Can your EDR look in two directions at once?⌗
This isn’t terribly complicated, but it does play on the assumptions that AV and EDR can make when examining binaries for suspicious behavior. While the article focuses on process injection, this technique could apply to any tasks or actions that have to occur outside of the C2 (or malware) binary itself in the course of normal red team operations.
CSP ‘bypass’ using chained XSS⌗
I use the quotes around bypass because I think that’s not quite the right fit, but semantics aside this is pretty clever. A strong Content Security Policy can definitely save your neck as a developer if some other control fails and a payload makes it into your DOM or onto the page. But it’s not foolproof. In this example, due to the way the browser is treating the second found XSS in relation to the first, the CSP is not violated and the payload runs. Pretty neat, and has enough steps demonstrated to be able to follow what is happening.
Interview: a true madlad⌗
Filedescriptor is becoming one of my favorite people to pay attention to. I make use of his Untrusted Types extension at work, and he has been quite generous in his giving-back to the infosec community. I hope to be as good at this as he clearly is some day.
Bonus Stage: PDF⌗
As it says on the tin, a pretty long paper describing a Docker pentesting methodology. I intensely dislike Mobi/Docker/whatever-it-is-now (anything that requires an entire ecosystem of additional software to make it useful and understandable indicates the premise is flawed…but I digress), but there’s no denying that it is the dominant containerization layer in the cloud. So understand how to wreck it!