Hacking

Recent investigation by Bitsight TRACE has discovered multiple critical 0-day vulnerabilities across six ATG systems from five different vendors.

Dynamically invoke arbitrary unmanaged code.

Authors: Boudewijn Meijer && Rick Veldhoven Introduction As defensive security products improve, attackers must refine their craft. Gone are the days of executing malicious binaries from di…

In this blog post, I will explain a vulnerability in the Microsoft Windows Desktop Windows Manager (DWM) Core library that I analyzed when the exploit for Core Impact was being developed. This vulnerability allows an unprivileged attacker to execute code as a DWM user with Integrity System privileges (CVE-2024-30051).

We explain how mainframes work, potential attack vectors, and what to focus on when pentesting such systems.

A list of online news & info sources in the InfoSec/Cybersecurity space - foorilla/allinfosecnews_sources

Introduction This is the first post of a series which regards development of malicious software. In this series we will explore and try to implement multiple techniques used by malicious applications to execute code, hide from defenses and persist. Let’s create a C++ application that will run malicious shellcode while trying to not be caught by AV software. Why C++ and not C# or PowerShell script? Because it’s much more difficult to analyze compiled binary when compared to managed code or script. For the purpose of this and following articles we will use MS Visual Studio 2017 or 2019 on Windows 10.

A stealthy process stomping method compatible with UNIX-like systems with anti-forensic enhancements for Linux.

Process Injection without Process Injection. Exploring cross-session activation mechanisms to steal someone else’s session using COM

At Emproof, our mission is to enhance the security and integrity of embedded systems through innovative binary rewriting techniques. We are committed to providing advanced […]

Nyxstone: assembly / disassembly library based on LLVM, implemented in C++ with Rust and Python bindings, maintained by emproof.com - emproof-com/nyxstone

grimresource.msc · GitHub

Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege - sokaRepo/CoercedPotatoRDLL

This post gives you a simple summary of the most needed WinDbg commands for .NET. The most of the examples are heavily inspired by Konrad Kokosa’s excellent book Pro .NET Memory Management.

In your red teaming or pentesting activities escalating to  SYSTEM on a Windows box is always the desired objective. The SYSTEM user is a special operating system user with the highest privilege, m…

Introduction In this blogpost, we take a closer look at our research regarding CVE-2022-47758: a critical vulnerability impacting a very large number of Internet of Things smart devices. We could leverage this vulnerability in the lamp's firmware for unauthenticated remote code execution on the entire device with the highest privileges

Packer/Protector for x86-64 ELF binaries on Linux.

PoC for using MS Windows printers for persistence / command and control via Internet Printing - Diverto/IPPrintC2

Abstract Once threat actors gain a foothold on a system, they must implement techniques to maintain that access, even in the event of restarts, updates in credentials or any other type of change...

Simulate the behavior of AV/EDR for malware development training. - Helixo32/CrimsonEDR

Macro-header for compile-time C obfuscation (tcc, win x86/x64) - DosX-dev/obfus.h

The swiss army knife of LSASS dumping. Contribute to fortra/nanodump development by creating an account on GitHub.

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 9...

A fast TCP/UDP tunnel over HTTP. Contribute to jpillora/chisel development by creating an account on GitHub.

A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files from shellcode. - jstrosch/sclauncher