Blog | Tools

Spray 365: A New Twist on Office 365 Password Spraying

Posted on December 10, 2021Link 

Spray365 Demo

TL;DR The current state of password spraying Office 365 accounts could benefit from new approaches to bypassing Azure AD conditional access policies and other techniques that make it difficult to detect password spraying techniques. Built with Python 3 using Microsoft's Authentication Library (MSAL), Spray365 makes password spraying more effective by identifying insecure conditional access policies and allows for randomized password spraying...Continue reading 

Bypassing App Locker & CLM While Evading EDR

Posted on September 29, 2021Link 

Applocker Image

Introduction The  last blog post I wrote got way more recognition than I expected and because of that, I was inspired to continue writing and sharing my experiences/research. This blog will be about the short journey I took to hone bypasses relating to Constrained Language Mode in PowerShell and AppLocker Policies. My goal was to create payloads that...Continue reading 

Introducing Armory: External Pentesting Like a Boss

Posted on February 04, 2019Link 

TLDR; We are introducing Armory, a tool that adds a database backend to dozens of popular external and discovery tools. This allows you to run the tools directly from Armory, automatically ingest the results back into the database and use the new data to supply targets for other tools.   Why?   Over the past few years I’ve spent...Continue reading 

Have Questions?
Get Answers