Our best in class red team can deliver a holistic cyber attack simulation to provide a true evaluation of your organisation’s cyber resilience.
Leverage the team behind the industry-leading Web Application and Mobile Hacker’s Handbook series.
MDSec’s penetration testing team is trusted by companies from the world’s leading technology firms to global financial institutions.
Our certified team work with customers at all stages of the Incident Response lifecycle through our range of proactive and reactive services.
Sep 15th, 2021
Written by: Admin
ActiveBreach
As part of Microsoft Exchange April and May 2021 patch, several important vulnerabilities were fixed which could lead to code execution or e-mail hijacking. Any outdated and exposed Exchange server…
Jun 17th, 2021
Written by: Admin
ActiveBreach
As security teams continue to advance, it has become essential for attacker’s to have complete control over every part of their operation, from the infrastructure down to individual actions that…
Mar 9th, 2021
Written by: Admin
ActiveBreach
Introduction When looking for new interesting attack surfaces in Windows, I’ve often looked to default file handlers and LOLBins. Another interesting place to look is the default protocol handlers and…
Feb 22nd, 2021
Written by: Admin
ActiveBreach
Overview In the ActiveBreach red team, we’re always looking for innovative approaches for lateral movement and privilege escalation. For many of the environments we operate in, focusing on the classic…
Jan 14th, 2021
Written by: Admin
ActiveBreach
Overview It’s no secret that macOS post-exploitation is often centric around targeting the installed apps for privilege escalation, persistence and more. Indeed, we’ve previously posted about approaches for code injection…
Jan 12th, 2021
Written by: Admin
ActiveBreach
Web browsers are inherently trusted by users. They are trained to trust websites which “have a padlock in the address bar” and that “have the correct name”, This trust leads…
Dec 31st, 2020
Written by: Admin
ActiveBreach
Introduction The motivation to bypass user-mode hooks initially began with improving the success rate of process injection. There can be legitimate reasons to perform injection. UI Automation and Active Accessibility will use it…
Nov 23rd, 2020
Written by: Admin
ActiveBreach
Introduction Low privileged, user land persistence techniques are worth their weight in gold, as there are far fewer opportunities from this perspective than when you’re elevated. As such, we are…
Oct 20th, 2020
Written by: Admin
ActiveBreach
Overview I started out this research having taken some inspiration from @buffaloverflow‘s Chlonium tool for easily exfiltrating and using a victim’s Chromium based web browser cookies. I was working on…
Oct 15th, 2020
Written by: Admin
ActiveBreach
In a recent red team engagement, we discovered a SharePoint instance that was vulnerable to CVE-2020-1147. I was asked to build a web shell without running any commands to avoid…