All insights grouped by year
2022
-
Customising Blacklist3r for OWIN OAuth Access Tokens
Using a modified version of Blacklist3r, we managed to bypass authentication in OWINView insight: Customising Blacklist3r for OWIN OAuth Access Tokens
2021
-
Hacking for Heroes will return…
We’re excited to announce that Hacking for Heroes will return in 2022 -
Reverse engineering BMC PATROL Agent for static keys and IVs
A dive into BMC PATROL Agent and the security issues within.View insight: Reverse engineering BMC PATROL Agent for static keys and IVs
-
All my Intune users could become Local Administrators and it's a Feature?
An investigation into how Intune allows users to escalate their privilege to become a local administrator.View insight: All my Intune users could become Local Administrators and it's a Feature?
-
Microsoft GovTech presentation - Azure Security Faux Pas
Blaise St-Laurent presented to the Microsoft GovTech forum on the 18th of March 2021 on the various mistakes, misconfigurations and missteps that ZX Security has seen in the last 2 years’ Azure security reviews.View insight: Microsoft GovTech presentation - Azure Security Faux Pas
2020
-
AWSUG Presentation - AWS Security Faux Pas
Blaise St-Laurent presented to the Aotearoa AWS Users Group on Tuesday the 10th of November 2020 on the various mistakes, misconfigurations and missteps that ZX Security has seen in the last 2 years’ AWS security reviews.
2019
-
Service Workers
Claudio Contin was interviewed by the Daily Swig regarding his research into registering malicious service workers.