Lolware Blog

Round three at a website.

autodiscovervulnerabililty
Obtaining Corporate Credentials via the Autodiscover Circus
Obtaining Corporate Credentials via the Autodiscover Circus
September 02, 20204 mins
active directoryjeapam
Secure Privileged Active Directory management with PAM and JEA
Active Directory Domain Just Enough Administration and Privileged Administration
July 13, 20198 mins
penetration testingred teamvulnerability
Dumbest pentesting script to ever succeed
Getting service account credentials where you shouldn't
July 09, 20191 mins
googlesafebrowse
Abusing Google Safebrowse for phished credentials URLs
What safebrowse looks for, and finding it yourself
May 12, 20193 mins
Hack the BoxDAB
Hack The Box DAB Writeup Security Assessment
Hack the box 'DAB' writeup
February 03, 20195 mins
godaddytracking
Reverse engineering GoDaddy's tracking script
Reverse engineering GoDaddy's tracking script
January 14, 20198 mins
AzureADenumeration
Enumerating Azure Federated Domains
Discovering more than just subdomains
May 09, 20182 mins
AWSS3static hosting
Security and Caching headers with S3 websites
Lambda @ Edge
March 22, 20182 mins
Open Source
Open Source marketing after two years of monitoring SSL issuance
CT Advisor has been auditing transparency for two years
January 16, 20183 mins