Black Hat Go Training

STACKTITAN is proud to announce that founders | principals Dan Kottmann (@djkottmann) and Chris Patten (@packetassailant) will be presenting a 1-day training course at Kernelcon on 3/26/2020 in Omaha, Nebraska. Join the authors in an interactive training course designed around their recent book, Black Hat Go. The course will…

Black Hat Go

STACKTITAN is proud to announce the official release date for Black Hat Go, a book co-authored by STACKTITAN founders | principals Dan Kottmann (@djkottmann) and Chris Patten (@packetassailant). The book, published by No Starch, provides an in-depth guide on using the Go programming language for the development of offensive security tools.…

on security, rift, stacktitan, development

Postman+Burp Macros and Asymmetrical API Testing

This post will walkthrough using Postman+Burp macros to test asymmetrical APIs…

on security, rift, cloud, aws, stacktitan, egress, webdav, letsencrypt, apache, opsec, pentest, adversary

Secure WebDav Egress: AMZ EC2, Apache, and Let's Encrypt

This post will describe the process to setup an AWS EC2 webdav instance with valid Let's Encrypt certificates. This could be used in attacks where the adversary controls the UNC path and wants an alternative encrypted webdav solution.…

on security, rift, phish, stacktitan

Phishing: Redressing Microsoft COM Objects

This post will describe how to overcome an embedded Office COM object from looking less than enticing and making it more phish friendly, such as a clickable button.…