Our best in class red team can deliver a holistic cyber attack simulation to provide a true evaluation of your organisation’s cyber resilience.
Leverage the team behind the industry-leading Web Application and Mobile Hacker’s Handbook series.
MDSec’s penetration testing team is trusted by companies from the world’s leading technology firms to global financial institutions.
Our certified team work with customers at all stages of the Incident Response lifecycle through our range of proactive and reactive services.
Dec 17th, 2018
Written by: Admin
News
Introduction We recently performed an Insider Threat red team engagement, posing as employees within the company. We were provided with all the benefits of a regular employee (except salary :))…
Oct 26th, 2018
Written by: Admin
ActiveBreach
Sometimes when you are in the middle of an engagement, you will come across a hurdle which requires a quick bit of research, coding, and a little bit of luck….
Sep 27th, 2018
Written by: Admin
ActiveBreach
Constrained Language Mode is a method of restricting PowerShell’s access to functionality such as Add-Type, or many of the reflective methods which can be used to leverage the PowerShell runtime…
Sep 10th, 2018
Written by: Admin
ActiveBreach
During a red team engagement, it is often beneficial to have the ability to quickly and programatically deploy infrastructure. To date, most existing literature has focussed on deploying the server…
Sep 7th, 2018
Written by: Admin
Exploitation
Overview Title: Pulse Secure Client Authentication Bypass Version: Pulse Desktop Client 9.0R1 and 5.3RX before 5.3R5. Researcher(s): Nassar Amin, Ricardo Ramos, Russel Crozier and Dominic Chell Disclosure Date: 01-03-2018 Public Disclosure…
Aug 21st, 2018
Written by: Admin
News
Overview Title: CouchDB Arbitrary Write Local.ini Configuration Authenticated Remote Code Execution Version: <=2.1.1 Researcher: Francesco Oddo at MDSec Labs (https://www.mdsec.co.uk) Disclosure Date: 5/01/2018 Public Disclosure Date: 30/04/2018 Severity: High Description…
Aug 20th, 2018
Written by: Admin
ActiveBreach
System Integrity Protection (sometimes called “rootless”) is a security feature introduced in OS X El Capitan as a way to protect critical system components from all accounts, including the root…
Aug 13th, 2018
Written by: Admin
ActiveBreach
Recently we’ve been looking at MacOS in the context of redteaming, looking at endpoint security products and how they can be evaded on a Mac. I have previously explored Windows…
Aug 2nd, 2018
Written by: Admin
ActiveBreach
You’ve completed your recon, and found that your target is using MacOS… what next? With the increased popularity of MacOS in the enterprise, we are often finding that having phishing…
Jun 25th, 2018
Written by: Admin
ActiveBreach
In April, we released our in-house payload generation tool SharpShooter to demonstrate the automation of some of the nuances in payload creation and evasion of defensive controls. This was generally…