Research Blog

These articles are for technical teams, showing some of our recent findings and research. Each of these articles provides a detailed breakdown of something we have either used in the wild or have worked on in an effort to create new TTPs and contribute to the cyber community.

Protecting Assets Behind CloudFront

aws, cloudfront, waf

One of the most common ways of bypassing a Web Application Firewall (WAF) involves finding out the backend servers’ address and connecting to it directly. An IP can be leaked in many ways, including DNS history, HTTP headers, cookies, virtual host routing with shared infrastructure, stack traces leaking source code, […]

Read More

Building a Research Environment for Log4j

Apache, DNS resolver

With its widespread adoption rate and the challenge enterprises face with tracking down where it is being used, log4j would likely continue to be a relevant attack vector for quite a long time. Because of this, we decided to showcase how one would go about building a local lab that […]

Read More

Analysing and Reproducing PoC for Log4j 2.15.0

Very shortly after the release of the patch for CVE-2021-44228, bundled by Apache as log4j 2.15.0, researchers already found ways of bypassing the fix: CVE-2021-45046. In particular, for less than a couple of days, a vulnerability was discovered, and while it was initially rated as 3.7, it was later elevated […]

Read More

Logging Raw HTTP Requests in Python

Quite often, during our red team engagements, we find ourselves in a situation where we need to carry out web research & exploitation over several chained proxies. To that extended, to be able to do any reasonable web testing we need to be able to see the requests we send […]

Read More

Understand how your company will respond to trained and skilled offensive actors.

We understand real-world threat actors’ methodology, and our manual testing of your assets will help you develop and mature robust cybersecurity.

Book a call