300 Milliseconds to Admin: Mastering DLL Hijacking and Hooking to Win the Race (CVE-2025-24076 and CVE-2025-24994)

As a pentester you are sometimes thrown into projects where you have no idea where you are going to end up. This project was one of those where you…

Read more

I wannabe Red Team Operator

Red Team Operator. A hype-tagged role tag for which one question hits our corporate LinkedIn inbox very often. “Hey there, how can I become a Red Team…

Read more

Bypassing Web Filters Part 4: Host Header Spoofing & Domain Fronting Detection Bypasses

In the previous posts of this series, we looked at different ways to bypass web filters, such as Host header spoofing and domain fronting. As we’ve…

Read more

Bypassing Web Filters Part 3: Domain Fronting

The last two blog posts in this series were about SNI spoofing and Host header spoofing. We also learned that the latter is addressed by some vendors…

Read more

Bypassing Web Filters Part 2: Host Header Spoofing

In the last post about bypassing web filters, I discussed how SNI spoofing works and how this can also be prevented by web filters. This post is about…

Read more