Blog – Red Siege Information Security

by Ian Briley An IDN homograph attack is just the super ivory-tower way of saying typosquatting using characters not typically found in American English but look close to existing American […]

by Jason Downey Encryption feels like the obvious move against shellcode detection, but it really just trades one problem for another. Sure, the recognizable patterns disappear. But now you’ve got […]

As proud sponsors of Wild West Hackin’ Fest, Red Siege is thrilled to return to Denver for another year of cutting-edge training, insightful talks, and unforgettable experiences. This event is […]

by Stuart Rorer What is SSL Certificate Pinning SSL certificate pinning (HTTPS pinning/TLS pinning) is a security technique that is more often seen applied to mobile applications. However, over the […]

by Stuart Rorer The Q*Bert Effect As a kid I loved playing a game called Q*Bert. You would control this alien-like creature with a long nose like an ant eater […]

by Ian Briley Introduction to buckets: Hello and welcome to the first blog in my series about AWS and being secure while in the cloud. In this blog post we’re […]

by Stuart Rorer A Comedy of Errors It has been said “to err is human, and to forgive divine”. However, I think sometimes it can be said errors come from […]

As proud sponsors of Wild West Hackin’ Fest, Red Siege is excited to return to Deadwood for another year of cutting-edge training, engaging talks, and unique experiences. The event is […]

by Ian Briley Let’s be honest, when starting a new skill or interest, one of the largest hurdles is setting up an environment//playground//attack range for your learning activities. Sometimes it […]

Kerberoasting, Microsoft, and a Senator When I came up with Kerberoasting in 2014, I never thought it would live for more than a year or two. I (erroneously) thought that […]

by Ian Briley To get around a DLP (Data Loss Prevention) implementation, you don’t need a fancy C2 setup to exfil your treasures. In fact, it’s incredibly easy using native […]

by Justin Palk ProxyChains is a great tool for running Linux-based tools, such as those in Impacket, and everything built on top of them, but sometimes there’s a .NET tool […]

by Justin Palk Oftentimes on an assumed breach test, we need or want to run tools on our local Kali VM and proxy them into the client’s network over a […]

by Larry Ellis Background Coming off my time in the defensive world in the military, I’ve always had an interest in web application testing. Flipping the script from out-thinking an […]

by Stuart Rorer Open Redirection Whenever I think of open redirection, I think of Super Mario games and the green plumbing pipes. By hopping into one I can easily transport […]

by Stuart Rorer Hide and Seek I always loved playing hide and seek as a kid, our house had a laundry chute in the upstairs bathroom which made it easy […]

by Douglas Berdeaux Determining where in your software development lifecycle (SDLC) to have a penetration test carried out can be tricky. This article aims to guide new development shops at […]

by Stuart Rorer Never Satisfied I was something of a devious child, always coming up with schemes. One that worked well was when my parents would go through the drive […]

by Douglas Berdeaux Introduction Authentication and Authorization in web application penetration testing are so closely related, that it’s easy to confuse the two. This article aims to outline each process, […]

by Jason Downey The Vendor Requirement The final entry in The Aftermath blog series. At this point, I had successfully social engineered credentials, bypassed multifactor authentication, and established command and […]