by Mike Saunders | May 10, 2021 | Blog Posts
If you want to execute arbitrary code on an endpoint during a penetration test, chances are you’ll have to evade some kind of antivirus solution. AV engines use two detection methods to identify malicious code – signature-based and heuristic-based...
by Justin Connors | Apr 20, 2021 | Blog Posts
Join us for the next SiegeCast with Senior Security Consultant, Charles Shirer ( @bsdbandit) Charles is talking about Cloud Penetration Testing within both AWS and Azure environments from start to finish. The Kickoff Call all the way to the Report. April 27th at 3pm...
by Charles Shirer | Mar 22, 2021 | Blog Posts
The intent of this blog is to help penetration testers and security researchers get a deeper understanding of the OAuth protocol. We are going to learn how to bypass authentication using OAuth’s implicit flow. Before we attack OAuth we need to have an...
by Jason Downey | Feb 10, 2021 | Blog Posts
This blog is the first of three in a series to go over some basic networking fundamentals that every security professional should know. These blogs are geared towards the absolute beginner and will cover a lot of different topics at a high level. These blog posts are...
by Justin Connors | Jan 11, 2021 | Blog Posts
SIEGECAST: WEB API WEAKNESSES Penetration testing Web API’s can be difficult without an effective approach, so Charles Shirer is here to provide you with a few tips and tricks! Charles breaks down the fundamentals of hacking Web API’s and the methodology...
