Blog – Red Siege Information Security

by Douglas Berdeaux Determining where in your software development lifecycle (SDLC) to have a penetration test carried out can be tricky. This article aims to guide new development shops at […]

by Stuart Rorer Never Satisfied I was something of a devious child, always coming up with schemes. One that worked well was when my parents would go through the drive […]

by Douglas Berdeaux Introduction Authentication and Authorization in web application penetration testing are so closely related, that it’s easy to confuse the two. This article aims to outline each process, […]

by Jason Downey The Vendor Requirement The final entry in The Aftermath blog series. At this point, I had successfully social engineered credentials, bypassed multifactor authentication, and established command and […]

by Jason Downey The Simple Stuff So far in The Aftermath Blog Series, I had social engineered credentials, bypassed MFA, and gained access to a VDI environment. In this entry, […]

by Jason Downey The Condition In the first entry of The Aftermath Blog Series, I was able to social engineer a set of domain credentials. In this entry, we’ll discuss […]

by Jason Downey The Aftermath Blog series isn’t about tools or exploits. It’s about what happens after the attack. We’re focusing on the business side: what was found, how it […]

by Stuart Rorer, Security Consultant Uncovering Technical Artifacts One of my favorite childhood memories was going with my sister to look for artifacts after a solid rain. We lived near […]

by Douglas Berdeaux, Senior Security Consultant I have a question for web application penetration testers: How do you provide remediation advice to clients for user input handling flaws in their […]

Continuous penetration testing is a proactive approach that involves ongoing automated and manual security testing to identify vulnerabilities in a much shorter timeline. Unlike annual or quarterly penetration tests, this […]

The Red Siege train is heading to Denver, Colorado, for the first-ever Wild West Hackin’ Fest @ Mile High from February 5-7, 2025! If you’re a cybersecurity professional who loves […]

Ever wondered if your organization is truly secure or if your teams are just crossing items off a checklist? A Security Posture Review (SPR) is a solid way to answer […]

The Security Posture Review (SPR) is the newest addition to our suite of security offerings at Red Siege. We’ve combined our collective experiences in red team, blue team, and security […]

At Red Siege, we’ve earned our reputation as a leader in offensive security by delivering expert-driven solutions that prioritize what matters most to CISOs and cybersecurity professionals. From penetration testing […]

By Stuart Rorer, Security Consultant Conflicts of Time “Time is of the essence”, an idiom of immense truth. Being one of our most valuable commodities, it often feels as if […]

In the most recent SiegeCast, Corey Overstreet, Senior Security Consultant at Red Siege, took cybersecurity professionals on a deep dive into modern malware techniques. With the landscape of malware evolving […]

This is for the Vishing CTF Challenge at Wild West Hackin Fest 2024. Please visit our booth to get the starting phone number. In this vishing CTF challenge, your mission […]

As proud sponsors of Wild West Hackin’ Fest, Red Siege is excited to return to Deadwood for another year of cutting-edge training, engaging talks, and unique experiences. The event is […]

by Mike Saunders, Principal Consultant     This blog is the fourteenth in a series of blogs on obfuscation techniques for hiding shellcode. You can find the rest of the […]

by Mike Saunders, Principal Security Consultant     This blog is the thirteenth in a series of blogs on obfuscation techniques for hiding shellcode. You can find the rest of […]