Research

Technical projects, open source, publications, and coordinated disclosure.
GitHub contribution activity for HuskyHacks
Rendered by GitHub Heat

Publications

6 Months of Researching OAuth Application Attacks

Malicious OAuth applications in Microsoft 365 — Huntress

www.huntress.com
Combating Emerging Microsoft 365 Tradecraft: Initial Access

Initial access and early-stage M365 detection — Huntress

www.huntress.com
Datacenter Infrastructure & Identity Attacks

Identity-focused attacks against datacenter-style environments — Huntress

www.huntress.com
Device Code Phishing in Google Cloud and Azure

OAuth 2.0 device-code flow abuse in cloud tenants — Huntress

www.huntress.com
Smuggler’s Gambit: Uncovering HTML Smuggling Adversary-in-the-Middle Tradecraft

HTML smuggling, iframe injection, and session theft — Huntress

www.huntress.com
The Case For SigParser

Abuse of SigParser and related identity tradecraft — Huntress

www.huntress.com

CVEs

ShadowSteal

Nim proof-of-concept for CVE-2021-36934 (HiveNightmare / SeriousSAM)

Nim

GitHub stars for HuskyHacks/ShadowSteal GitHub forks for HuskyHacks/ShadowSteal
cve-2022-33891

Apache Spark UI command injection (CVE-2022-33891) — reproduction & notes

GitHub stars for HuskyHacks/cve-2022-33891 GitHub forks for HuskyHacks/cve-2022-33891

Open source

azure-agent-eval

Azure Eval — benchmark AI security agents on Azure sign-in, audit, and service-principal telemetry

Python

GitHub stars for HuskyHacks/azure-agent-eval GitHub forks for HuskyHacks/azure-agent-eval
OffensiveNotion

Cross-platform C2 using the Notion API

Rust

GitHub stars for mttaggart/OffensiveNotion GitHub forks for mttaggart/OffensiveNotion
PMAT-labs

Lab repo for Practical Malware Analysis & Triage

GitHub stars for HuskyHacks/PMAT-labs GitHub forks for HuskyHacks/PMAT-labs
the-crown-defcon615

The Crown (Nim malware) — DEF CON 615 materials: slides, notebooks, samples

Nim

GitHub stars for HuskyHacks/the-crown-defcon615 GitHub forks for HuskyHacks/the-crown-defcon615
RustyTokenManipulation

Windows token manipulation experiments in Rust (OffensiveNotion / SCShell-adjacent research)

Rust

GitHub stars for HuskyHacks/RustyTokenManipulation GitHub forks for HuskyHacks/RustyTokenManipulation
cazadora

Python hunting script for suspicious Microsoft 365 OAuth applications

Python

GitHub stars for HuskyHacks/cazadora GitHub forks for HuskyHacks/cazadora
SharpTokenFinder

C# TokenFinder-style tool — M365 access tokens from Office desktop clients

C#

GitHub stars for HuskyHacks/SharpTokenFinder GitHub forks for HuskyHacks/SharpTokenFinder
shell-setup

Shell / dotfile bootstrap for new machines

Shell

GitHub stars for HuskyHacks/shell-setup GitHub forks for HuskyHacks/shell-setup