Atomic Red Team Windows Execution Engine

Atomic Red Team is an excellent collection of commands, activities, and other Indicators of Compromise (IoCs) developed and maintained by Red Canary that your blue team can benchmark against to hone their craft. We’ve loved using the Atomic tests as a reference and have developed a GUI-based execution engine…

MuleSoft Runtime < 3.8 Unauthenticated RCE (CVE-2019-13116)

This blog post details a pre-authentication deserialization exploit in MuleSoft Runtime prior to version 3.8. During a recent Web Application penetration test, Tevora observed some interesting headers being returned within the application data flow. The headers contained a character sequence that should raise an immediate red flag to pentesters:…

Smoke and Mirrors | Red Teaming with Physical Penetration Testing and Social Engineering

In this post, we will illustrate the roadmap of a physical penetration test and advise how to successfully infiltrate into a corporate environment. This post should be able to clarify areas of focus for a successful physical engagement with an emphasis on social engineering. A successful social engineering campaign or…

Scout

Surveillance Detection Scout Your Lookout on Autopilot Presented at DEFCON 27. Release: Surveillance Detection Scout is a hardware and software stack that makes use of your Tesla's cameras to tell you if you're being followed in real-time. The name, as you likely gathered, pays homage to the ever-effective "Surveillance…

Public Trust with PEAP Networks

PEAP Basics With PEAP networks, authentication is performed via an MSChap handshake protected by a TLS tunnel. Since MSChap has been effectively broken (GHOST_URL/quick-tip-crack-ntlmv1-handshakes-with-crack-sh/) for years, the TLS tunnel is essentially the only security provided. Since the TLS tunnel is the key security control, the security of a…