Rio

Happy to announce I'll be speaking at @x33fcon this summer demonstrating some novel approaches to post exploitation tradecraft https://www.x33fcon.com/#!s/dominicc.md 

"This course is not just about learning how to run tools, students will learn how the tools work under the hood as well as how to develop and customise their own; an essential skill for any red teamer." <--- this right here. Looking for a red team training? Look no further.https://twitter.com/MDSecLabs/status/1223190591934279682 …

@irsdl’s first post is a writeup for an RCE in SharePoint https://www.mdsec.co.uk/2020/01/code-injection-in-workflows-leading-to-sharepoint-rce-cve-2020-0646/ …

Awesome work finding an RCE in SharePoint by @irsdl which also affected SharePoint Onlinehttps://twitter.com/MDSecLabs/status/1223280822700138497 …

Very excited to announce @_xpn_ and me will be bringing our #redteam training to Vegas this August for @BlackHatEvents https://www.blackhat.com/us-20/training/schedule/index.html#adversary-simulation-and-red-team-tactics-18511 … - we'll follow up soon with some revelations on what makes this course so exciting!

I found this article to be excellent. From building Windbg Tooling to working exploits. Its a dense and rich read. Really well done. I thought. Introduction to SpiderMonkey exploitation. https://doar-e.github.io/blog/2018/11/19/introduction-to-spidermonkey-exploitation/ …

Qualys Security Advisory: LPE and RCE (CVE-2020-7247) in OpenSMTPD, OpenBSD's mail server. Erroneous logic in smtp_mailaddr() which validates user and domain. More details and PoC at: https://www.openwall.com/lists/oss-security/2020/01/28/3 … PS: "Did you ever play tic-tac-toe?"

Open Wifi Security (Friday evening rant) 1) Yes, at our @nordic_choice hotels we have open wifi as standard. No Client<->AP encryption (WPA/23), and no captive portal to logon to. Let me first explain some obvious reasons for doing so. (Often disregarded by infosec pros.)