Cloud misconfigurations cause 82% of healthcare breaches. Learn which S3, IAM, and network settings put PHI at risk. Find them before attackers do.
Resources
Blog
Infrastructure
Keep up to date with the latest offensive security news, knowledge, and resources.
This blog introduces snickerdoodle, a customized Cookiecutter template designed to help penetration testers quickly create and share complex CLI tools. By automating project setup with features like pre-configured CLI interfaces, Rich logging, and integrated dependency management using Poetry, Snickerdoodle allows security professionals to focus on coding rather than boilerplate setup.
Protecting your infrastructure from prying eyes is an important part of landing a phish and maintaining access to a client’s network. The process of setting up redirectors and reverse proxies has traditionally been difficult and hard to automate across different cloud platforms.
Today, we’re going to solve that problem with our new repository, sneaky_proxy, which will allow you to automate your...
In this article I show you how to create small containers that use up to date tools. By default, the Golang Docker container at its smallest is 123 MB. While seemingly small, this can result in annoying latency and slowness when deploying new tooling at scale...
This is part 3 in a series about managing dropboxes for internal penetration testing.
This part is all about provisioning a dropbox to be used with our OpenVPN server that we setup in [part 2](/resources/penetration-testing-dropbox-setup-part2). Follow this tutorial whenever you need to build a dropbox for a client.
In part 2 we go beyond autossh and create a OpenVPN server that our dropboxes and pentesters will connect to. We'll walk through configurations and certificates needed for seamless connectivity.
