on security, rift, stacktitan, redteam, blueteam

Learn the Blue to Improve the Red (Part 1)

The only way to get better at offense is to understand the obstacles one may encounter. Learn how to navigate system log data to use it to your advantage. This is the first of many posts around the topic of defense and operational security.…

on security, rift, stacktitan, development

Postman+Burp Macros and Asymmetrical API Testing

This post will walkthrough using Postman+Burp macros to test asymmetrical APIs…

on security, rift, cloud, aws, stacktitan, egress, webdav, letsencrypt, apache, opsec, pentest, adversary

Secure WebDav Egress: AMZ EC2, Apache, and Let's Encrypt

This post will describe the process to setup an AWS EC2 webdav instance with valid Let's Encrypt certificates. This could be used in attacks where the adversary controls the UNC path and wants an alternative encrypted webdav solution.…

on security, rift, phish, stacktitan

Phishing: Redressing Microsoft COM Objects

This post will describe how to overcome an embedded Office COM object from looking less than enticing and making it more phish friendly, such as a clickable button.…

on security, rift, cloud, kali, powershell, core

Kali Rolling and PowerShell Core

This post provides a resolution to an issue preventing Microsoft Powershell Core from installing on Kali Rolling.…