Injections - An Introduction

Apr 27 2023 MLSecOps Podcast: AI Red Teaming and Threat Modeling Machine Learning Systems

Apr 15 2023 Don't blindly trust LLM responses. Threats to chatbots.

Jan 25 2023 Video Tutorial: Hijacking SSH Agent

Nov 21 2022 Device Code Phishing Attacks

Nov 20 2022 Ropci deep-dive for Azure hackers

Oct 20 2022 PenTest Magazine Open Source Toolkit: ropci

Oct 20 2022 ROPC - So, you think you have MFA?

Oct 16 2022 TTP Diaries: SSH Agent Hijacking

Sep 18 2022 gospray - Simple LDAP bind-based password spray tool

Sep 09 2022 Malicious Python Packages and Code Execution via pip download

Aug 28 2022 Machine Learning Attack Series: Backdooring Pickle Files

Jul 10 2022 Offensive BPF: Using bpftrace to sniff PAM logon passwords

Jun 26 2022 Post Exploitation: Sniffing Logon Passwords with PAM

May 28 2022 Customized Hacker Shell Prompts

Apr 11 2022 GPT-3 and Phishing Attacks

Mar 12 2022 AWS Scaled Command Bash Script - Run AWS commands for many profiles

Feb 28 2022 Gitlab Reconnaissance Introduction

Jan 04 2022 Log4Shell and Request Forgery Attacks

Nov 08 2021 Video: Anatomy of a compromise

Oct 20 2021 Offensive BPF: Understanding and using bpf_probe_write_user

Oct 14 2021 Offensive BPF: Sniffing Firefox traffic with bpftrace

Oct 09 2021 Offensive BPF: What's in the bpfcc-tools box?

Oct 06 2021 Offensive BPF: Using bpftrace to host backdoors

Oct 05 2021 Offensive BPF: Malicious bpftrace 🤯

Sep 30 2021 Offensive BPF! Getting started.

Aug 30 2021 Backdoor users on Linux with uid=0

Aug 16 2021 Using Microsoft Counterfit to create adversarial examples for Husky AI

Aug 09 2021 Using procdump on Linux to dump credentials

Jul 05 2021 Automating Microsoft Office to Achieve Red Teaming Objectives

Jun 28 2021 Airtag hacks - scanning via browser, removing speaker and data exfiltration

Jun 09 2021 Somewhere today a company is breached

May 01 2021 Google's FLoC - Privacy Red Teaming Opportunities

Apr 18 2021 Spoofing credential dialogs on macOS, Linux and Windows

Mar 03 2021 Hong Kong InfoSec Summit 2021 Talk - The adversary will come to your house!

Feb 08 2021 An alternative perspective on the death of manual red teaming

Jan 22 2021 Survivorship Bias and Red Teaming

Dec 08 2020 Actively protecting pen testers and pen testing assets

Nov 26 2020 Machine Learning Attack Series: Overview

Nov 25 2020 Machine Learning Attack Series: Generative Adversarial Networks (GANs)

Nov 24 2020 Assuming Bias and Responsible AI

Nov 23 2020 Abusing Application Layer Gateways (NAT Slipstreaming)

Nov 10 2020 Machine Learning Attack Series: Repudiation Threat and Auditing

Nov 05 2020 Video: Building and breaking a machine learning system

Oct 28 2020 Machine Learning Attack Series: Image Scaling Attacks

Oct 26 2020 Leveraging the Blue Team's Endpoint Agent as C2

Oct 22 2020 Machine Learning Attack Series: Adversarial Robustness Toolbox Basics

Oct 20 2020 Hacking neural networks - so we don't get stuck in the matrix

Oct 19 2020 What does an offensive security team actually do?

Oct 14 2020 CVE 2020-16977: VS Code Python Extension Remote Code Execution

Oct 10 2020 Machine Learning Attack Series: Stealing a model file

Oct 09 2020 Coming up: Grayhat Red Team Village talk about hacking a machine learning system

Sep 23 2020 Beware of the Shadowbunny - Using virtual machines to persist and evade detections

Sep 22 2020 Participating in the Microsoft Machine Learning Security Evasion Competition - Bypassing malware models by signing binaries

Sep 18 2020 Machine Learning Attack Series: Backdooring models

Sep 16 2020 Machine Learning Attack Series: Perturbations to misclassify existing images

Sep 13 2020 Machine Learning Attack Series: Smart brute forcing

Sep 09 2020 Machine Learning Attack Series: Brute forcing images to find incorrect predictions

Sep 01 2020 Getting the hang of machine learning

Aug 28 2020 Beware of the Shadowbunny! at BSides Singapore

Aug 12 2020 Red Teaming Telemetry Systems

Jul 31 2020 Illusion of Control: Capability Maturity Models and Red Teaming

Jul 24 2020 Motivated Intruder - Red Teaming for Privacy!

Jul 21 2020 Firefox - Debugger Client for Cookie Access

Jul 15 2020 Remotely debugging Firefox instances

Jul 14 2020 Performing port-proxying and port-forwarding on Windows

Jun 22 2020 Using built-in OS indexing features for credential hunting

Jun 18 2020 Shadowbunny article published in the PenTest Magazine

Jun 10 2020 Red Teaming and Monte Carlo Simulations

May 24 2020 Phishing metrics - what to track?

May 13 2020 $3000 Bug Bounty Award from Mozilla for a successful targeted Credential Hunt

May 01 2020 Cookie Crimes and the new Microsoft Edge Browser

Apr 28 2020 Post-Exploitation: Abusing Chrome's debugging feature to observe and control browsing sessions remotely

Apr 26 2020 Hunting for credentials and building a credential type reference catalog

Apr 06 2020 Attack Graphs - How to create and present them

Apr 02 2020 Cybersecurity Attacks - Red Team Strategies has been released.

Dec 02 2019 Book: Cybersecurity Attacks - Red Team Strategies

Oct 27 2019 MITRE ATT&CK Update for Cloud and cookies!

Aug 24 2019 Cybersecurity - Homefield Advantage

Jul 03 2019 BashSpray - Simple Password Spray Bash Script

Jun 20 2019 Active Directory and MacOS

Jan 10 2019 KoiPhish - The Beautiful Phishing Proxy

Jan 05 2019 McPivot and useful LLDB commands

Dec 16 2018 Pass the Cookie and Pivot to the Clouds