Our Blog

ACE to RCE

Reading time: ~20 min
tl;dr: In this writeup I am going to describe how to abuse a GenericWrite ACE misconfiguration in Active Directory to...

Resurrecting an old AMSI Bypass

Reading time: ~11 min
While working on DoubleAgent as part of the Introduction To Red Teaming course we’re developing for RingZer0, I had a...

MAPI over HTTP and Mailrule Pwnage

Reading time: ~8 min
History In December 2015 Silent Break Security wrote about “Malicious Outlook Rules” and using these to get a remote shell....

Bringing the hashes home with reGeorg & Empire

Reading time: ~4 min
Is not a hack until you are 3 tunnels deep – Ian de Villiers External assessments. It’s about not only...