Zeros, Ones, and the Art of War - AI for Red and Blue Teams
30 Apr 2025 - Rhette Wallach
Practical blue and red AI
Research
Binary Data Analysis: The Role of Entropy
07 Apr 2025 - Sofiane Talmat
This is is the first article in a series for binary data analysis. It is an introduction to entropy.
SNulk - ServiceNow Bulk Submit Tool for Table Records
14 Jan 2025 - Sigmund Gorski
This post introduces SNulk, a solution that allows users to effortlessly submit large numbers of templated records to a table on a ServiceNow instance.
SootUp vs. Soot - Is The New Static Analysis Library Ready For Use?
12 Nov 2024 - Sigmund Gorski
This blog post compares the static analysis library SootUp to its predecessor Soot to determine areas of improvement, areas that still need work, and how fit SootUp is to be used in actual tool development.
A Rhino of a Problem - Assembling Call Stacks for Rhino Polyglot Code
04 Nov 2024 - Sigmund Gorski
This blog post demonstrates Rhino Tracker, a solution for analyzing Rhino polyglot code.
Practical Jazzer for the Snazzy Fuzzer
28 Oct 2024 - Sam Shahsavar
We will review some lessons learned and tips for effectively fuzzing your applications with Jazzer.
Thinking About CVE-2023-21967, an OpenJDK Vulnerability
06 Oct 2023 - Sam Shahsavar, with contributions from Sofiane Talmat
We will analyze and build a POC for CVE-2023-21967, a vulnerability in OpenJDK.
Defeating MFA Number Challenges through Phishing
06 Sep 2023 - Paul Marrapese
Push verifications with an extra number challenge step have become a popular multi-factor authentication strategy. But, does this extra step actually offer any added protection against hackers?
DEFCON31 - ELF 64-bit Stack Based Buffer Overflow
05 Sep 2023 - Royce Davis
recently had the pleasure of attending DEFCON31 at Caesars Forum in Las Vegas. A few of us on the Red Team decided to...