Mine for Local Privilege Escalation Vulnerabilities in Windows Applications Using Automation and Virtualization

TLDR: A year ago, I noticed that there are very easy-to-spot vulnerabilities on Windows third-party applications that lead to local privilege escalation. I developed an automation solution that browses the web looking for Windows applications, downloads and installs them, and then performs some static scans on the system after installing the targeted software. When it finds vulnerable software, it sends notifications to Slack. Using this project, I was able to find more than 40 LPE vulnerabilities and 2 CVEs in a very short period. I called this project Miner: GitHub Repository. This post briefly talks about the project and shows how to start employing it.

Read More

Resource Efficient Internal Network Honeypots

An easy way to detect unauthorized access in networks is by deploying honeypots all over the network. In this post, I will go over a way to deploy internal resource-efficient honeypots. The objective of using these honeypots is not to collect data but to alert us of threats coming from inside the network via Slack channels.

Read More

Studying Sysmon's Ability to Detect Process Injections Using Different Configuration Schemas

Redcanary has ranked Process Injection as the number one threat observed in their customers’ environments; More than 34% of organizations are affected by this threat, with more than 2,700 confirmed threats. Process Injection is a technique adversaries use to carry out malicious activities to be performed by legitimate processes. Adversaries also employ the technique so that their malicious code inherits the privileges of the injected legitimate process.

Read More

Kali Linux is Missing Many Essential Tools. This is my solution..

Kali Linux is an excellent distro with outdated tools. Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It’s an evolved version of backtrack. Kali Linux is one of my favorite Linux distributions. However, in the past years, I started solving HackTheBox challenges, and a lot of these challenges have some smaller patterns where, for example, you start by enumerating ports, then brute-forcing web directories and files. The typical challenges, but when you get into advanced challenges, you might need different skillsets and tools. When it comes to the tools, Kali provides only the essential tools, which many of them are outdated and slow.

Read More

Detecting Bugs Using Network Protocol Fuzzing

TLDR; This is an entry-level post. It goes over the concept of network-based fuzzing using Boofuzz, takes HTTP protocol as an example to practice finding bugs in real-world implementations of HTTP servers, briefly reviews 6 different exploits, and finally shows the process of finding a new unknown bug in an HTTP protocol implementation.

Read More

Manually Encode Bytes & Shellcode Carving

When exploit developers write exploits, they come across restrictive character sets that limit the characters they can use in their shellcode. For this reason, tools like the MSFvenom exist. MSFvenom helps exploit developers obfuscate shellcodes and mitigate restrictive character sets using different encoders. This post aims to go over the methodology of encoding shellcode manually to understand how it really works. By the end of this post, you should be able to encode any shellcode. The methodology I explain in this blog post is called Shellcode carving. Shellcode carving is the act of manipulating registers to create shellcodes using mathematical operations to bypass character restrictions.

Read More