Our best in class red team can deliver a holistic cyber attack simulation to provide a true evaluation of your organisation’s cyber resilience.
Leverage the team behind the industry-leading Web Application and Mobile Hacker’s Handbook series.
MDSec’s penetration testing team is trusted by companies from the world’s leading technology firms to global financial institutions.
Our certified team work with customers at all stages of the Incident Response lifecycle through our range of proactive and reactive services.
Mar 14th, 2023
Written by: Admin
ActiveBreach
Date: 14th March 2023 Today saw Microsoft patch an interesting vulnerability in Microsoft Outlook. The vulnerability is described as follows: Microsoft Office Outlook contains a privilege escalation vulnerability that allows…
Nov 23rd, 2022
Written by: Admin
ActiveBreach
Recently, Proofpoint released a blog post entitled “Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice”. In this post, Proofpoint outlined a campaign used by a legitimate red…
Nov 1st, 2022
Written by: Admin
ActiveBreach
November 1st 2022 This Halloween week brings our third and final Nighthawk release for the year and its packed with exciting new features, backed by MDSec’s world class research and…
Oct 26th, 2022
Written by: Admin
ActiveBreach
The use of the AutodialDLL registry subkey (located in HKLM\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters) as a persistence method has been previously documented by @Hexacorn in his series Beyond good ol’ Run key, (Part 24)….
Oct 19th, 2022
Written by: Admin
ActiveBreach
Microsoft’s Office Online Server is the next generation of Office Web Apps Server; it provides a browser based viewer/editor for Word, PowerPoint, Excel and OneNote documents. The product can be…
Oct 12th, 2022
Written by: Admin
ActiveBreach
Having been in IT longer than I care to remember, one issue keeps coming up. It doesn’t matter how well you have implemented <insert security mechanism> what really matters is…
Aug 3rd, 2022
Written by: Admin
ActiveBreach
Introduction In part one, we introduced generic approaches to performing threat hunting of C2 frameworks and then followed it up with practical examples against Cobalt Strike in part two. In…
Aug 2nd, 2022
Written by: Admin
ActiveBreach
Introduction Process enumeration is necessary prior to injecting shellcode or dumping memory. Threat actors tend to favour using CreateToolhelp32Snapshot with Process32First and Process32Next to gather a list of running processes….
Jul 25th, 2022
Written by: Admin
ActiveBreach
Cobalt Strike is one of the most popular command-and-control frameworks, favoured by red teams and threat actors alike. In this blog post we will discuss strategies that can be used…
Jul 22nd, 2022
Written by: Admin
ActiveBreach
Introduction Its no secret that MDSec provides a commercial command-and-control framework with a focus on evasion for covert operations. With this in mind, we are continuously performing on-going R&D in…