Cybersecurity

Intro Back in February of 2020 Karl Fosaaen published a great blog post about abusing Managed Identity (MI) assignments, specifically those assigned to a Virtual Machine running in Azure. Karl’s blog outlines the scenarios in which privilege escalation may be possible by first executing commands on the VM, then getting a…

HackPark (“tryhackme”, 2019) is a TryHackMe tutorial room that has the user “[b]ruteforce a websites login with Hydra, identify and use a public exploit then escalate your privileges on this Windows machine” (quoted verbatim from Ibid). This was an interesting room (for me at least). It took me nearly a…

Summary: Amidst Us was an easy, white box challenge during the 2022 HacktheBox Cyber Apocalypse CTF. My team retrieved the flag by exploiting a vulnerability in the Pillow 8.4.0 library via command injection. You wouldn’t download and run an application from a sketchy website would you? …

Intro: — I was always not an ethical hacker, bearing the word ethical in mind. I used to create a lot of fuzz and get things done my way. I have a lot of stories from hacking my school to governments but this is one of my favorites. BACKSTORY: My friend is studying…

Susa Ventures is excited to announce our investment in LimaCharlie, a remote-first company that offers security infrastructure as a service. We led the round, with participation from Sands Capital, Long Journey, SNR.vc, CoFound Partners, and many other great investors. …

This article provides a basic overview of how the Kerberos authentication protocol works. In this article, we will explore the basic functionality or Kerberos and how it is used in Active Directory. Kerberos is a large topic and this article will only cover the fundamentals, so with that being said…

This pioneering blockchain project is specifically focused on cyber threats against the humanitarian sector. Davos, Switzerland, May 24, 2022 — Today, we announced a strategic collaboration in cybersecurity to defend humanitarian organizations against targeted cyberattacks is announced today between the CyberPeace Institute, a Geneva-based non-governmental organization (NGO) whose mission is…

An Attacker Perspective — Ethereum was first introduced in the early 2015s, and most of us are now aware that it is a public blockchain network where anyone with network access could view transactions made by others. For the same reason, storing sensitive data in Ethereum poses a significant risk. However, how does…

How does this work exactly? Thinking about attack vectors. — Google Project Zero, always the source of amazing security research, found a flaw in Zoom that lets attackers download malware to your machine using the chat window. …