Process Mitigations are a Windows feature that enables exploit mitigations on either a per-process or system-wide basis. This post explores our research into potential defensive applications of Process Mitigations to prevent commodity attack techniques as well the limitations of the control.

Embed canary tokens in your login portal and route webhook trigger data into Microsoft Sentinel via Azure Logic Apps - detecting cloned or proxied login pages at the moment they load, before credentials are entered.

A good bit has been written about using high-level languages to obtain code execution and persistence within an environment. This post refines these techniques a bit further, discussing how PYTHONPYCACHEPREFIX can be used to obtain even more covert execution.

PacketHuffer is a tool to help wireless operators make sense of their recon data obtained from Kismet. It deduplicate information across multiple captures, and allows you to identify interesting networks, and run custom queries on the data.

External pentests and red teams often need reliable techniques for identifying and validating target users. Traditional methods like TeamsEnum and onedrive_user_enum are useful, but can be false positive-prone or require further authentication. The PowerBI API exposes an unauthenticated endpoint that returns a definitive {“accountExists”:true} or a 404/500, which can be used to enumerate valid email addresses for a given organization.