wunderwuzzi blog

2020

1. August 29 A machine learning journey
2. August 28 Beware of the Shadowbunny! at BSides Singapore
3. August 24 Race conditions when applying ACLs
4. August 12 Red Teaming Telemetry Systems
5. July 31 Illusion of Control: Capability Maturity Models and Red Teaming
6. July 24 Motivated Intruder - Red Teaming for Privacy!
7. July 21 Firefox - Debugger Client for Cookie Access
8. July 15 Remotely debugging Firefox instances
9. July 14 Performing port-proxying and port-forwarding on Windows
10. July 01 Blast from the past: Cross Site Scripting on the AWS Console
11. June 30 Feedspot ranked 'Embrace the Red' one of the top 15 pentest blogs
12. June 22 Using built-in OS indexing features for credential hunting
13. June 18 Shadowbunny article published in the PenTest Magazine
14. June 12 Putting system owners in Security Bug Jail
15. June 10 Red Teaming and Monte Carlo Simulations
16. May 24 Phishing metrics - what to track?
17. May 13 $3000 Bug Bounty Award from Mozilla for a successful targeted Credential Hunt
18. May 01 Cookie Crimes and the new Microsoft Edge Browser
19. April 28 Post-Exploitation: Abusing Chrome's debugging feature to observe and control browsing sessions remotely
20. April 26 Hunting for credentials and building a credential type reference catalog
21. April 06 Attack Graphs - How to create and present them
22. April 02 Cybersecurity Attacks - Red Team Strategies has been released.
23. February 15 2600 - The Hacker Quarterly - Pass the Cookie Article
24. February 12 Web Application Security Principles Revisited
25. February 06 Zero Trust and Disabling Remote Management Endpoints

2019

1. December 02 Book: Cybersecurity Attacks - Red Team Strategies
2. October 27 MITRE ATT&CK Update for Cloud and cookies!
3. September 01 Coinbase under attack and cookie theft
4. August 24 Cybersecurity - Homefield Advantage
5. August 24 Now using Hugo for the blog
6. July 03 BashSpray - Simple Password Spray Bash Script
7. June 20 Active Directory and MacOS
8. June 04 Google Leaks Your Alternate Email Addresses to Unauthenticated Users
9. May 21 Lyrebird - Hack the hacker (and take a picture)
10. January 10 KoiPhish - The Beautiful Phishing Proxy
11. January 05 McPivot and useful LLDB commands

2018

1. December 16 Pass the Cookie and Pivot to the Clouds

---

2020

1. August 29 A machine learning journey
2. August 28 Beware of the Shadowbunny! at BSides Singapore
3. August 24 Race conditions when applying ACLs
4. August 12 Red Teaming Telemetry Systems
5. July 31 Illusion of Control: Capability Maturity Models and Red Teaming
6. July 24 Motivated Intruder - Red Teaming for Privacy!
7. July 21 Firefox - Debugger Client for Cookie Access
8. July 15 Remotely debugging Firefox instances
9. July 14 Performing port-proxying and port-forwarding on Windows
10. July 01 Blast from the past: Cross Site Scripting on the AWS Console
11. June 30 Feedspot ranked 'Embrace the Red' one of the top 15 pentest blogs
12. June 22 Using built-in OS indexing features for credential hunting
13. June 18 Shadowbunny article published in the PenTest Magazine
14. June 12 Putting system owners in Security Bug Jail
15. June 10 Red Teaming and Monte Carlo Simulations
16. May 24 Phishing metrics - what to track?
17. May 13 $3000 Bug Bounty Award from Mozilla for a successful targeted Credential Hunt
18. May 01 Cookie Crimes and the new Microsoft Edge Browser
19. April 28 Post-Exploitation: Abusing Chrome's debugging feature to observe and control browsing sessions remotely
20. April 26 Hunting for credentials and building a credential type reference catalog
21. April 06 Attack Graphs - How to create and present them
22. April 02 Cybersecurity Attacks - Red Team Strategies has been released.
23. February 15 2600 - The Hacker Quarterly - Pass the Cookie Article
24. February 12 Web Application Security Principles Revisited
25. February 06 Zero Trust and Disabling Remote Management Endpoints

2019

1. December 02 Book: Cybersecurity Attacks - Red Team Strategies
2. October 27 MITRE ATT&CK Update for Cloud and cookies!
3. September 01 Coinbase under attack and cookie theft
4. August 24 Cybersecurity - Homefield Advantage
5. August 24 Now using Hugo for the blog
6. July 03 BashSpray - Simple Password Spray Bash Script
7. June 20 Active Directory and MacOS
8. June 04 Google Leaks Your Alternate Email Addresses to Unauthenticated Users
9. May 21 Lyrebird - Hack the hacker (and take a picture)
10. January 10 KoiPhish - The Beautiful Phishing Proxy
11. January 05 McPivot and useful LLDB commands

2018

1. December 16 Pass the Cookie and Pivot to the Clouds

---

2020

1. August 29 A machine learning journey
2. August 28 Beware of the Shadowbunny! at BSides Singapore
3. August 24 Race conditions when applying ACLs
4. August 12 Red Teaming Telemetry Systems
5. July 31 Illusion of Control: Capability Maturity Models and Red Teaming
6. July 24 Motivated Intruder - Red Teaming for Privacy!
7. July 21 Firefox - Debugger Client for Cookie Access
8. July 15 Remotely debugging Firefox instances
9. July 14 Performing port-proxying and port-forwarding on Windows
10. July 01 Blast from the past: Cross Site Scripting on the AWS Console
11. June 30 Feedspot ranked 'Embrace the Red' one of the top 15 pentest blogs
12. June 22 Using built-in OS indexing features for credential hunting
13. June 18 Shadowbunny article published in the PenTest Magazine
14. June 12 Putting system owners in Security Bug Jail
15. June 10 Red Teaming and Monte Carlo Simulations
16. May 24 Phishing metrics - what to track?
17. May 13 $3000 Bug Bounty Award from Mozilla for a successful targeted Credential Hunt
18. May 01 Cookie Crimes and the new Microsoft Edge Browser
19. April 28 Post-Exploitation: Abusing Chrome's debugging feature to observe and control browsing sessions remotely
20. April 26 Hunting for credentials and building a credential type reference catalog
21. April 06 Attack Graphs - How to create and present them
22. April 02 Cybersecurity Attacks - Red Team Strategies has been released.
23. February 15 2600 - The Hacker Quarterly - Pass the Cookie Article
24. February 12 Web Application Security Principles Revisited
25. February 06 Zero Trust and Disabling Remote Management Endpoints

2019

1. December 02 Book: Cybersecurity Attacks - Red Team Strategies
2. October 27 MITRE ATT&CK Update for Cloud and cookies!
3. September 01 Coinbase under attack and cookie theft
4. August 24 Cybersecurity - Homefield Advantage
5. August 24 Now using Hugo for the blog
6. July 03 BashSpray - Simple Password Spray Bash Script
7. June 20 Active Directory and MacOS
8. June 04 Google Leaks Your Alternate Email Addresses to Unauthenticated Users
9. May 21 Lyrebird - Hack the hacker (and take a picture)
10. January 10 KoiPhish - The Beautiful Phishing Proxy
11. January 05 McPivot and useful LLDB commands

2018

1. December 16 Pass the Cookie and Pivot to the Clouds

---

2020

1. August 29 A machine learning journey
2. August 28 Beware of the Shadowbunny! at BSides Singapore
3. August 24 Race conditions when applying ACLs
4. August 12 Red Teaming Telemetry Systems
5. July 31 Illusion of Control: Capability Maturity Models and Red Teaming
6. July 24 Motivated Intruder - Red Teaming for Privacy!
7. July 21 Firefox - Debugger Client for Cookie Access
8. July 15 Remotely debugging Firefox instances
9. July 14 Performing port-proxying and port-forwarding on Windows
10. July 01 Blast from the past: Cross Site Scripting on the AWS Console
11. June 30 Feedspot ranked 'Embrace the Red' one of the top 15 pentest blogs
12. June 22 Using built-in OS indexing features for credential hunting
13. June 18 Shadowbunny article published in the PenTest Magazine
14. June 12 Putting system owners in Security Bug Jail
15. June 10 Red Teaming and Monte Carlo Simulations
16. May 24 Phishing metrics - what to track?
17. May 13 $3000 Bug Bounty Award from Mozilla for a successful targeted Credential Hunt
18. May 01 Cookie Crimes and the new Microsoft Edge Browser
19. April 28 Post-Exploitation: Abusing Chrome's debugging feature to observe and control browsing sessions remotely
20. April 26 Hunting for credentials and building a credential type reference catalog
21. April 06 Attack Graphs - How to create and present them
22. April 02 Cybersecurity Attacks - Red Team Strategies has been released.
23. February 15 2600 - The Hacker Quarterly - Pass the Cookie Article
24. February 12 Web Application Security Principles Revisited
25. February 06 Zero Trust and Disabling Remote Management Endpoints

2019

1. December 02 Book: Cybersecurity Attacks - Red Team Strategies
2. October 27 MITRE ATT&CK Update for Cloud and cookies!
3. September 01 Coinbase under attack and cookie theft
4. August 24 Cybersecurity - Homefield Advantage
5. August 24 Now using Hugo for the blog
6. July 03 BashSpray - Simple Password Spray Bash Script
7. June 20 Active Directory and MacOS
8. June 04 Google Leaks Your Alternate Email Addresses to Unauthenticated Users
9. May 21 Lyrebird - Hack the hacker (and take a picture)
10. January 10 KoiPhish - The Beautiful Phishing Proxy
11. January 05 McPivot and useful LLDB commands

2018

1. December 16 Pass the Cookie and Pivot to the Clouds

---

2020

1. August 29 A machine learning journey
2. August 28 Beware of the Shadowbunny! at BSides Singapore
3. August 24 Race conditions when applying ACLs
4. August 12 Red Teaming Telemetry Systems
5. July 31 Illusion of Control: Capability Maturity Models and Red Teaming
6. July 24 Motivated Intruder - Red Teaming for Privacy!
7. July 21 Firefox - Debugger Client for Cookie Access
8. July 15 Remotely debugging Firefox instances
9. July 14 Performing port-proxying and port-forwarding on Windows
10. July 01 Blast from the past: Cross Site Scripting on the AWS Console
11. June 30 Feedspot ranked 'Embrace the Red' one of the top 15 pentest blogs
12. June 22 Using built-in OS indexing features for credential hunting
13. June 18 Shadowbunny article published in the PenTest Magazine
14. June 12 Putting system owners in Security Bug Jail
15. June 10 Red Teaming and Monte Carlo Simulations
16. May 24 Phishing metrics - what to track?
17. May 13 $3000 Bug Bounty Award from Mozilla for a successful targeted Credential Hunt
18. May 01 Cookie Crimes and the new Microsoft Edge Browser
19. April 28 Post-Exploitation: Abusing Chrome's debugging feature to observe and control browsing sessions remotely
20. April 26 Hunting for credentials and building a credential type reference catalog
21. April 06 Attack Graphs - How to create and present them
22. April 02 Cybersecurity Attacks - Red Team Strategies has been released.
23. February 15 2600 - The Hacker Quarterly - Pass the Cookie Article
24. February 12 Web Application Security Principles Revisited
25. February 06 Zero Trust and Disabling Remote Management Endpoints

2019

1. December 02 Book: Cybersecurity Attacks - Red Team Strategies
2. October 27 MITRE ATT&CK Update for Cloud and cookies!
3. September 01 Coinbase under attack and cookie theft
4. August 24 Cybersecurity - Homefield Advantage
5. August 24 Now using Hugo for the blog
6. July 03 BashSpray - Simple Password Spray Bash Script
7. June 20 Active Directory and MacOS
8. June 04 Google Leaks Your Alternate Email Addresses to Unauthenticated Users
9. May 21 Lyrebird - Hack the hacker (and take a picture)
10. January 10 KoiPhish - The Beautiful Phishing Proxy
11. January 05 McPivot and useful LLDB commands

2018

1. December 16 Pass the Cookie and Pivot to the Clouds

---

2020

1. August 29 A machine learning journey
2. August 28 Beware of the Shadowbunny! at BSides Singapore
3. August 24 Race conditions when applying ACLs
4. August 12 Red Teaming Telemetry Systems
5. July 31 Illusion of Control: Capability Maturity Models and Red Teaming
6. July 24 Motivated Intruder - Red Teaming for Privacy!
7. July 21 Firefox - Debugger Client for Cookie Access
8. July 15 Remotely debugging Firefox instances
9. July 14 Performing port-proxying and port-forwarding on Windows
10. July 01 Blast from the past: Cross Site Scripting on the AWS Console
11. June 30 Feedspot ranked 'Embrace the Red' one of the top 15 pentest blogs
12. June 22 Using built-in OS indexing features for credential hunting
13. June 18 Shadowbunny article published in the PenTest Magazine
14. June 12 Putting system owners in Security Bug Jail
15. June 10 Red Teaming and Monte Carlo Simulations
16. May 24 Phishing metrics - what to track?
17. May 13 $3000 Bug Bounty Award from Mozilla for a successful targeted Credential Hunt
18. May 01 Cookie Crimes and the new Microsoft Edge Browser
19. April 28 Post-Exploitation: Abusing Chrome's debugging feature to observe and control browsing sessions remotely
20. April 26 Hunting for credentials and building a credential type reference catalog
21. April 06 Attack Graphs - How to create and present them
22. April 02 Cybersecurity Attacks - Red Team Strategies has been released.
23. February 15 2600 - The Hacker Quarterly - Pass the Cookie Article
24. February 12 Web Application Security Principles Revisited
25. February 06 Zero Trust and Disabling Remote Management Endpoints

2019

1. December 02 Book: Cybersecurity Attacks - Red Team Strategies
2. October 27 MITRE ATT&CK Update for Cloud and cookies!
3. September 01 Coinbase under attack and cookie theft
4. August 24 Cybersecurity - Homefield Advantage
5. August 24 Now using Hugo for the blog
6. July 03 BashSpray - Simple Password Spray Bash Script
7. June 20 Active Directory and MacOS
8. June 04 Google Leaks Your Alternate Email Addresses to Unauthenticated Users
9. May 21 Lyrebird - Hack the hacker (and take a picture)
10. January 10 KoiPhish - The Beautiful Phishing Proxy
11. January 05 McPivot and useful LLDB commands

2018

1. December 16 Pass the Cookie and Pivot to the Clouds

---

2020

1. August 29 A machine learning journey
2. August 28 Beware of the Shadowbunny! at BSides Singapore
3. August 24 Race conditions when applying ACLs
4. August 12 Red Teaming Telemetry Systems
5. July 31 Illusion of Control: Capability Maturity Models and Red Teaming
6. July 24 Motivated Intruder - Red Teaming for Privacy!
7. July 21 Firefox - Debugger Client for Cookie Access
8. July 15 Remotely debugging Firefox instances
9. July 14 Performing port-proxying and port-forwarding on Windows
10. July 01 Blast from the past: Cross Site Scripting on the AWS Console
11. June 30 Feedspot ranked 'Embrace the Red' one of the top 15 pentest blogs
12. June 22 Using built-in OS indexing features for credential hunting
13. June 18 Shadowbunny article published in the PenTest Magazine
14. June 12 Putting system owners in Security Bug Jail
15. June 10 Red Teaming and Monte Carlo Simulations
16. May 24 Phishing metrics - what to track?
17. May 13 $3000 Bug Bounty Award from Mozilla for a successful targeted Credential Hunt
18. May 01 Cookie Crimes and the new Microsoft Edge Browser
19. April 28 Post-Exploitation: Abusing Chrome's debugging feature to observe and control browsing sessions remotely
20. April 26 Hunting for credentials and building a credential type reference catalog
21. April 06 Attack Graphs - How to create and present them
22. April 02 Cybersecurity Attacks - Red Team Strategies has been released.
23. February 15 2600 - The Hacker Quarterly - Pass the Cookie Article
24. February 12 Web Application Security Principles Revisited
25. February 06 Zero Trust and Disabling Remote Management Endpoints

2019

1. December 02 Book: Cybersecurity Attacks - Red Team Strategies
2. October 27 MITRE ATT&CK Update for Cloud and cookies!
3. September 01 Coinbase under attack and cookie theft
4. August 24 Cybersecurity - Homefield Advantage
5. August 24 Now using Hugo for the blog
6. July 03 BashSpray - Simple Password Spray Bash Script
7. June 20 Active Directory and MacOS
8. June 04 Google Leaks Your Alternate Email Addresses to Unauthenticated Users
9. May 21 Lyrebird - Hack the hacker (and take a picture)
10. January 10 KoiPhish - The Beautiful Phishing Proxy
11. January 05 McPivot and useful LLDB commands

2018

1. December 16 Pass the Cookie and Pivot to the Clouds

---

2020

1. August 29 A machine learning journey
2. August 28 Beware of the Shadowbunny! at BSides Singapore
3. August 24 Race conditions when applying ACLs
4. August 12 Red Teaming Telemetry Systems
5. July 31 Illusion of Control: Capability Maturity Models and Red Teaming
6. July 24 Motivated Intruder - Red Teaming for Privacy!
7. July 21 Firefox - Debugger Client for Cookie Access
8. July 15 Remotely debugging Firefox instances
9. July 14 Performing port-proxying and port-forwarding on Windows
10. July 01 Blast from the past: Cross Site Scripting on the AWS Console
11. June 30 Feedspot ranked 'Embrace the Red' one of the top 15 pentest blogs
12. June 22 Using built-in OS indexing features for credential hunting
13. June 18 Shadowbunny article published in the PenTest Magazine
14. June 12 Putting system owners in Security Bug Jail
15. June 10 Red Teaming and Monte Carlo Simulations
16. May 24 Phishing metrics - what to track?
17. May 13 $3000 Bug Bounty Award from Mozilla for a successful targeted Credential Hunt
18. May 01 Cookie Crimes and the new Microsoft Edge Browser
19. April 28 Post-Exploitation: Abusing Chrome's debugging feature to observe and control browsing sessions remotely
20. April 26 Hunting for credentials and building a credential type reference catalog
21. April 06 Attack Graphs - How to create and present them
22. April 02 Cybersecurity Attacks - Red Team Strategies has been released.
23. February 15 2600 - The Hacker Quarterly - Pass the Cookie Article
24. February 12 Web Application Security Principles Revisited
25. February 06 Zero Trust and Disabling Remote Management Endpoints

2019

1. December 02 Book: Cybersecurity Attacks - Red Team Strategies
2. October 27 MITRE ATT&CK Update for Cloud and cookies!
3. September 01 Coinbase under attack and cookie theft
4. August 24 Cybersecurity - Homefield Advantage
5. August 24 Now using Hugo for the blog
6. July 03 BashSpray - Simple Password Spray Bash Script
7. June 20 Active Directory and MacOS
8. June 04 Google Leaks Your Alternate Email Addresses to Unauthenticated Users
9. May 21 Lyrebird - Hack the hacker (and take a picture)
10. January 10 KoiPhish - The Beautiful Phishing Proxy
11. January 05 McPivot and useful LLDB commands

2018

1. December 16 Pass the Cookie and Pivot to the Clouds

---

2020

1. August 29 A machine learning journey
2. August 28 Beware of the Shadowbunny! at BSides Singapore
3. August 24 Race conditions when applying ACLs
4. August 12 Red Teaming Telemetry Systems
5. July 31 Illusion of Control: Capability Maturity Models and Red Teaming
6. July 24 Motivated Intruder - Red Teaming for Privacy!
7. July 21 Firefox - Debugger Client for Cookie Access
8. July 15 Remotely debugging Firefox instances
9. July 14 Performing port-proxying and port-forwarding on Windows
10. July 01 Blast from the past: Cross Site Scripting on the AWS Console
11. June 30 Feedspot ranked 'Embrace the Red' one of the top 15 pentest blogs
12. June 22 Using built-in OS indexing features for credential hunting
13. June 18 Shadowbunny article published in the PenTest Magazine
14. June 12 Putting system owners in Security Bug Jail
15. June 10 Red Teaming and Monte Carlo Simulations
16. May 24 Phishing metrics - what to track?
17. May 13 $3000 Bug Bounty Award from Mozilla for a successful targeted Credential Hunt
18. May 01 Cookie Crimes and the new Microsoft Edge Browser
19. April 28 Post-Exploitation: Abusing Chrome's debugging feature to observe and control browsing sessions remotely
20. April 26 Hunting for credentials and building a credential type reference catalog
21. April 06 Attack Graphs - How to create and present them
22. April 02 Cybersecurity Attacks - Red Team Strategies has been released.
23. February 15 2600 - The Hacker Quarterly - Pass the Cookie Article
24. February 12 Web Application Security Principles Revisited
25. February 06 Zero Trust and Disabling Remote Management Endpoints

2019

1. December 02 Book: Cybersecurity Attacks - Red Team Strategies
2. October 27 MITRE ATT&CK Update for Cloud and cookies!
3. September 01 Coinbase under attack and cookie theft
4. August 24 Cybersecurity - Homefield Advantage
5. August 24 Now using Hugo for the blog
6. July 03 BashSpray - Simple Password Spray Bash Script
7. June 20 Active Directory and MacOS
8. June 04 Google Leaks Your Alternate Email Addresses to Unauthenticated Users
9. May 21 Lyrebird - Hack the hacker (and take a picture)
10. January 10 KoiPhish - The Beautiful Phishing Proxy
11. January 05 McPivot and useful LLDB commands

2018

1. December 16 Pass the Cookie and Pivot to the Clouds

---

2020

1. August 29 A machine learning journey
2. August 28 Beware of the Shadowbunny! at BSides Singapore
3. August 24 Race conditions when applying ACLs
4. August 12 Red Teaming Telemetry Systems
5. July 31 Illusion of Control: Capability Maturity Models and Red Teaming
6. July 24 Motivated Intruder - Red Teaming for Privacy!
7. July 21 Firefox - Debugger Client for Cookie Access
8. July 15 Remotely debugging Firefox instances
9. July 14 Performing port-proxying and port-forwarding on Windows
10. July 01 Blast from the past: Cross Site Scripting on the AWS Console
11. June 30 Feedspot ranked 'Embrace the Red' one of the top 15 pentest blogs
12. June 22 Using built-in OS indexing features for credential hunting
13. June 18 Shadowbunny article published in the PenTest Magazine
14. June 12 Putting system owners in Security Bug Jail
15. June 10 Red Teaming and Monte Carlo Simulations
16. May 24 Phishing metrics - what to track?
17. May 13 $3000 Bug Bounty Award from Mozilla for a successful targeted Credential Hunt
18. May 01 Cookie Crimes and the new Microsoft Edge Browser
19. April 28 Post-Exploitation: Abusing Chrome's debugging feature to observe and control browsing sessions remotely
20. April 26 Hunting for credentials and building a credential type reference catalog
21. April 06 Attack Graphs - How to create and present them
22. April 02 Cybersecurity Attacks - Red Team Strategies has been released.
23. February 15 2600 - The Hacker Quarterly - Pass the Cookie Article
24. February 12 Web Application Security Principles Revisited
25. February 06 Zero Trust and Disabling Remote Management Endpoints

2019

1. December 02 Book: Cybersecurity Attacks - Red Team Strategies
2. October 27 MITRE ATT&CK Update for Cloud and cookies!
3. September 01 Coinbase under attack and cookie theft
4. August 24 Cybersecurity - Homefield Advantage
5. August 24 Now using Hugo for the blog
6. July 03 BashSpray - Simple Password Spray Bash Script
7. June 20 Active Directory and MacOS
8. June 04 Google Leaks Your Alternate Email Addresses to Unauthenticated Users
9. May 21 Lyrebird - Hack the hacker (and take a picture)
10. January 10 KoiPhish - The Beautiful Phishing Proxy
11. January 05 McPivot and useful LLDB commands

2018

1. December 16 Pass the Cookie and Pivot to the Clouds