This is the first post in a series about my talk "hacking with Git" which was delivered at BSides Scotland 2018. It is really about linking you to the video on the BSides Scotland youtube page.
Posted on 19th April 2018
In the first article  of this series, we provided an in-depth analysis of the Mole02 Ransomware. In this part, we will examine the decryption and how we successfully exploited the poor encryption process in order to create a universal decryption tool  of the CryptoMix variant.
Posted on 9th April 2018
When we heard that BSides Glasgow was ending without a CTF, or an arranged after party, we asked if we could run one. We are delighted to announce that the organisers welcomed the idea, so this is the official BSides Glasgow after-party.
Posted on 17th January 2018
In part 1, we looked at dynamically extracting table data from a compromised SSRS server. We covered:
Posted on 8th January 2018
SQL Server Reporting Services (SSRS) is a reporting engine designed to allow creation, publication and management of reports built on data stored in a MSSQL database. SSRS allows ogranisations to create paginated reports from numerous different data sets which can be displayed either in tables or visualised using graphical elements.
Posted on 14th December 2017
Theorizing that one could dredge up old vulnerabilities and blog about them, Sam Thomas stepped into the Quantum Leet accelerator - and vanished. ... And so Sam finds himself leaping from vuln to vuln, striving to put right what once went wrong and hoping each time that his next sploit... will pop a root shell.
Posted on 8th December 2017
I gave a talk at the local Glasgow Defcon in December 2017. The slides are available here:
Posted on 28th November 2017
RDPUpload is a tool which implements an old technique for uploading files in python. There is nothing new in its concept but the implementation is. You can get it here:
Posted on 2nd November 2017
As a continuation of our previous post, we wanted to discuss another technique that can help during an red team engagement where the intention is to usually stay under the radar when compromising high value accounts.