QR codes are designed for usability, not security. Using QRLJacking, a victim can unknowingly grant access to their account by scanning a QR code.

Another day, another CVE. It is possible to recover the master password in cleartext for KeePass. Write up, examples and a POC to demonstrate CVE-2023-32784

Combining two advanced phishing techniques

Browser In The Browser (BITB) phishing attacks are less common but very effective when used. They’re hard to identify and easy to setup!

Office 365 is widely used however, is rarely configured to best practices which can allow a multitude of attacks/exploitation.

Use this security hardening guide.

My first time using BurpSuite Intercept and I found a vulnerability which allows me to change the price of items and checkout.

How to force mobile devices to use the Outlook App instead of their native apps.

How to check Shared mailbox’s Access Rights via .csv with Powershell. Useful for checking permissions without having to go through the office.com admin/exchange interface.

How to search the mailbox rules on your tenant per user, via Powershell. Great for finding what rules have been setup via the Client/Webapp.

How to use powershell to search user mailbox and shared mailbox forwards within your tenant for security purposes.

How to enable mailbox auditing