In this article, we will discuss how you can take over google cloud accounts, if you have compromised an endpoint. Once you get a hang of it, it will take you less than 60 seconds to do this.

A gcloud story

If you are familiar with google cloud, you might be familiar…


In this article, we will talk about a new tool written by me alongside Brad Richardson called “gcpHound” as well as some of the fundamentals to better understand the functionality of the tool. …


In my previous article, I have discussed how to build detection chart using MITRE ATT&CK Framework. However, as I mentioned at the very end of the article , to sustain this long term , working with the Detection Chart should be more seamless and spreadsheets are anything but seamless.

Thus…


In this article, we are going to review how we can escape the Office365 sandbox in MacOS Catalina. Apple has hardened MacOS environment in recent years which has made privilege escalation from sandboxed applications lot more difficult than it used to be. …


In previous article , we talked about how to build Detection Chart using MITRE ATT&CK Framework. In this article, we will leverage those detection charts to help guide us prioritize as to which TTPs , we should build detection for. This is what sample detection chart looks like.

As discussed…


This article is about how MITRE ATT&CK Framework can be leveraged to measure current detection capability of the organization. There are significant numbers of tools out there that can achieve similar purpose. …


This article is about simple steps to follow to convert .app file to .dmg file. The main reason for this article is , During an engagement, I had difficulty finding online article that explains seamless way to do this. Hopefully, this will help to create .dmg file from .app …


Command and Control ( C2 ) is one of the most essential part of red team engagements. There are a lot tools out there that are designed just for efficient command and control such as :

In this article, we would be specifically talking about…

Madhav Bhatt

Effective collaboration between red and blue can produce offensive defense a.k.a blue team quickly detecting, responding and disrupting attackers activities.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store