1. Abusing Application Layer Gateways (NAT Slipstreaming)
  2. Machine Learning Attack Series: Repudiation Threat and Auditing
  3. Video: Building and breaking a machine learning system
  4. Machine Learning Attack Series: Image Scaling Attacks
  5. Leveraging the Blue Team's Endpoint Agent as C2
  6. Machine Learning Attack Series: Adversarial Robustness Toolbox Basics
  7. Hacking neural networks - so we don't get stuck in the matrix
  8. What does an offensive security team actually do?
  9. CVE 2020-16977: VS Code Python Extension Remote Code Execution
  10. Machine Learning Attack Series: Stealing a model file
  11. Coming up: Grayhat Red Team Village talk about hacking a machine learning system
  12. Beware of the Shadowbunny - Using virtual machines to persist and evade detections
  13. Participating in the Microsoft Machine Learning Security Evasion Competition - Bypassing malware models by signing binaries
  14. Machine Learning Attack Series: Backdooring models
  15. Machine Learning Attack Series: Perturbations to misclassify existing images
  16. Machine Learning Attack Series: Smart brute forcing
  17. Machine Learning Attack Series: Brute forcing images to find incorrect predictions
  18. Threat modeling a machine learning system
  19. MLOps - Operationalizing the machine learning model
  20. Husky AI: Building a machine learning system
  21. The machine learning pipeline and attacks
  22. Getting the hang of machine learning
  23. Beware of the Shadowbunny! at BSides Singapore
  24. Race conditions when applying ACLs
  25. Red Teaming Telemetry Systems
  26. Illusion of Control: Capability Maturity Models and Red Teaming
  27. Motivated Intruder - Red Teaming for Privacy!
  28. Firefox - Debugger Client for Cookie Access
  29. Remotely debugging Firefox instances
  30. Performing port-proxying and port-forwarding on Windows
  31. Blast from the past: Cross Site Scripting on the AWS Console
  32. Feedspot ranked 'Embrace the Red' one of the top 15 pentest blogs
  33. Using built-in OS indexing features for credential hunting
  34. Shadowbunny article published in the PenTest Magazine
  35. Putting system owners in Security Bug Jail
  36. Red Teaming and Monte Carlo Simulations
  37. Phishing metrics - what to track?
  38. $3000 Bug Bounty Award from Mozilla for a successful targeted Credential Hunt
  39. Cookie Crimes and the new Microsoft Edge Browser
  40. Post-Exploitation: Abusing Chrome's debugging feature to observe and control browsing sessions remotely
  41. Hunting for credentials and building a credential type reference catalog
  42. Attack Graphs - How to create and present them
  43. Cybersecurity Attacks - Red Team Strategies has been released.
  44. 2600 - The Hacker Quarterly - Pass the Cookie Article
  45. Web Application Security Principles Revisited
  46. Zero Trust and Disabling Remote Management Endpoints


  1. Book: Cybersecurity Attacks - Red Team Strategies
  2. MITRE ATT&CK Update for Cloud and cookies!
  3. Coinbase under attack and cookie theft
  4. Cybersecurity - Homefield Advantage
  5. Now using Hugo for the blog
  6. BashSpray - Simple Password Spray Bash Script
  7. Active Directory and MacOS
  8. Google Leaks Your Alternate Email Addresses to Unauthenticated Users
  9. Lyrebird - Hack the hacker (and take a picture)
  10. KoiPhish - The Beautiful Phishing Proxy
  11. McPivot and useful LLDB commands


  1. Pass the Cookie and Pivot to the Clouds