Bypassing BitLocker Encryption: Bitpixie PoC and WinPE Edition

Depending on the customer’s preference, possible initial access vectors in our red teaming exercises typically include deployment of dropboxes,…

Weiterlesen

Introducing EntraFalcon – A Tool to Enumerate Entra ID Objects and Assignments

TL;DR: PowerShell tool to enumerate Entra ID objects, assignments and identify highly privileged objects or risky configurations.…

Weiterlesen

300 Milliseconds to Admin: Mastering DLL Hijacking and Hooking to Win the Race (CVE-2025-24076 and CVE-2025-24994)

As a pentester you are sometimes thrown into projects where you have no idea where you are going to end up. This project was one of those where you…

Weiterlesen

I wannabe Red Team Operator

Red Team Operator. A hype-tagged role tag for which one question hits our corporate LinkedIn inbox very often. “Hey there, how can I become a Red Team…

Weiterlesen

Bypassing Web Filters Part 4: Host Header Spoofing & Domain Fronting Detection Bypasses

In the previous posts of this series, we looked at different ways to bypass web filters, such as Host header spoofing and domain fronting. As we’ve…

Weiterlesen