Our best in class red team can deliver a holistic cyber attack simulation to provide a true evaluation of your organisation’s cyber resilience.
Leverage the team behind the industry-leading Web Application and Mobile Hacker’s Handbook series.
MDSec’s penetration testing team is trusted by companies from the world’s leading technology firms to global financial institutions.
Our certified team work with customers at all stages of the Incident Response lifecycle through our range of proactive and reactive services.
May 26th, 2019
Written by: Admin
ActiveBreach
In the first post I talked about my favourite persistence technique using Microsoft Office add-ins and templates. My second favourite technique for persistence is using COM hijacking which will be…
May 26th, 2019
Written by: Admin
ActiveBreach
During a red team engagement, one of the first things you may want to do after obtaining initial access is establish reliable persistence on the endpoint. Being able to streamline…
Mar 12th, 2019
Written by: Admin
ActiveBreach
As red teamers regularly operating against mature organisations, we frequently come in to contact with a variety of Endpoint Detection & Response solutions. To better our chances of success in…
Feb 15th, 2019
Written by: Admin
ActiveBreach
Background Cobalt Strike 3.6 introduced a powerful new feature called External C2, providing an interface for custom Command and Control channels. Being a fan of custom C2 channels I started…
Feb 13th, 2019
Written by: Admin
ActiveBreach
In March 2018 we released SharpShooter, a framework for red team payload generation. We followed up with further updates and new techniques in June. Like many offensive tools, the framework…
Jan 22nd, 2019
Written by: Admin
ActiveBreach
Background The Office add-ins platform allows developers to extend Office applications and interact with document content. Add-ins are built using HTML, CSS and JavaScript, with JavaScript being used to interact…
Sep 27th, 2018
Written by: Admin
ActiveBreach
Constrained Language Mode is a method of restricting PowerShell’s access to functionality such as Add-Type, or many of the reflective methods which can be used to leverage the PowerShell runtime…
Sep 10th, 2018
Written by: Admin
ActiveBreach
During a red team engagement, it is often beneficial to have the ability to quickly and programatically deploy infrastructure. To date, most existing literature has focussed on deploying the server…
Sep 7th, 2018
Written by: Admin
Exploitation
Overview Title: Pulse Secure Client Authentication Bypass Version: Pulse Desktop Client 9.0R1 and 5.3RX before 5.3R5. Researcher(s): Nassar Amin, Ricardo Ramos, Russel Crozier and Dominic Chell Disclosure Date: 01-03-2018 Public Disclosure…
Aug 20th, 2018
Written by: Admin
ActiveBreach
System Integrity Protection (sometimes called “rootless”) is a security feature introduced in OS X El Capitan as a way to protect critical system components from all accounts, including the root…