File Transfer Filter Bypass: Exe2Hex
IntroductionExe2hex is a tool developed by g0tmilk which can be found here. The tool transcribes EXE into a series of hexadecimal strings which can be restored into the original EXE file by using...
View ArticleA Detailed Guide on Wfuzz
IntroductionMany tools have been developed that create an HTTP request and allow a user to modify their contents. Fuzzing works the same way. A user can send a similar request multiple times to the...
View ArticleLinux Privilege Escalation: DirtyPipe (CVE 2022-0847)
IntroductionCVE 2022-0847 is a privilege escalation vulnerability discovered by Max Kellerman present in Linux Kernel itself post versions 5.8 which allows overwriting data in arbitrary read only files...
View ArticleDomain Escalation: Resource Based Constrained Delegation
IntroductionDelegation has been a part of Microsoft’s Active Directory environment since early 2000s and has remained one of few ignored threats by system analysts. Due to misconfigured delegation...
View ArticleA Detailed Guide on httpx
Introductionhttpx is a fast web application reconnaissance tool coded in go by www.projectidscovery.io. With a plethora of multiple modules effective in manipulating HTTP requests and filtering out...
View ArticleIndirect Command Execution: Defense Evasion (T1202)
IntroductionIndirect Command Execution is a defense evasion technique that is often used by Red Teams in which an adversary tries to bypass certain defense filters put in place which may restrict...
View ArticleParent PID Spoofing (Mitre:T1134)
IntroductionParent PID spoofing is an access token manipulation technique that may aid an attacker to evade defense techniques such as heuristic detection by spoofing PPID of a malicious file to that...
View ArticleA Detailed Guide on crunch
IntroductionOften times attackers have the need to generate a wordlist based on certain criteria which is required for pentest scenarios like password spraying/brute-forcing. Other times it could be a...
View ArticleLateral Movement: WebClient Workstation Takeover
IntroductionThe article is based on @tifkin_’s idea that a workstation takeover, also known as lateral movement, is possible by abusing WebDAV shares. In Certified Pre-Owned whitepaper a technique...
View ArticleLateral Movement: Remote Services (Mitre:T1021)
IntroductionDuring Red Team assessments, after a compromise has been done, attackers tend to laterally move through the network gaining more relevant information on other systems. This lateral movement...
View ArticleWindows Persistence: COM Hijacking (MITRE: T1546.015)
IntroductionAccording to MITRE, “Adversaries can use the COM system to insert malicious code that can be executed in place of legitimate software through hijacking the COM references and relationships...
View ArticleA Detailed Guide on Cewl
Hi, Pentesters! In this article we are going to focus on the Kali Linux tool “Cewl” which will basically help you to create a wordlist. Let’s explore this tool and learn about what all other options...
View ArticleA Detailed Guide on Responder (LLMNR Poisoning)
IntroductionResponder is a widely used tool in penetration test scenarios and can be used for lateral movement across the network by red teamers. The tool contains many useful features like LLMNR,...
View ArticleA Detailed Guide on AMSI Bypass
IntroductionWindows developed the Antimalware Scan Interface (AMSI) standard that allows a developer to integrate malware defense in his application. AMSI allows an application to interact with any...
View ArticleDefense Evasion: Process Hollowing (T1055.012)
IntroductionIn July 2011, John Leitch of autosectools.com talked about a technique he called process hollowing in his whitepaper here. Ever since then, many malware campaigns like Bandook and...
View ArticleProcess Doppelganging (Mitre:T1055.013)
IntroductionEugene Kogan and Tal Liberman presented a technique for defense evasion called “Process Doppelganging” in Blackhat EU 2017 which can be found here and a video of the session here. In this...
View ArticleA Detailed Guide on Medusa
Hi Pen testers! Let’s learn about a different tool Medusa, which is intended to be speedy, parallel and modular, login brute forcer. The goal of tool is to support as many services which allow remote...
View ArticleA Detailed Guide on HTML Smuggling
IntroductionHTML Smuggling is an evasive payload delivery method that helps an attacker smuggle payload past content filters and firewalls by hiding malicious payloads inside of seemingly benign HTML...
View ArticleA Detailed Guide on Hydra
Hello! Pentesters, this article is about a brute forcing tool Hydra. Hydra is one of the favourite tools of security researchers and consultants. Being an excellent tool to perform brute force attack,...
View ArticleProcess Herpaderping (Mitre:T1055)
IntroductionJohnny Shaw demonstrated a defense evasion technique known as process herpaderping in which an attacker is able to inject malicious code into the mapped memory segment of a legit process...
View Article