Automating the process of SEOS downgrade attacks.

If you aren't using a pre-boot PIN with bitlocker, I'm getting in. With Darren McDonald

Ariel, listen to me. 🎶Program in C!🎶

New Blog Post: Shipping your Private Key - CVE-2023-43870, Paxton do a Lenovo cryptic.red/post/shipping-…

What a find! My man Blackie found something special. The private key included in the software #paxton #CVE-2023-43870

After years of making do with a mixture of scapy, wireshark, and the existing rtpnatscan tool I have finally written an RTP Bleed exploit. Before running on your client's SBCs, be warned it can be very disruptive. github.com/CR-DMcDonald/v…

13 hours left on the early bird pricing on my report writing course! Grab it now for life time access while it's cheap m8s training.zeropointsecurity.co.uk/courses/the-ar…

#emfcamp was great. My plans at listening to all the talks was derailed by meeting and talking with so many awesome people.

If anyone else has fallen down the rabbit hole of bypassing IR touch-less exit sensors, I'm starting to document the signal patterns on a github repo. If you've got data for other models or different patterns and timings please consider adding them. github.com/CR-DMcDonald/I…

BSides Basingstoke thanks for a great day Darren McDonald , Luke Rogerson and I had an awesome time!

Just released my tool LetItRust. Inspired by the tool LetItGo, it uses exchange API to get other domains in the same Microsoft tenant but it uses your Gandi PAT/API key to check if the domain can purchased. Great for cloud reviews, osint, and redteaming. github.com/CR-DMcDonald/l…

Started taking spectra of IR touch-less exit sensors to make sure I'm getting the best possible range when bypassing them. The assumption is they all work at 940nm, but seems worth checking. NT200 is up first.

Myself and 00Waz are releasing the Desktop Decoder today, a useful tool to easily display an encoded hex value of the Wiegand data transmitted over the wire from an Access Control reader. Great for anyone into PACs! github.com/craigsblackie/…

We're excited to announce our first speaker for the October mini meet! Darren McDonald will be delivering his talk, "Breaking the Shield: Bypassing FortWeb WAFs and Zscaler ZIA"

Docker is stupid. “Sorry, we can’t deploy a single statically linked executable of size 10 MB, so LET’S JUST SHIP GIGABYTES OF DATA CONTAINING AN ENTIRE OS WITH ALL DEPENDENCIES FOR EVERY SINGLE SERVICE”

.Rich Warren & Johnny Fishcake are discussing how to exploit corporate VPN clients for remote root & SYSTEM shells. Join to see live demos on Windows & macOS vulnerabilities & how attackers gain control w/ just one click. Register Free: sans.org/u/1vBt #SANSHackFest

We've been looking at FortiWeb Cloud IaaS WAFs. There's a very easy bypass which allows attackers passed all your logging and WAF rules if you've not implemented the origin lock feature. youtu.be/XtAOpiKu3u0?si…

Just released a few new courses - the start of my "Code Review & Architecture Fundamentals" series. 33% off on two of the courses until EOD 2nd Dec. Big thanks to CourseStack for their support in making this possible! 👉 ogsec.co.uk/2024/11/13/cod…

shocking photo taken seconds before tragedy

My first CVE with AmberWolf has recently been resolved by Dell. Memory dumps on ThinOS Wyse terminals are not stored encrypted despite the use of FDE. blog.amberwolf.com/blog/2025/june…