Pages
(Move to ...)
▼
Friday, November 1, 2019
Retro shellcoding for current threats: rebinding sockets in Windows
›
In previous posts we saw two techniques to bypass firewalls through custom stagers to locate and reuse the connection socket; on the one ha...
Friday, March 15, 2019
One-Way Shellcode for firewall evasion using Out Of Band data
›
In a recent post I was talking about a shellcode technique to bypass firewalls based on the socket's lifetime which could be useful fo...
Thursday, December 27, 2018
DNS Polygraph: tool designed to make easier the identification of techniques such as DNS Hijacking/Poisoning
›
Some time ago I had to research an alleged case of DNS Interception in a somewhat hostile Windows environment. Part of the job was to sniff...
2 comments:
Sunday, June 3, 2018
Windows reuse shellcode based on socket's lifetime
›
I've always been a big fan of the old sockets reuse techniques : findtag , findport , etc.; each with its advantages and disadvantages....
1 comment:
Monday, August 14, 2017
DoublePulsar SMB implant detection from Volatility
›
In the last months there have been various groups of attackers as well as script kiddies that have been using the FuzzBunch Framework to co...
3 comments:
Tuesday, May 23, 2017
Post-exploitation: Mounting vmdk files from Meterpreter
›
Whenever I get a shell on a Windows system with VMware installed I feel a certain frustration at not being able to access the filesystem of...
3 comments:
Tuesday, December 13, 2016
Modbus Stager: Using PLCs as a payload/shellcode distribution system
›
This weekend I have been playing around with Modbus and I have developed a stager in assembly to retrieve a payload from the holding regis...
1 comment:
Friday, April 8, 2016
Pazuzu: reflective DLL to run binaries from memory
›
Most of the times I use Meterpreter in my pentest but sometimes I missed the possibility to run my own binaries from memory to carry out ve...
›
Home
View web version