Over the last weeks we perfected our footprinting tools, OSINT and Recon techniques. Using this information, we map a theoretical attack plan.
persistence
In our evasion series we take a look at the latest in evasion evolution: Freeze
KrbRelayUp is a no-fix method for privilege escalation - that's why it's still very interesting and usable.
Got your new Schmalaxy SXT9000 Smartphone with the great features and security, but it's already boring? Let's bring tools like Metasploit or SQLMap into your Pocket
We already explored many simple pathes to be able to run exe files while bypassing EDR like Defender. Now we go a step further.
About one year ago we proposed the use of alternative coding styles to evade code scanners. Guess we gotta prove that it works.
Using a few tricks we can make a PE payload, that looks like a PDF - including file name.
Exploiting suo and csproj files recently gained attention, used in attacks on Cybersecurity researchers. We found another way
Let's try and do things like they're done in real attacks. While the media recently was all over ConnectWise ScreenConnect, we instead focus on AnyDesk - which is used by many Cybercriminals these days - in an Assumed Breach scenario.
We created a custom reverse shell from scratch and made it persistent - the result is scary, to say the least.
As promissed, we continue executing code using rundll32 on a fully updated system.
Today we're looking at one of the most simple evasions - it's always fascinating to wittness the beauty of traditional hacking exploration methods working to their full extend. The rundll32.exe comma bypass is one of these examples.
Discover a simple persistence technique to leverage environment path interception vulnerabilities, using SCRNSAVE.exe to trigger a Sliver mTLS payload. This detailed guide covers the process from identifying the vector to executing the Sliver payload, aimed at offensive security professionals seeking to enhance their toolkit.