🇬🇧
The Assured Satellite Hacking CTF Challenge at Security Fest 2025
Writeup of the Assured-sponsored CTF challenge at Security Fest 2025, exploring satellite signal hacking with RTL-SDR.
Disrupting the Dark Dystopia
The Assured Blog: sharing our knowledge, news and events as well as writeups of best practice in cybersecurity.
Latest blog posts
🇬🇧
The Single-Packet Shovel: Digging for Desync-Powered Request Tunnelling
In this paper I will reveal the discovery of wide-spread cases of request tunnelling in applications powered by popular servers including IIS, Azure Front Door and AWS' application load balancer including the creation of a novel detection technique that combined the recently popularized "Single-Packet Attack" with our ever-trusty HTTP desync techniques.
🇬🇧
Initial Access Threats to Entra ID/Azure AD
Common initial access attacks used to gain foothold in Microsoft cloud tenants.
🇬🇧
Windows Recall Security
Windows Recall was postponed by popular demand because of its security and privacy issues. Now it's back, but what has changed?
Popular blog posts
🇬🇧
2023 Retrospective: IT Infrastructure and Active Directory Security
A 2023 retrospective by Assured Security Consultants on security assessments conducted, highlighting key IT infrastructure and Active Directory vulnerabilities, the impact of new regulations, and strategies for a more secure future.
🇬🇧
Zabbix Agent Security
Zabbix is a popular monitoriting tool used by many different organizations, which exposes file read and execute permissions and thus poses an interesting target for penetration testers and researchers.
🇬🇧
Google Cloud Platform (GCP) Security Best Practices
A walkthrough of a couple of Google Cloud Platform (GCP) features with security recommendations and advice on how to configure your GCP environments.