30 Aug

Understanding Common SSL/TLS Misconfigurations

What is Transport Security

Transport Layer Security (TLS) is a series of protocols for encrypted...

29 Oct

Hacking with Git: Git-Shell Proof of Concept

This is release three of three tools from my talk "Hacking with git" which I delivered at...

26 Sep

Hacking with Git: Git-Enum metasploit module release

This is release two of three tools from my talk "Hacking with git" which I delivered at Glasgow...

15 Aug

Near, phar, dangerous Unserialization wherever you are

Our head of research Mr Sam Thomas is back in blighty after delivering his talk "It's a PHP...

5 Jul

ExploitDev: WooCommerce php object injection

RIPS published details for a PHP object injection vulnerability affecting the WooCommerce...

wireshark ct exec
6 Jun

ChunkyTuna - A Web Shell Evolved

TL;DR ChunkyTuna is a web shell that allows near direct access to either the STDIO streams of an...

5 Jun

Hacking with Git: Git-Fingerprint tool release

This is post number two of four dealing with the aftermath of my BSides Glasgow talk. The slides...

15 May

Hacking with Git: The Video & Slides

This is the first post in a series about my talk "hacking with Git" which was delivered at...

19 Apr

Decrypting Mole02 Part Two - Universal Decryption Tool

In the first article [1] of this series, we provided an in-depth analysis of the Mole02...

9 Apr

BSides Glasgow CTF

When we heard that BSides Glasgow was ending without a CTF, or an arranged after party, we asked...

2 Feb

[tool release] BurpExtenderForge


17 Jan

SSRS Attacks Part 2 - Building an Empire

In part 1, we looked at dynamically extracting table data from a compromised SSRS server. We...

8 Jan

SSRS Attacks Part 1 - Dynamic Data Extraction

SQL Server Reporting Services (SSRS) is a reporting engine designed to allow creation,...

14 Dec

In (zero) days gone by - Part 1 - Magento Unauthenticated SQLi (CVE-2011-4781)

Theorizing that one could dredge up old vulnerabilities and blog about them, Sam Thomas stepped...

8 Dec

A bit about Dynamic Data Exchange (DDE)

I gave a talk at the local Glasgow Defcon in December 2017. The slides are available here:

28 Nov

Uploading files to RDP, VNC, or anywhere you can type

RDPUpload is a tool which implements an old technique for uploading files in python. There is...

2 Nov

Setting Service Principal Names to roast accounts

As a continuation of our previous post, we wanted to discuss another technique that can help...

30 Oct

Using machine account passwords during an engagement


Of the many advancements in red teaming over the last 12 months, the development of...

23 Oct

Is Dynamic Data Exchange (DDE) Injection a thing?

This month our old friend Dynamic Data Exchange (DDE) within Microsoft’s office suite has been...

18 Oct

Using NetBeans GUI Designer to make pretty Burp Extenders

In this tutorial I will provide you with a straightforward process that will get you in a...

6 Oct

SOHOpelessly Broken 0-Day Strategy

In July we sent 4 of our team to Defcon with the intention of tackling whatever contests we...

18 Sep

ExplodingCan: A vulnerability review

At the beginning of June, fellow researchers from Secarma published a review of released...

11 Sep

PandwaRF in a Kali VM on a Windows Host

Secarma are getting more requests from customers for product reviews, radio frequency analysis...

16 Aug

Decrypting Mole02 Part One - Malware Profile

Mole02, alleged to be a variant of the CryptoMix Ransomware family, first emerged in June 2017....

4 Jul

A review into Industroyer’s Command & Control Protocol

Recently the world was introduced to ‘Industroyer‘, a malware variant with a focus on...