Attacking SAML implementations

SAML and SAML Attacks Recently a client mentioned that they wanted me to pay particular attention to the SAML authentication on an app I was going to be testing. It's been a while since I've done anything with SAML, so I thought I'd refresh myself on SAML basics and...

read more

SiegeCast: Properly Preparing for a Pentest

October 26th at 3pm Eastern. Defenders, we know you want to make sure you are getting the maximum value from your penetration test. On this SiegeCast, Senior Security Consultant Alex Norman will go over some of the tips, techniques and pitfalls we've discovered in our...

read more

SiegeCast: Cobalt Strike Basics

Sept 14th at 3pm Eastern. Tim Medin breaks down everything you need to know about Cobalt Strike with its very own Tech Director, Joe Vest How to watch: Youtube: Twitch:   > DOWNLOAD SLIDES HERE <...

read more

Bypassing Signature-Based AV

If you want to execute arbitrary code on an endpoint during a penetration test, red team, or assumed breach, chances are you'll have to evade some kind of antivirus solution. AV engines use two detection methods to identify malicious code – signature-based and...

read more

SiegeCast: The Way of the Spray

August 24th at 3pm Eastern. In a world where the security landscape is ever changing, weak passwords and an attackers ability to leverage that weakness is the gift that keeps on giving. In this talk Jason goes over password spraying tools, techniques, and tips, that...

read more

Now Streaming SiegeCasts!

We are excited to bring you this brand new SiegeCast in a fresh new format!  On August 24th at 3pm Eastern the new SiegeCast from  Security Consultant Jason Downey will be live on multiple streaming platforms. We want you to be able to watch your next SiegeCast on...

read more

Sans Core Netwars Tournament of Champions Europe

From Justin Palk, Security Consultant: I'll be honest, it feels good to win. Popping a shell sends a shiver down my spine. But getting into a duel with another team working the same environment? Both trying to reach the same goal, being able to see how close you are...

read more

Hacking OAuth2.0

The intent of this blog is to help penetration testers and security researchers get a deeper understanding of the OAuth protocol. We are going to learn how to bypass authentication using OAuth's implicit flow. Before we attack OAuth we need to have an understanding on...

read more

Networking Fundamentals Part I

This blog is the first of three in a series to go over some basic networking fundamentals that every security professional should know. These blogs are geared towards the absolute beginner and will cover a lot of different topics at a high level. These blog posts are...

read more


Search the blog

Never miss a blog or webcast!
No spam. No junk. Just notifications on new content. SUBSCRIBE!