Tevora's Threat Blog
TLDR This blog post documents an unauthenticated remote code execution vulnerability affecting the open-source Python reactive notebook platform Marimo. The issue has been assigned CVE-2026-39987 and arises from a missing authentication check on t...
Show Filters
Atomic Red Team Windows Execution Engine
Atomic Red Team is an excellent collection of commands, activities, and other Indicators of Compr...
MuleSoft Runtime < 3.8 Unauthenticated RCE (CVE-2019-13116)
This blog post details a pre-authentication deserialization exploit in MuleSoft Runtime prior to ...
Read More about MuleSoft Runtime < 3.8 Unauthenticated RCE (CVE-2019-13116)
Surveillance Detection Scout is a hardware and software stack that makes use of your Tesla’s ca...
Threat Hunting for Ransomware with CarbonBlack Response and AnyRun
Ransomware is still one of the most common incidents Tevora’s Digital Forensics and Incident Re...
Read More about Threat Hunting for Ransomware with CarbonBlack Response and AnyRun
About Windows Process/Thread Tokens and Pass The Hash
Windows has a rich security model that is worth understanding to operate effectively on a red tea...
Read More about About Windows Process/Thread Tokens and Pass The Hash
Visualizing .NET Class Relationships using Roslyn and Neo4j
During a whitebox code review, having graphical representations of the layout of the code base ca...
Read More about Visualizing .NET Class Relationships using Roslyn and Neo4j
During an engagement, having an email list for your target can be useful for a variety of reasons.
A SharpView and More Aggressor
Any red team looking to improve is constantly adapting, changing their tactics and implementing n...
Configuring Secure Boot + TPM 2
This post will walk through the process of automatically decrypting a LUKS encrypted drive on boo...
Blind Command Injection Testing with Burp Collaborator
In this post we will demonstrate how Burp Collaborator can be leveraged for detecting and exploit...
Read More about Blind Command Injection Testing with Burp Collaborator
Tevora employs a lot of different tools depending on what our need is. During penetration tests a...
5 Minute Forensics: Decoding PowerShell Payloads
Through consulting with several of our clients during IR engagements, we have discovered that sev...
Read More about 5 Minute Forensics: Decoding PowerShell Payloads
RTOps: Automating Redirector Deployment With Ansible
This blog will cover what redirectors are, why they are important for red teams, and how to autom...
Read More about RTOps: Automating Redirector Deployment With Ansible
SecSmash: Leveraging Enterprise Tools
We are releasing the SecSmash tool we announced at BSIDES LV. SecSmash is a framework that allows...
Release the Kraken: Starting Your Password Cracking Journey
Password cracking is a crucial part of a pentest. It can either lead you to the promised land, or...
Read More about Release the Kraken: Starting Your Password Cracking Journey
Lay of the Land with Bloodhound
When I came across the tool BloodHound, it quickly became one of the go-to tools in my arsenal.