Without question, 2020 was defined by the global coronavirus pandemic (GCP). So to speak Not only has the virus had huge public health consequences, social distancing and lockdown measures also have had profound economic impacts. On the other hand Cybercriminals and APT taking advantages of the situation, surprisingly they are targeting org and security researcher due to the wide spread of work from home and BYOD.

Lessons will be learned over the coming months and years by governments and businesses. Thus, its unique 360-degree view of the business and risk-control mindset can help organizations identify their blind spots and opportunities…

increasingly, companies considering security a top priority and ex-filtration of data are more restricted.

The OOB techniques often useful in a blind vulnerability , as an attacker you don’t get the output of exploit in direct response , for instance in a web-app vulnerable to blind injection . an attacker require a entity to generate an outbound TCP/UDP/ICMP request and that will then allow an attacker to exfiltrate data

For this purpose , as an attacker utilizing a built in system tool with less privileges and one-liner payloads to achieve malicious objective.

The DNS protocol is an excellent channel. It…

recently i was in engagement and needed to download large file from the compromised machine , i was unable to get it from TFTP neither from cert-util .

i had to create a simple python script that launch mini HTTP web server and convert it to exe since it was windows machine and does not have python installed .

import http.server
import socketserver
import sys
import socket
import os

if len(sys.argv) > 1:
PORT = int(sys.argv[1])
except ValueError:
PORT = -1

we all know how important to gain tty ( teletype terminal ) shell during a penetration testing.

i had a scenario where the vulnerable webdav server is installed in virtualization environment and no routing enabled from the victim box to the outside network or lets say there is outbound firewall and reverse connection denied !!

we all know hashcat utilize gpu and to work with cpu in virtualbox or vmware
you will need to install the following

apt-get install libhwloc-dev ocl-icd-dev ocl-icd-opencl-dev

apt-get install pocl-opencl-icd

tested on PWK vm

requirements :
new version of kali
mimikatz : wget

in case you found offline dump or you were able to dump lsas process using procdump

The technique can be involves in pentesting by obtaining passwords in clear text from a server without running “malicious” code in it since mimikatz is flagged by most AV . In this way we avoid having to deal with antivirus evasion techniques and other headaches.

On the other hand, Procdump is a tool developed by Mark Russinovich that will allow us to dump the memory space of a process to a file.

yesterday was a great experience for me to attend all kind of joubert , one of the challenges i could not solve and understand in the reverse engineering section . this CTF challenge contain pcapng file and no hint provided only flag needed to earn the points ..

  • for people dont know what is pcap : (a packet capture) consists of an application programming interface (API) for capturing network traffic

opened the file with wireshark network analyser and noticed kind of new type of communication , to be honest i never knew it could happen untill i solved this challenge…


Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store