Blog – Red Siege Information Security

by Larry Ellis Background Coming off my time in the defensive world in the military, I’ve always had an interest in web application testing. Flipping the script from out-thinking an […]

by Stuart Rorer Open Redirection Whenever I think of open redirection, I think of Super Mario games and the green plumbing pipes. By hopping into one I can easily transport […]

by Stuart Rorer Hide and Seek I always loved playing hide and seek as a kid, our house had a laundry chute in the upstairs bathroom which made it easy […]

by Douglas Berdeaux Determining where in your software development lifecycle (SDLC) to have a penetration test carried out can be tricky. This article aims to guide new development shops at […]

by Stuart Rorer Never Satisfied I was something of a devious child, always coming up with schemes. One that worked well was when my parents would go through the drive […]

by Douglas Berdeaux Introduction Authentication and Authorization in web application penetration testing are so closely related, that it’s easy to confuse the two. This article aims to outline each process, […]

by Jason Downey The Vendor Requirement The final entry in The Aftermath blog series. At this point, I had successfully social engineered credentials, bypassed multifactor authentication, and established command and […]

by Jason Downey The Simple Stuff So far in The Aftermath Blog Series, I had social engineered credentials, bypassed MFA, and gained access to a VDI environment. In this entry, […]

by Jason Downey The Condition In the first entry of The Aftermath Blog Series, I was able to social engineer a set of domain credentials. In this entry, we’ll discuss […]

by Jason Downey The Aftermath Blog series isn’t about tools or exploits. It’s about what happens after the attack. We’re focusing on the business side: what was found, how it […]

by Stuart Rorer, Security Consultant Uncovering Technical Artifacts One of my favorite childhood memories was going with my sister to look for artifacts after a solid rain. We lived near […]

by Douglas Berdeaux, Senior Security Consultant I have a question for web application penetration testers: How do you provide remediation advice to clients for user input handling flaws in their […]

Continuous penetration testing is a proactive approach that involves ongoing automated and manual security testing to identify vulnerabilities in a much shorter timeline. Unlike annual or quarterly penetration tests, this […]

The Red Siege train is heading to Denver, Colorado, for the first-ever Wild West Hackin’ Fest @ Mile High from February 5-7, 2025! If you’re a cybersecurity professional who loves […]

Ever wondered if your organization is truly secure or if your teams are just crossing items off a checklist? A Security Posture Review (SPR) is a solid way to answer […]

The Security Posture Review (SPR) is the newest addition to our suite of security offerings at Red Siege. We’ve combined our collective experiences in red team, blue team, and security […]

At Red Siege, we’ve earned our reputation as a leader in offensive security by delivering expert-driven solutions that prioritize what matters most to CISOs and cybersecurity professionals. From penetration testing […]

By Stuart Rorer, Security Consultant Conflicts of Time “Time is of the essence”, an idiom of immense truth. Being one of our most valuable commodities, it often feels as if […]

In the most recent SiegeCast, Corey Overstreet, Senior Security Consultant at Red Siege, took cybersecurity professionals on a deep dive into modern malware techniques. With the landscape of malware evolving […]

This is for the Vishing CTF Challenge at Wild West Hackin Fest 2024. Please visit our booth to get the starting phone number. In this vishing CTF challenge, your mission […]