Imagine never having to remember a password again. To some this might sound crazy, but by combining time-tested cryptography and new technological advancements, this far-fetched proposition is possible. Multi-party computation (MPC) protocols allow ... READ MORE
Main Content
From the War Room Blog
Building a Vulnerable Box – HTML5 VPN Portal
Years ago, I wrote a series of posts covering the basics of building and exploiting vulnerable machines for learning purposes. With my two most recent posts covering virtual labs, it seems like an appropriate time to revisit the topic. I've used ... READ MORE
Building a Lab Network – Faux Corporate Networks
Last month, I mentioned the possibility of setting up a second virtual firewall in a lab environment to simulate a corporate network with mock internal and external spaces. I frequently do this for CTFs, student pentesting projects, and more. ... READ MORE
SAP RECON CVE-2020-6287
On July 13, 2020, SAP software released a patch impacting the SAP NetWeaver Application Server Java versions 7.5 and earlier. The vulnerability dubbed RECON (Remotely Exploitable Code on NetWeaver) Specifically targets SAP NetWeaver Java while ... READ MORE
Building a Lab Network in Proxmox and Sophos UTM9
One of the best ways to acquire and maintain an offensive security skill set is to build a home lab and populate it with intentionally vulnerable machines. The most straightforward option is to simply spin up VMs in VirtualBox or VMWare Player and ... READ MORE
Office 365—Magic Logs Uncovered
The Dark Ages According to the FBI’s 2019 IC3 report, the IC3 unit received 23,775 business email compromise (BEC) complaints with losses of over $1.7 billion (FBI IC3 Report[1]). We have found that, first and foremost, threat actors are trying to ... READ MORE