Showing Posts From

July 2025

Elevating Attack Path Mapping to the Clouds

An introduction to Reversec's Cloud Attack Path Mapping (APM) service, looking at where it originated from, why it works and how it compares to other styles of testing. After looking at the current state of testing, consideration is given to how effective our future-looking service can be for both cloud-native and hybrid environments. Examples are given of previous success stories where interesting, and sometimes unusual, results have occurred!

Mapping Oracle’s Forgotten Pathways: Lateral Movement with ORACrawl

This article explores lateral movement in Oracle databases using chained database links - an area with little prior research or tooling. It introduces ORACrawl, a tool that automates discovery and query execution across multiple database link paths, bypassing Oracle’s constraints and enabling deeper security assessments.

High-Profile Cloud Privesc

Revisiting PowerShell Profile Tricks in Entra Environments

AtivarSpy - Swimming With Delphins

A piece of undocumented Delphi malware was analysed to understand its functionality. In doing so, some interesting techniques were identified, alongside poor coding practices and potential vulnerabilities in the backend malware server.