wunderwuzzi blog

2020

1. Oct 26 Leveraging the Blue Team's Endpoint Agent as C2
2. Oct 22 Machine Learning Attack Series: Adversarial Robustness Toolbox Basics
3. Oct 20 Hacking neural networks - so we don't get stuck in the matrix
4. Oct 19 What does an offensive security team actually do?
5. Oct 14 CVE 2020-16977: VS Code Python Extension Remote Code Execution
6. Oct 10 Machine Learning Attack Series: Stealing a model file
7. Oct 09 Coming up: Grayhat Red Team Village talk about hacking a machine learning system
8. Sep 23 Beware of the Shadowbunny - Using virtual machines to persist and evade detections
9. Sep 22 Participating in the Microsoft Machine Learning Security Evasion Competition - Bypassing malware models by signing binaries
10. Sep 18 Machine Learning Attack Series: Backdooring models
11. Sep 16 Machine Learning Attack Series: Perturbations to misclassify existing images
12. Sep 13 Machine Learning Attack Series: Smart brute forcing
13. Sep 09 Machine Learning Attack Series: Brute forcing images to find incorrect predictions
14. Sep 06 Threat modeling a machine learning system
15. Sep 05 MLOps - Operationalizing the machine learning model
16. Sep 04 Husky AI: Building a machine learning system
17. Sep 02 The machine learning pipeline and attacks
18. Sep 01 Getting the hang of machine learning
19. Aug 28 Beware of the Shadowbunny! at BSides Singapore
20. Aug 24 Race conditions when applying ACLs
21. Aug 12 Red Teaming Telemetry Systems
22. Jul 31 Illusion of Control: Capability Maturity Models and Red Teaming
23. Jul 24 Motivated Intruder - Red Teaming for Privacy!
24. Jul 21 Firefox - Debugger Client for Cookie Access
25. Jul 15 Remotely debugging Firefox instances
26. Jul 14 Performing port-proxying and port-forwarding on Windows
27. Jul 01 Blast from the past: Cross Site Scripting on the AWS Console
28. Jun 30 Feedspot ranked 'Embrace the Red' one of the top 15 pentest blogs
29. Jun 22 Using built-in OS indexing features for credential hunting
30. Jun 18 Shadowbunny article published in the PenTest Magazine
31. Jun 12 Putting system owners in Security Bug Jail
32. Jun 10 Red Teaming and Monte Carlo Simulations
33. May 24 Phishing metrics - what to track?
34. May 13 $3000 Bug Bounty Award from Mozilla for a successful targeted Credential Hunt
35. May 01 Cookie Crimes and the new Microsoft Edge Browser
36. Apr 28 Post-Exploitation: Abusing Chrome's debugging feature to observe and control browsing sessions remotely
37. Apr 26 Hunting for credentials and building a credential type reference catalog
38. Apr 06 Attack Graphs - How to create and present them
39. Apr 02 Cybersecurity Attacks - Red Team Strategies has been released.
40. Feb 15 2600 - The Hacker Quarterly - Pass the Cookie Article
41. Feb 12 Web Application Security Principles Revisited
42. Feb 06 Zero Trust and Disabling Remote Management Endpoints

2019

1. Dec 02 Book: Cybersecurity Attacks - Red Team Strategies
2. Oct 27 MITRE ATT&CK Update for Cloud and cookies!
3. Sep 01 Coinbase under attack and cookie theft
4. Aug 24 Cybersecurity - Homefield Advantage
5. Aug 24 Now using Hugo for the blog
6. Jul 03 BashSpray - Simple Password Spray Bash Script
7. Jun 20 Active Directory and MacOS
8. Jun 04 Google Leaks Your Alternate Email Addresses to Unauthenticated Users
9. May 21 Lyrebird - Hack the hacker (and take a picture)
10. Jan 10 KoiPhish - The Beautiful Phishing Proxy
11. Jan 05 McPivot and useful LLDB commands

2018

1. Dec 16 Pass the Cookie and Pivot to the Clouds