Phishing: Redressing Microsoft COM Objects

This post will describe how to overcome an embedded Office COM object from looking less than enticing and making it more phish friendly, such as a clickable button.…

Kali Rolling and PowerShell Core

This post provides a resolution to an issue preventing Microsoft Powershell Core from installing on Kali Rolling.…

Attacking Azure Developers: Easy Mode

This post provides various tactics for hunting Microsoft Azure credentials within a DevOps environment. Topics include environment variables, PowerShell AzureRM and the Secret Manager utility.…

Attacking AWS Developers: Stealing Creds from AWS Toolkit

This post reveals how an attacker can leverage a developer's workstation to compromise their AWS credentials and gain access to an ec2 instance.…

Post-Ex: Stealing AWS Credentials

The first of two AWS credential posts, we discuss how to find and use AWS credentials during post-exploitation.…