Open in app

Sign In

Write

Sign In

Adversary Academy Research
Adversary Academy Research

51 Followers

Home

About

Mar 9

No Mud No Lotus: The art of transforming breaches through security improvement

In Buddhist philosophy I often hear the expression “No Mud, No Lotus” this expression aligns with the Buddhist view that life and existence in many ways are circular. Things that are negative can actually be used for our benefit, and things that are good when overused can harm us. …

Cybersecurity

5 min read

No Mud No Lotus: The art of transforming breaches through security improvement
No Mud No Lotus: The art of transforming breaches through security improvement
Cybersecurity

5 min read


Feb 17

Confessions of a bug bounty program manager

In my previous article I wrote about my experiences as a top ranked bug bounty hunter. In this article I will write about my experiences on the other side of the fence triaging bug bounty program submissions. …

Bug Bounty

5 min read

Confessions of a bug bounty program manager
Confessions of a bug bounty program manager
Bug Bounty

5 min read


Feb 15

Confessions of a top-ranked bug bounty hunter

From 2016 to 2017 I was very active in the bug bounty space, working almost exclusively with Synack. My first year doing bug bounties I was able to claim a top spot on the Synack leaderboards, all while doing bug bounties part time (I still had a day job as…

Bug Bounty

5 min read

Confessions of a top-ranked bug bounty hunter
Confessions of a top-ranked bug bounty hunter
Bug Bounty

5 min read


Jan 12, 2022

Patch diffing CVE-2022–21907

Our security team does an in-depth analysis of critical security vulnerabilities when they are released on patch Tuesday. This patch Tuesday one interesting bug caught our eye. CVE-2022–21907 HTTP Protocol Stack Remote Code Execution Vulnerability, reading through the description words like critical, wormable, etc caught my interest. So we began…

Patch Diffing

5 min read

Patch diffing CVE-2022–21907
Patch diffing CVE-2022–21907
Patch Diffing

5 min read


Jan 9, 2022

Root cause analysis on unusual stack writing functions with IDA.

A common problem when doing vulnerability research and exploit development is identifying interesting components within binary code. Static analysis is an effective way to identify interesting functions to target. This approach can be quite involved if the binary is lacking symbols, or if source code is not available. …

4 min read

Root cause analysis on unusual stack writing functions with IDA.
Root cause analysis on unusual stack writing functions with IDA.

4 min read


Jan 2, 2022

The Seven Habits of Highly Effective Purple Teams

As we are approaching the new year I've been thinking about the milestones and achievements that I’ve been able to accomplish both personally and professionally. 2021 was a year of many challenges and many opportunities. Usually, when I am going through a particularly challenging period I look for a resource…

6 min read

The Seven Habits of Highly Effective Purple Teams
The Seven Habits of Highly Effective Purple Teams

6 min read


Jun 15, 2021

CVE-2021–3310 Western Digital MyCloud PR4100 Link Resolution Information Disclosure Vulnerability

Pwn2own is something like the “academy awards” for exploits and like any good actor… or in this case hacker I dreamt of my chance on the red carpet... or something like that. I had previously made an attempt at gaining code execution for Pwn2own Miami and ended up finding some…

Exploit Development

7 min read

CVE-2021–3310 Western Digital MyCloud PR4100 Link Resolution Information Disclosure Vulnerability
CVE-2021–3310 Western Digital MyCloud PR4100 Link Resolution Information Disclosure Vulnerability
Exploit Development

7 min read


Feb 19, 2021

Death By a Thousand Papercuts

Patch diffing major releases From time to time our pentest team reviews software that we are either using or interested in acquiring. That was the case with Papercut, a multifunction printer/scanner management suite for enterprise printers. The idea behind Papercut is pretty neat, a user can submit a print job…

Reversing

4 min read

Death By a Thousand Papercuts
Death By a Thousand Papercuts
Reversing

4 min read


Feb 21, 2020

Why you DON’T need the OSCP to land a cybersecurity job in 2020

(or any other security certifications for that matter) Often when I’m approached by individuals trying to get started in infosec I’ll be asked some variant of the question “What certification should I get to land a job in Cybersecurity?” or “Is the OSCP good/bad/hard/worth-it/insert-adjective-here?” Some people get psyched out before…

Oscp

4 min read

Why you DON’T need the OSCP to land a cybersecurity job in 2020
Why you DON’T need the OSCP to land a cybersecurity job in 2020
Oscp

4 min read


Jan 31, 2020

Fuzzing for known vulnerabilities with Rode0day pt 2

Improving fuzzer code coverage This is a follow on post to my first article where we went over setting up the American Fuzzy Lop fuzzer (AFL)written by Michał Zalewski. When we previously left off our fuzzer was generating test cases for the Rode0day beta binary buffalo.c available here. However we quickly found out that…

Vulnerability Assessment

5 min read

Fuzzing for known vulnerabilities with Rode0day pt 2
Fuzzing for known vulnerabilities with Rode0day pt 2
Vulnerability Assessment

5 min read

Adversary Academy Research

Adversary Academy Research

51 Followers

Research and security content produced by the team at https://adversaryacademy.com

Following
  • Will Schroeder

    Will Schroeder

  • Andy Robbins

    Andy Robbins

  • Oliver Lyak

    Oliver Lyak

  • Sanjana Sarda

    Sanjana Sarda

  • Billy Ellis

    Billy Ellis

See all (13)

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech

Teams