Last update Jun 08, 2018.
Stuff that I'm reading (or saving for later)
Alternative methods of becoming SYSTEM
For many pentesters, Meterpreter's getsystem command has become the default method of gaining SYSTEM account privileges, but have you ever have wondered just how this works behind the scenes?
A new look at null sessions and user enumeration
TLDR; I think I found three new ways to do user enumeration on Windows domain controllers, and I wrote some scripts for it. Over the years, I have often used the NULL session vulnerability to enumerate lists of users, groups, shares and other interesting information from remote Windows systems.
Decrypting APT33’s Dropshot Malware with Radare2 and Cutter – Part 1
As a reverse engineer and malware researcher, the tools I use are super important for me. I have invested hours and hours in creating the best malware analysis environment for myself and chose the best tools for me and my needs.
YARA Rules for Finding and Analyzing in InfoSec
If you work in security anywhere, you do a lot searching, analyzing, and alerting. It’s the underpinning for almost any keyword you can use to describe the actions we take when working.
When the system calls the .Net apps by default, the backdoor triggers automatically.
No Win32_Process Needed – Expanding the WMI Lateral Movement Arsenal
Lateral movement is a critical phase in any attack targeting more than a single computer in a network. Lateral movement usually abuses existing mechanisms that allow remote code execution, assuming the attacker has the right credentials.
Rich offline experiences, periodic background syncs, push notifications—functionality that would normally require a native application—are coming to the web. Service workers provide the technical foundation that all these features rely on.
The Importance of Deep Work & The 30-Hour Method for Learning a New Skill
Fair enough. It’s difficult to know in advance what could become “your thing”, since our interests vary from person to person and only because I like ARM exploit development, doesn’t mean it is something you would enjoy doing yourself.
Abusing Exported Functions and Exposed DCOM Interfaces for Pass-Thru Command Execution and Lateral Movement
Background Last Wednesday, I had some down time so I decided to hunt around in \System32 to see if I could find anything of potential interest.