Research & Development
I am creating this page to bring together some of the public research and development work I've been involved with to one place:
UPnP Research
UPnP Pentest Toolkit:
https://github.com/nccgroup/UPnP-Pentest-Toolkit
BSides Manchester / Cyber Cork Presentation:
Adobe Reader Attack Surface
BSides London Presentation:
https://labs.mwrinfosecurity.com/assets/BlogFiles/Why-bother-assessing-popular-software.pdf
Microsoft Workspaces
Firework Tool:
https://github.com/SpiderLabs/Firework
Blog:
DNS Over HTTPS (DoH) Command and Control
DoHC2 Tool:
https://github.com/SpiderLabs/DoHC2
Blog:
https://www.trustwave.com/Resources/SpiderLabs-Blog/DOH!-DNS-Over-HTTPS-Poses-Possible-Risks-to-Enterprises/
Mitre ATT&CKcon Presentation:
Coverage:
https://www.scmagazineuk.com/doh-doh-risks-posed-new-https-security-proposition/article/1521182
https://www.fireeye.com/blog/products-and-services/2018/12/holiday-apt-spectacular.html
Red Team Arsenal - On Demand C# Compilation
SharpCompile Tool:
https://github.com/SpiderLabs/SharpCompile
Segmentation Vault: Cloning Thick Client Access
Tools:
mdsecactivebreach
mdsecactivebreachBlog:
Segmentation Vault: Cloning Thick Client Access
Phishing Users to Take a Test
POC Tool:
mdsecactivebreach
Blog:
written byMDSec Research