Ghost in the PPL Part 2: From BYOVDLL to Arbitrary Code Execution in LSASS
#itm4n
In the previous part, I showed how a technique called “Bring Your Own Vulnerable DLL” (BYOVDLL) could be used to reintroduce known vulnerabilities in LSASS, even when it’s protected. In this second part, I’m going to discuss the strategies I considered and explored to improve my proof-of-concept, and hopefully achieve arbitrary code execution. The User-After-Free (UAF) Bug Before going down t...
via Itm4n Blog (author: itm4n)
#itm4n
In the previous part, I showed how a technique called “Bring Your Own Vulnerable DLL” (BYOVDLL) could be used to reintroduce known vulnerabilities in LSASS, even when it’s protected. In this second part, I’m going to discuss the strategies I considered and explored to improve my proof-of-concept, and hopefully achieve arbitrary code execution. The User-After-Free (UAF) Bug Before going down t...
via Itm4n Blog (author: itm4n)
👏1
Navigating the Uncharted: A Framework for Attack Path Discovery
#specterops
via SpecterOps Team Medium (author: Elad Shamir)
#specterops
via SpecterOps Team Medium (author: Elad Shamir)
Medium
Navigating the Uncharted: A Framework for Attack Path Discovery
This is the second post in a series on Identity-Driven Offensive Tradecraft, which is also the focus of the new course we will launch in…
The Hidden Treasures of Crash Reports
#objectivesee
Analyzing crash reports reveals malware, (0-day) bugs, and much more!
via Objective-See Blog
#objectivesee
Analyzing crash reports reveals malware, (0-day) bugs, and much more!
via Objective-See Blog
Adventures in Shellcode Obfuscation! Part 10: Shellcode as MAC Addresses
#redsiege
by Mike Saunders, Principal Security Consultant This blog is the tenth in a series of blogs on obfuscation techniques for hiding shellcode. You can find the rest of […]
via RedSiege Blog (author: Red Siege)
#redsiege
by Mike Saunders, Principal Security Consultant This blog is the tenth in a series of blogs on obfuscation techniques for hiding shellcode. You can find the rest of […]
via RedSiege Blog (author: Red Siege)
The Hunter’s Workshop: Mastering the Essentials of Threat Hunting
#trustedsec
As an incident unfolds, skilled threat hunters with a special talent for uncovering hidden threats stand at the ready. These hunters smoke jump into the chaos and meticulously sift through network logs and endpoint…
via TrustedSec Blog (author: Justin Vaicaro)
#trustedsec
As an incident unfolds, skilled threat hunters with a special talent for uncovering hidden threats stand at the ready. These hunters smoke jump into the chaos and meticulously sift through network logs and endpoint…
via TrustedSec Blog (author: Justin Vaicaro)
Try it for yourself: the latest PortSwigger Research from Black Hat USA
#portswigger
The modern web is constantly developing, with new potential vulnerabilities emerging all the time. Ensuring your web applications are secure in the face of this evolving threat is a constant challenge
via PortSwigger Blog
#portswigger
The modern web is constantly developing, with new potential vulnerabilities emerging all the time. Ensuring your web applications are secure in the face of this evolving threat is a constant challenge
via PortSwigger Blog
Ring Around The Regex: Lessons learned from fuzzing regex libraries (Part 2)
#secretclub
I’m a little late (one whole month passed in a blink of an eye!). Let’s catch up.
via Secret Club (author: addison)
#secretclub
I’m a little late (one whole month passed in a blink of an eye!). Let’s catch up.
via Secret Club (author: addison)
This Badge is My Badge
#nettitude
When it comes to covert entry assessments, successfully capturing RFID badge values can mean the difference between failure and successful entry to a target site. In a previous Labs post, “I Don’t Need a Badge – Lessons Learned from Physical Social Engineering”, we introduced the ESPKey as a method of capture. Although the ESPKey is [...]
via Nettitude Labs Blog (author: Dalton Wright)
#nettitude
When it comes to covert entry assessments, successfully capturing RFID badge values can mean the difference between failure and successful entry to a target site. In a previous Labs post, “I Don’t Need a Badge – Lessons Learned from Physical Social Engineering”, we introduced the ESPKey as a method of capture. Although the ESPKey is [...]
via Nettitude Labs Blog (author: Dalton Wright)
Gobbling Up Forensic Analysis Data Using Velociraptor
#trustedsec
Lately I have been working with Velociraptor for its endpoint and digital forensic capabilities and specifically spent time in many cases in the past two years with Velociraptor Offline Collector functions to gather…
via TrustedSec Blog (author: Thomas Millar)
#trustedsec
Lately I have been working with Velociraptor for its endpoint and digital forensic capabilities and specifically spent time in many cases in the past two years with Velociraptor Offline Collector functions to gather…
via TrustedSec Blog (author: Thomas Millar)
TrustedSec
Gobbling Up Forensic Analysis Data Using Velociraptor
Adventures in Shellcode Obfuscation! Part 11: Jargon
#redsiege
by Mike Saunders, Principal Consultant This blog is the eleventh in a series of blogs on obfuscation techniques for hiding shellcode. You can find the rest of the […]
via RedSiege Blog (author: Red Siege)
#redsiege
by Mike Saunders, Principal Consultant This blog is the eleventh in a series of blogs on obfuscation techniques for hiding shellcode. You can find the rest of the […]
via RedSiege Blog (author: Red Siege)
Using Veeam metadata for efficient extraction of Backup artefacts (2/3)
#synacktiv
via Synacktiv Blog (author: Webmaster)
#synacktiv
via Synacktiv Blog (author: Webmaster)
Shellcode: Pseudo-Random Involution (Data Masking 3)
#odzhan
Introduction Not sure if the title is an accurate description, but when you apply a self-inverse permutation or involution twice, you get back the original data and that’s pretty much what the code shown in this post does.
via modexp Blog (author: odzhan)
#odzhan
Introduction Not sure if the title is an accurate description, but when you apply a self-inverse permutation or involution twice, you get back the original data and that’s pretty much what the code shown in this post does.
via modexp Blog (author: odzhan)
Shellcode: RSA (Data Masking 4)
#odzhan
Introduction Malware like OceanLotus have used RSA-256 to hide strings. Darkhotel used RSA to hide code. For fun, some crackmes used RSA-32 or RSA-64 for simple keygen challenges. The RSA cryptosystem uses two exponents (or keys) and a modulus derived
via modexp Blog (author: odzhan)
#odzhan
Introduction Malware like OceanLotus have used RSA-256 to hide strings. Darkhotel used RSA to hide code. For fun, some crackmes used RSA-32 or RSA-64 for simple keygen challenges. The RSA cryptosystem uses two exponents (or keys) and a modulus derived
via modexp Blog (author: odzhan)
👍1