Graph-XUnquoted paths. They’re not just for services anymore.Recently I read a really interesting article on obfuscating file execution using NTFS short file names. I was looking to see if placing a…Sep 22, 2020Sep 22, 2020
Graph-XDigging Into Registry Persistence: Sometimes Rabbit Holes Yield Unexpected SurprisesI’m going to switch things up a bit from appsec posts and write a couple of posts about something I’ve been playing with in the malware I…Sep 30, 2019Sep 30, 2019
Graph-XHead To Head Lock Board ChallengeThis has been sitting as a draft for a year or so, but I recently found some extra time on my hands courtesy of circumstances that are…Jul 30, 20191Jul 30, 20191
Graph-XDiscovering and Exploiting API Attack Surface Using Client-Side JavascriptHave you ever been on an engagement where the client, while providing you with the information you needed to start, didn’t give you the…Jul 5, 2019Jul 5, 2019
Graph-XA New Kind of Web Application Penetration TestRecently, I was put in a situation that many internal red team and penetration testers face. A product needed to go live by a certain date…Dec 18, 2018Dec 18, 2018
Graph-XHow I Got Cylance To Commit Seppuku02/19/2019 Update: In the lastest update to Cylance Protect, this bug has been fixed. You can no longer uninstall the CylanceSvc service…Sep 24, 2018Sep 24, 2018