Redcanary has ranked Process Injection as the number one threat observed in their customers’ environments; More than 34% of organizations are affected by this threat, with more than 2,700 confirmed threats. Process Injection is a technique adversaries use to carry out malicious activities to be performed by legitimate processes. Adversaries also employ the technique so that their malicious code inherits the privileges of the injected legitimate process.
When I manually pentest sites, I usually see some standard parameters like
"q=" and I immediately test the common vulnerabilities like open redirector or SQL injections and observe their behavior. I used to repeat the process on many pages, and I do that a lot, which wastes my time. To solve this problem, I wrote a solution to test all the basic issues without using automated scanners.
SharpWatchdogs is a low-hanging fruit program designed to watch other processes. The idea behind this code is to provide persistence in compromised hosts, but at the same time, it is easy to remove.
Nowadays, they are many command and control projects. However, the medium of most of the existing C2s is operating systems. We rarely see a C2 that controls a specific part of an operating system like browsers.
Cobalt Strike is the industry standard for C2 projects. It provides a post-exploitation agent and channels to emulate long-term embedded actors in networks. Cobalt Strike can use very good surreptitiously channels via many different techniques.
Fighting Windows Defender and Malwarebytes is a story without an end. From time to time, I try to update my beacons and change their behavior, so they bypass Windows defenses. This three-week break, I wrote another Red Team implant. I called it Restless.
Hello Hackers! I hope you found a 0day today. Well, today, I will be addressing most of the people’s favorite distribution, Kali Linux. It’s an awesome distro with outdated tools. Everyone knows Kali Linux distribution. If you don’t know it, it’s basically a Debian-derived Linux distribution designed for digital forensics and penetration testing. It’s an evolved version of backtrack. Kali Linux is one of my favorite Linux distributions. However, in the past years, I started solving HackTheBox challenges, and a lot of these challenges have some smaller patterns where, for example, you start by enumerating ports, then brute-forcing web directories and files. And with time, you get use to these types of challenges, and you want to improve some areas in your techniques and tools. Improving your skillset and techniques is by reading and practice. However, when it comes to the tools, by default, most of the beginners, including myself, stuck with the basic tools in Kali distro, which many of them are outdated and slow.
TLDR; This is an entry-level post. It goes over the concept of network-based fuzzing using Boofuzz, takes HTTP protocol as an example to practice finding bugs in real-world implementations of HTTP servers, briefly reviews 6 different exploits, and finally shows the process of finding a new unknown bug in an HTTP protocol implementation.
TLDR; this is a basic intro-level blog post that teaches how to utilize imported functions like WinExec to develop a payload that spawns calc.exe in a restricted memory space.
When exploit developers write exploits, they come across restrictive character sets that limit the characters they can use in their shellcode. For this reason, tools like the MSFvenom exist. MSFvenom helps exploit developers obfuscate shellcodes and mitigate restrictive character sets using different encoders. This post aims to go over the methodology of encoding shellcode manually to understand how it really works. By the end of this post, you should be able to encode any shellcode. The methodology I explain in this blog post is called Shellcode carving. Shellcode carving is the act of manipulating registers to create shellcodes using mathematical operations to bypass character restrictions.