Our best in class red team can deliver a holistic cyber attack simulation to provide a true evaluation of your organisation’s cyber resilience.
Leverage the team behind the industry-leading Web Application and Mobile Hacker’s Handbook series.
MDSec’s penetration testing team is trusted by companies from the world’s leading technology firms to global financial institutions.
Our certified team work with customers at all stages of the Incident Response lifecycle through our range of proactive and reactive services.
Dec 31st, 2020
Written by: Admin
ActiveBreach
Introduction The motivation to bypass user-mode hooks initially began with improving the success rate of process injection. There can be legitimate reasons to perform injection. UI Automation and Active Accessibility will use it…
Oct 20th, 2020
Written by: Admin
ActiveBreach
Overview I started out this research having taken some inspiration from @buffaloverflow‘s Chlonium tool for easily exfiltrating and using a victim’s Chromium based web browser cookies. I was working on…
Oct 15th, 2020
Written by: Admin
ActiveBreach
In a recent red team engagement, we discovered a SharePoint instance that was vulnerable to CVE-2020-1147. I was asked to build a web shell without running any commands to avoid…
Jun 10th, 2020
Written by: Admin
ActiveBreach
Introduction In-memory tradecraft is becoming more and more important for remaining undetected during a red team operation, with it becoming common practice for blue teams to peek in to running…
Apr 10th, 2020
Written by: Admin
Exploitation
The YSoSerial.Net project has become the most popular tool when researching or exploiting deserialisation issues in .NET. We have recently invested some research time to improve this tool to help ourselves and…
Apr 10th, 2020
Written by: Admin
ActiveBreach
Introduction In this blogpost, we will describe a technique that abuses legacy Firefox functionality to achieve command execution in enterprise environments. These capabilities can be used for lateral movement, persistence…
Feb 10th, 2020
Written by: Admin
All
Introduction Back in 2018, PaloAlto Unit42 publicly documented RGDoor, an IIS backdoor used by the APT34. The article highlighted some details which sparked my interest and inspired me to write…
Jul 22nd, 2019
Written by: Admin
ActiveBreach
During our red team operations, we frequently come in contact with organisations using Office 365. The present tooling targeted at this environment is somewhat limited meaning that development is often…
Mar 12th, 2019
Written by: Admin
ActiveBreach
As red teamers regularly operating against mature organisations, we frequently come in to contact with a variety of Endpoint Detection & Response solutions. To better our chances of success in…
Feb 15th, 2019
Written by: Admin
ActiveBreach
Background Cobalt Strike 3.6 introduced a powerful new feature called External C2, providing an interface for custom Command and Control channels. Being a fan of custom C2 channels I started…