tldr; ServiceNow had a feature that exposed credentials to hundreds (if not thousands) of their customers ServiceNow instances. These credentials varied from limited permissions, to full administrative access to the ServiceNow instance. The vulnerability was patched on October 8th, 2020. ServiceNow has a feature, that when configured, allows ServiceNow customers...

How do you measure your Red Team? One of the primary differences between a Red Team and a Penetration Testing team is the primary stakeholder. With a Red Team, the primary stakeholders are those responsible for your detection and response capabilities. That being said, a side effect of Red Team...

Many applications you find on GitHub that can be used for one off tasks, or for simple automation don’t have built in authentication. Typically, I just run it on localhost and port forward, or just run the application locally. This can be a pain and doesn’t scale very well. With...

If you are only as strong as your weakest link, don’t let that weak link be your detection and response capabilities.. There will always be multiple gaps in each layer of your defense in depth model. Make sure finding those gaps takes longer than your detection and response times. Visualizing...

A high level TTP to detection rule life cycle. This is surely not all inclusive but does breakdown an often overlooked component of red team observations. That is, what happens once you hand off the report. Example Detection “Package”

Several weeks ago, I received an invite code to HEY.com. Naturally, I tried to get [email protected]. Since its considered a “premium” email address, its spendy. For $999, not really worth it probably. Turns out, email addresses 4 or more characters are the standard $99. So.. lets try ‘jp @hey.com’ (two...