Corporal Bugz

During a recent red team engagement, we uncovered an unexpected gap in a client’s Microsoft 365 mail flow. While testing external ingress...

Entra tokens are authentication tokens issued by Microsoft Entra to enable secure access to Microsoft 365 services and other resources....

Exploring the vast landscape of Red Team training through a simple Google search reveals a plethora of courses and comprehensive...

On a recent internal Penetration Test, I was faced with the above scenario and had to work a little harder for Domain Admin. So finding...

Anyone in the Infosec community has heard of bloodhound. Its a tool used to enumerate Active Directory and is my go to on an Internal...

Disclaimer: Details are Generic and no client information is present in this post. For Clarity from Portswigger.net : XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application’s processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. Server-side request for