2021
- Spoofing credential dialogs on macOS, Linux and Windows
- Broken NFT standards
- Hong Kong InfoSec Summit 2021 Talk - The adversary will come to your house!
- An alternative perspective on the death of manual red teaming
- Cybersecurity Attacks - Red Team Strategies Kindle Edition for free
- Team A and Team B: Sunburst, Teardrop and Raindrop
- Survivorship Bias and Red Teaming
- Gamifying Security with Red Team Scores
2020
- Actively protecting pen testers and pen testing assets
- Machine Learning Attack Series: Overview
- Machine Learning Attack Series: Generative Adversarial Networks (GANs)
- Assuming Bias and Responsible AI
- Abusing Application Layer Gateways (NAT Slipstreaming)
- Machine Learning Attack Series: Repudiation Threat and Auditing
- Video: Building and breaking a machine learning system
- Machine Learning Attack Series: Image Scaling Attacks
- Leveraging the Blue Team's Endpoint Agent as C2
- Machine Learning Attack Series: Adversarial Robustness Toolbox Basics
- Hacking neural networks - so we don't get stuck in the matrix
- What does an offensive security team actually do?
- CVE 2020-16977: VS Code Python Extension Remote Code Execution
- Machine Learning Attack Series: Stealing a model file
- Coming up: Grayhat Red Team Village talk about hacking a machine learning system
- Beware of the Shadowbunny - Using virtual machines to persist and evade detections
- Participating in the Microsoft Machine Learning Security Evasion Competition - Bypassing malware models by signing binaries
- Machine Learning Attack Series: Backdooring models
- Machine Learning Attack Series: Perturbations to misclassify existing images
- Machine Learning Attack Series: Smart brute forcing
- Machine Learning Attack Series: Brute forcing images to find incorrect predictions
- Threat modeling a machine learning system
- MLOps - Operationalizing the machine learning model
- Husky AI: Building a machine learning system
- The machine learning pipeline and attacks
- Getting the hang of machine learning
- Beware of the Shadowbunny! at BSides Singapore
- Race conditions when applying ACLs
- Red Teaming Telemetry Systems
- Illusion of Control: Capability Maturity Models and Red Teaming
- Motivated Intruder - Red Teaming for Privacy!
- Firefox - Debugger Client for Cookie Access
- Remotely debugging Firefox instances
- Performing port-proxying and port-forwarding on Windows
- Blast from the past: Cross Site Scripting on the AWS Console
- Feedspot ranked 'Embrace the Red' one of the top 15 pentest blogs
- Using built-in OS indexing features for credential hunting
- Shadowbunny article published in the PenTest Magazine
- Putting system owners in Security Bug Jail
- Red Teaming and Monte Carlo Simulations
- Phishing metrics - what to track?
- $3000 Bug Bounty Award from Mozilla for a successful targeted Credential Hunt
- Cookie Crimes and the new Microsoft Edge Browser
- Post-Exploitation: Abusing Chrome's debugging feature to observe and control browsing sessions remotely
- Hunting for credentials and building a credential type reference catalog
- Attack Graphs - How to create and present them
- Cybersecurity Attacks - Red Team Strategies has been released.
- 2600 - The Hacker Quarterly - Pass the Cookie Article
- Web Application Security Principles Revisited
- Zero Trust and Disabling Remote Management Endpoints
2019
- Book: Cybersecurity Attacks - Red Team Strategies
- MITRE ATT&CK Update for Cloud and cookies!
- Coinbase under attack and cookie theft
- Cybersecurity - Homefield Advantage
- Now using Hugo for the blog
- BashSpray - Simple Password Spray Bash Script
- Active Directory and MacOS
- Google Leaks Your Alternate Email Addresses to Unauthenticated Users
- Lyrebird - Hack the hacker (and take a picture)
- KoiPhish - The Beautiful Phishing Proxy
- McPivot and useful LLDB commands