Sign in Subscribe

d3d (M. B. Johnson)

d3d (M. B. Johnson)

Security Researcher | Synack Red Team | Founder of Malicious Group Research | Threat Intelligence | Cannabis Connoisseur | Malus Coetus - Tertia Optionem

HTTP is dead... Long live HTTP?!

HTTP is dead... Long live HTTP?!

In this paper I will expose how HTTP's evolution has created exploitable security flaws. I'll demonstrate practical attacks like request smuggling and cache poisoning, and provide tactical approaches for security professionals to address these vulnerabilities.

From Akamai to F5 to NTLM... with love.

From Akamai to F5 to NTLM... with love.

In this paper I will expose critical flaws in Akamai's implementation that lead to NTLM credential exposure. I'll demonstrate how these vulnerabilities chain across F5 infrastructure, presenting attack techniques and essential mitigations for defenders.

Writing your own RDI /sRDI loader using C and ASM

Writing your own RDI /sRDI loader using C and ASM

In this post, I am going to show the readers how to write their own RDI/sRDI loader in C, and then show how to optimize the code to make it fully position independent.

Automating C2 Infrastructure with Terraform, Nebula, Caddy and Cobalt Strike

Automating C2 Infrastructure with Terraform, Nebula, Caddy and Cobalt Strike

In this post, I am going to show the readers how to build a fully automated C2 infrastructure using Terraform with Nebula's end-to-end encryption backend communication layer.

From SKID to SAVAGE by abusing OST and Telegram services.

From SKID to SAVAGE by abusing OST and Telegram services.

In this post, I am going to show readers how easy it is for up-and-coming threat actors to completely compromise, then possibly extort large companies with very little effort by abusing openly available resources.