Bypassing Client Side Controls

Circumventing web application client side controls.

API Testing

Exploiting REST based API’s.

Content Security Policies

Identifying and exploiting CSP misconfigurations.

Server Side Request Forgery

Exploiting SSRF vulnerabilities.

JSON Web Tokens

Modifying JWT values to elevate privileges.

Mockingjay Injection

Exploiting pre-existing RWX memory regions.

Linux Authentication

Attacking PAM and SSSD.

Pentesting AIX

Targeting IBM’s Advanced Interactive eXecutive Operating System.

Cryptographic Backdoors

Modifying IV values to introduce backdoors in AES-GCM.

BitLocker

Unlocking TPM protected drives.

Hell’s Gate

Dynamic syscall number resolution.

Cloudfront C2 Redirectors

Hiding command and control traffic within AWS Cloudfront.