The TROJANIZED COMPONENT: DISSECTING THE BROWSER EXTENSION AND CTI GREAT EFFECTS

dissection

Without question, 2020 was defined by the global coronavirus pandemic (GCP). So to speak Not only has the virus had huge public health consequences, social distancing and lockdown measures also have had profound economic impacts. …


increasingly, companies considering security a top priority and ex-filtration of data are more restricted.

The OOB techniques often useful in a blind vulnerability , as an attacker you don’t get the output of exploit in direct response , for instance in a web-app vulnerable to blind injection . …


recently i was in engagement and needed to download large file from the compromised machine , i was unable to get it from TFTP neither from cert-util .

i had to create a simple python script that launch mini HTTP web server and convert it to exe since it was…


we all know how important to gain tty ( teletype terminal ) shell during a penetration testing.

i had a scenario where the vulnerable webdav server is installed in virtualization environment and no routing enabled from the victim box to the outside network or lets say there is outbound firewall and reverse connection denied !!


we all know hashcat utilize gpu and to work with cpu in virtualbox or vmware
you will need to install the following

apt-get install libhwloc-dev ocl-icd-dev ocl-icd-opencl-dev

apt-get install pocl-opencl-icd

tested on PWK vm


requirements :
new version of kali
mimikatz : wget https://raw.githubusercontent.com/dfirfpi/hotoloti/master/volatility/mimikatz.py

in case you found offline dump or you were able to dump lsas process using procdump

The technique can be involves in pentesting by obtaining passwords in clear text from a server without running “malicious” code in it since mimikatz…


yesterday was a great experience for me to attend all kind of joubert , one of the challenges i could not solve and understand in the reverse engineering section . this CTF challenge contain pcapng file and no hint provided only flag needed to earn the points ..

  • for people…

AliBawazeEer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store