Phishing attacks are wreaking havoc across businesses - Using modern phishing techniques, malicious actor(s) can even bypass most MFA methods!

A walkthrough of the assembly code idioms the Rust compiler uses to implement the language’s core features (as they appear in Klabnik’s a...

Video Streaming Portal des Chaos Computer Clubs

This article discusses compromising shared CI/CD runner infrastructure, and how an attacker can escalate their privileges from basic source-repository access to compromising the environments the wider system is deploying.

During our red team operations, we frequently come in contact with organisations using Office 365. The present tooling targeted at this environment is somewhat limited meaning that development is often...

Obfuscated LSASS dumper command A quick walkthrough for a obfuscated PowerShell LSASS dump command via comsvcs.dll. tl;dr Malicious command detection for PowerShell is not easy. Pretty hard to tell, what the following command is going to do, huh? &$env:?…

DLL Side-Loading is a pervasive technique partially because its behavior is difficult to detect. As a sub-technique of DLL Hijacking, it ta

After reading Alex’s latest article, I’m inspired to start a detection serie dedicated to Event Log manipulation techniques, with our first…

In this OALABS Patreon tutorial we cover the basics of YARA, what is it, how is it used, and how to write your first rule.

Full notes have been unlocked on our Patreon here
https://www.patreon.com/posts/introduction-to-96636471

-----
OALABS DISCORD
ht…

In my introductory post I had been talking about dynamic memory allocation and I referenced various solutions that are used to tackle this…

Join Didier Stevens and I (mostly him) talking about the footprints left behind when us red team folks utilize tools such as Cobalt Strike to infiltrate and set up command & control! This important information can help both blue and red, but for the red side…

Tutorial ini sekedar memperkenalkan cara memakai Ghidra dan IDA (baik pro maupun free). Tadinya saya hanya ingin membahas Ghidra saja, tapi karena saya juga belum pernah menulis tutorial IDA, jadi sekalian saja, sekaligus bisa dibandingkan langsung.



Perlu…

On Windows, named pipes are a form of interprocess communication (IPC) that allows processes to communicate with one another, both locally and across the network. Named pipes serve as a mechanism to transfer data between Windows components as well as third…

An automated Breach and Attack Simulation lab with terraform. Built for IaC stability, consistency, and speed. - iknowjason/AutomatedEmulation

Authors: Michael Kouremetis

SANS PenTest HackFest 2022

Speaker: Jean-François Maes, Certified Instructor, SANS Institute

In this presentation, Jean-Francois Maes will talk about shellcode loaders and some opsec considerations when dropping to disk + talk about some popular evasion…

Find approachable and high-value methods that can be used to hunt for malware infrastructure in this guest blog from Embee Research.