by Red Siege | Aug 9, 2021 | Blog Posts
From Justin Palk, Security Consultant: I’ll be honest, it feels good to win. Popping a shell sends a shiver down my spine. But getting into a duel with another team working the same environment? Both trying to reach the same goal, being able to see how close you...
by Red Siege | Mar 22, 2021 | Blog Posts
The intent of this blog is to help penetration testers and security researchers get a deeper understanding of the OAuth protocol. We are going to learn how to bypass authentication using OAuth’s implicit flow. Before we attack OAuth we need to have an...
by Red Siege | Feb 10, 2021 | Blog Posts
This blog is the first of three in a series to go over some basic networking fundamentals that every security professional should know. These blogs are geared towards the absolute beginner and will cover a lot of different topics at a high level. These blog posts are...
by Justin Connors | Jan 11, 2021 | Blog Posts
SIEGECAST: WEB API WEAKNESSES Penetration testing Web API’s can be difficult without an effective approach, so Charles Shirer is here to provide you with a few tips and tricks! Charles breaks down the fundamentals of hacking Web API’s and the methodology...
by Mike Saunders | Jan 6, 2021 | Blog Posts
I recently performed an assumed breach test against what I would consider an Apex Defender organization. The security team is smart, well-funded, extremely capable, and resourceful. The team has both hardened systems and instrumented great logging and monitoring....
