Clik here to view.
Paralyzing Office365 through a Malicious Azure App
You accidentally missed the last meeting with your boss and don’t want it to happen again. So, you click a button in your browser to install an Azure Application. This app will organize your calendar...
View ArticleClik here to view.
Your Grandmother’s Guide to WiFi Hacking (Step-By-Step)
Early in my hacking journey, I decided to hack my WiFi. At the time, the only thing I knew about networks was what to do if my WiFi wasn’t working– unplug the round cord from the little black box in...
View Article2023 OSCP Study Guide (New Exam Format)
When Offsec announced the course update, I was nervous. I had no idea what Active Directory was, and now it was the most important section of the exam. Not ideal. Especially because I was one of the...
View ArticleScoring 100 Points on the New OSCP Exam: My Exam Experience
After investing thousands of hours into becoming a computer hacker, I’m still overwhelmed with how much there is to learn. Sometimes I’m so lost that I wonder if I have learned anything at all. This...
View ArticleLessons from Solo Travelling
Simon realized he could see his shadow on the ocean floor. It took me a minute, but looking down from my board, I realized I could too – through eighteen feet of turbulent ocean water. So could Amara...
View ArticleClik here to view.
Worse than SolarWinds: Three Steps to Hack Blockchains, GitHub, and ML...
Six months ago, my friend and colleague Adnan Khan started researching a new class of CI/CD attacks. Adnan grasped the significance of these attacks after executing them against GitHub to gain total...
View ArticleClik here to view.
Playing with Fire – How We Executed a Critical Supply Chain Attack on PyTorch
Security tends to lag behind adoption, and AI/ML is no exception. Four months ago, Adnan Khan and I exploited a critical CI/CD vulnerability in PyTorch, one of the world’s leading ML platforms. Used...
View ArticleClik here to view.
Fixing Typos and Breaching Microsoft’s Perimeter
Progressing through certifications, developing as a red teamer, breaking into Bug Bounty — many steps along my security journey have been difficult. One of the easiest things I’ve done was breach...
View ArticleClik here to view.
Black Hat and DEF CON Preview: “Grand Theft Actions” or “Continuous...
In one week, me and Adnan Khan will have the privilege of speaking at Black Hat USA and DEF CON 32. It seems like yesterday I was sitting in the corner of my family’s gym in Essex, Vermont, trying to...
View Article