Kyle MisteleA Beginner’s Guide to EDR EvasionOr, how to get past Crowdstrike/Defender ATP/Carbon Black on your next engagement16 min read·Sep 25, 2021----
Kyle MisteleDumping Stored Enterprise Wifi Credentials with Invoke-WifiSquidLearn how to decrypt stored WiFi network credentials with a new PowerShell tool8 min read·Jun 28, 2021----
Kyle MisteleStealing Saved Browser Passwords: Your New Favorite Post-Exploitation TechniqueLearn how to dump passwords from common browsers for post-exploitation and lateral movement8 min read·Jun 24, 2021----
Kyle MisteleImpacket Deep Dives Vol. 2: Attacking KerberosThere are lots of tools out there for attacking Kerberos, but lots of them are written in PowerShell, so they don’t work well with Linux.6 min read·Jun 5, 2021----
Kyle MisteleImpacket Deep Dives Vol. 1: Command ExecutionPwn all the things7 min read·Mar 31, 2021--2--2
Kyle MisteleinCodeLighthouseXSS: What it is, how it works, and how to prevent itIf you’re a developer, chances are that you’ve heard of cross-site scripting. Cross-site scripting, commonly known as XSS, is one of the…7 min read·Jan 18, 2021--2--2
Kyle MisteleinCodeLighthouseDemystifying JWT: How to secure your next web appHow are you securing your web applications? Are you using session cookies? Third party-based authentication? SAML? Today I’m going to…6 min read·Jan 5, 2021----
Kyle MisteleinCodeLighthouseHow to securely hash and store passwords in your next applicationAre you hashing your user’s passwords? More importantly, are you doing it correctly? There’s a lot of information out there on password…5 min read·Dec 27, 2020----
Kyle MisteleinCodeLighthouseBotocore is awful, so I wrote a better Python client for AWS S3If you’ve ever been unfortunate enough to have had to work with botocore, Amazon Web Services’ Python API, you know that it’s awful. There…4 min read·Dec 22, 2020----