wunderwuzzi blog

2021

• Jan 22 Survivorship Bias and Red Teaming
• Jan 11 Gamifying Security with Red Team Scores

2020

• Dec 08 Actively protecting pen testers and pen testing assets
• Nov 26 Machine Learning Attack Series: Overview
• Nov 25 Machine Learning Attack Series: Generative Adversarial Networks (GANs)
• Nov 24 Assuming Bias and Responsible AI
• Nov 23 Abusing Application Layer Gateways (NAT Slipstreaming)
• Nov 10 Machine Learning Attack Series: Repudiation Threat and Auditing
• Nov 05 Video: Building and breaking a machine learning system
• Oct 28 Machine Learning Attack Series: Image Scaling Attacks
• Oct 26 Leveraging the Blue Team's Endpoint Agent as C2
• Oct 22 Machine Learning Attack Series: Adversarial Robustness Toolbox Basics
• Oct 20 Hacking neural networks - so we don't get stuck in the matrix
• Oct 19 What does an offensive security team actually do?
• Oct 14 CVE 2020-16977: VS Code Python Extension Remote Code Execution
• Oct 10 Machine Learning Attack Series: Stealing a model file
• Oct 09 Coming up: Grayhat Red Team Village talk about hacking a machine learning system
• Sep 23 Beware of the Shadowbunny - Using virtual machines to persist and evade detections
• Sep 22 Participating in the Microsoft Machine Learning Security Evasion Competition - Bypassing malware models by signing binaries
• Sep 18 Machine Learning Attack Series: Backdooring models
• Sep 16 Machine Learning Attack Series: Perturbations to misclassify existing images
• Sep 13 Machine Learning Attack Series: Smart brute forcing
• Sep 09 Machine Learning Attack Series: Brute forcing images to find incorrect predictions
• Sep 06 Threat modeling a machine learning system
• Sep 05 MLOps - Operationalizing the machine learning model
• Sep 04 Husky AI: Building a machine learning system
• Sep 02 The machine learning pipeline and attacks
• Sep 01 Getting the hang of machine learning
• Aug 28 Beware of the Shadowbunny! at BSides Singapore
• Aug 24 Race conditions when applying ACLs
• Aug 12 Red Teaming Telemetry Systems
• Jul 31 Illusion of Control: Capability Maturity Models and Red Teaming
• Jul 24 Motivated Intruder - Red Teaming for Privacy!
• Jul 21 Firefox - Debugger Client for Cookie Access
• Jul 15 Remotely debugging Firefox instances
• Jul 14 Performing port-proxying and port-forwarding on Windows
• Jul 01 Blast from the past: Cross Site Scripting on the AWS Console
• Jun 30 Feedspot ranked 'Embrace the Red' one of the top 15 pentest blogs
• Jun 22 Using built-in OS indexing features for credential hunting
• Jun 18 Shadowbunny article published in the PenTest Magazine
• Jun 12 Putting system owners in Security Bug Jail
• Jun 10 Red Teaming and Monte Carlo Simulations
• May 24 Phishing metrics - what to track?
• May 13 $3000 Bug Bounty Award from Mozilla for a successful targeted Credential Hunt
• May 01 Cookie Crimes and the new Microsoft Edge Browser
• Apr 28 Post-Exploitation: Abusing Chrome's debugging feature to observe and control browsing sessions remotely
• Apr 26 Hunting for credentials and building a credential type reference catalog
• Apr 06 Attack Graphs - How to create and present them
• Apr 02 Cybersecurity Attacks - Red Team Strategies has been released.
• Feb 15 2600 - The Hacker Quarterly - Pass the Cookie Article
• Feb 12 Web Application Security Principles Revisited
• Feb 06 Zero Trust and Disabling Remote Management Endpoints

2019

• Dec 02 Book: Cybersecurity Attacks - Red Team Strategies
• Oct 27 MITRE ATT&CK Update for Cloud and cookies!
• Sep 01 Coinbase under attack and cookie theft
• Aug 24 Cybersecurity - Homefield Advantage
• Aug 24 Now using Hugo for the blog
• Jul 03 BashSpray - Simple Password Spray Bash Script
• Jun 20 Active Directory and MacOS
• Jun 04 Google Leaks Your Alternate Email Addresses to Unauthenticated Users
• May 21 Lyrebird - Hack the hacker (and take a picture)
• Jan 10 KoiPhish - The Beautiful Phishing Proxy
• Jan 05 McPivot and useful LLDB commands

2018

• Dec 16 Pass the Cookie and Pivot to the Clouds