Our best in class red team can deliver a holistic cyber attack simulation to provide a true evaluation of your organisation’s cyber resilience.
Leverage the team behind the industry-leading Web Application and Mobile Hacker’s Handbook series.
MDSec’s penetration testing team is trusted by companies from the world’s leading technology firms to global financial institutions.
Our certified team work with customers at all stages of the Incident Response lifecycle through our range of proactive and reactive services.
May 10th, 2020
Written by: Admin
All
Introduction LaTeX is a document typesetting system that takes a plaintext file, stylised using mark-up tags similar to HTML or CSS, and converts this into a high-quality document for displaying…
May 10th, 2020
Written by: Admin
ActiveBreach
Introduction During Red Team Operations, it is not uncommon to find systems or applications related to the engagement objectives being protected by Two Factor Authentication. One of the solutions that…
Apr 10th, 2020
Written by: Admin
Exploitation
The YSoSerial.Net project has become the most popular tool when researching or exploiting deserialisation issues in .NET. We have recently invested some research time to improve this tool to help ourselves and…
Apr 10th, 2020
Written by: Admin
ActiveBreach
Introduction In this blogpost, we will describe a technique that abuses legacy Firefox functionality to achieve command execution in enterprise environments. These capabilities can be used for lateral movement, persistence…
Apr 10th, 2020
Written by: Admin
ActiveBreach
As some of you will know, we have recently entered into the Red Team training space. Before deciding to create our course now known as “Adversary Simulation and Red Team…
Mar 24th, 2020
Written by: Admin
ActiveBreach
After the introduction of PowerShell detection capabilities, attackers did what you expect and migrated over to less scrutinised technologies, such as .NET. Fast-forward a few years and many of us…
Mar 10th, 2020
Written by: Admin
ActiveBreach
Introduction Actions is a CI/CD pipeline, built into GitHub, which was made generally available back in November 2019. Actions allows us to build, test and deploy our code based on triggers…
Mar 10th, 2020
Written by: Admin
All
Introduction If you have worked with SharePoint, you have seen two types of ASPX pages: Application pages are not customisable. They are stored on the file system and are used…
Feb 10th, 2020
Written by: Admin
ActiveBreach
Introduction Credential recovery is a common tactic for red team operators and of particular interest are persistently stored, remote access credentials as these may provide an opportunity to move laterally…
Feb 10th, 2020
Written by: Admin
All
Introduction Back in 2018, PaloAlto Unit42 publicly documented RGDoor, an IIS backdoor used by the APT34. The article highlighted some details which sparked my interest and inspired me to write…