Without question, 2020 was defined by the global coronavirus pandemic (GCP). So to speak Not only has the virus had huge public health consequences, social distancing and lockdown measures also have had profound economic impacts. On the other hand Cybercriminals and APT taking advantages of the situation, surprisingly they are targeting org and security researcher due to the wide spread of work from home and BYOD.
Lessons will be learned over the coming months and years by governments and businesses. Thus, its unique 360-degree view of the business and risk-control mindset can help organizations identify their blind spots and opportunities…
increasingly, companies considering security a top priority and ex-filtration of data are more restricted.
The OOB techniques often useful in a blind vulnerability , as an attacker you don’t get the output of exploit in direct response , for instance in a web-app vulnerable to blind injection . an attacker require a entity to generate an outbound TCP/UDP/ICMP request and that will then allow an attacker to exfiltrate data
For this purpose , as an attacker utilizing a built in system tool with less privileges and one-liner payloads to achieve malicious objective.
The DNS protocol is an excellent channel. It…
recently i was in engagement and needed to download large file from the compromised machine , i was unable to get it from TFTP neither from cert-util .
i had to create a simple python script that launch mini HTTP web server and convert it to exe since it was windows machine and does not have python installed .
if len(sys.argv) > 1:
PORT = int(sys.argv)
PORT = -1
we all know how important to gain tty ( teletype terminal ) shell during a penetration testing.
i had a scenario where the vulnerable webdav server is installed in virtualization environment and no routing enabled from the victim box to the outside network or lets say there is outbound firewall and reverse connection denied !!
new version of kali
mimikatz : wget https://raw.githubusercontent.com/dfirfpi/hotoloti/master/volatility/mimikatz.py
in case you found offline dump or you were able to dump lsas process using procdump
The technique can be involves in pentesting by obtaining passwords in clear text from a server without running “malicious” code in it since mimikatz is flagged by most AV . In this way we avoid having to deal with antivirus evasion techniques and other headaches.
On the other hand, Procdump is a tool developed by Mark Russinovich that will allow us to dump the memory space of a process to a file.
yesterday was a great experience for me to attend all kind of joubert , one of the challenges i could not solve and understand in the reverse engineering section . this CTF challenge contain pcapng file and no hint provided only flag needed to earn the points ..
opened the file with wireshark network analyser and noticed kind of new type of communication , to be honest i never knew it could happen untill i solved this challenge…