An analysis of the malware used in the recent cyber-attacks targeting Albania
Introduction
Recent Posts
VolgaCTF Qualifiers - UserCenter Web Challenge
During the weekend, I wanted to spend some time brushing up my web appsec skills and decided it would be a good idea to try some CTF challenges. One of the i...
Introducing Office 365 Attack Toolkit
During our red team operations, we frequently come in contact with organisations using Office 365. The present tooling targeted at this environment is somewh...
A journey on APT34 PoisonFrog C2 Server
In the recent years APTs have been the center of infosec. Mainly because of the public coverage by the media, glorifying by security companies and many more ...
Raven - Linkedin Information Gathering Tool
Introduction Last summer I wrote a simple tool named Raven, which would extract public information from Google and Linkedin and build e-mail list that could ...
Bypassing AppLocker Custom Rules
Introduction Applocker is becoming one of the most implemented security features in big organizations. Implementing AppLocker reduces your risk dramatically ...
Bug or Backdoor - Exploiting a Remote Code Execution in ISPConfig
Introduction In this blogpost I will write about a suspicion I had which turned out to be false, how regex-es can go wrong and also how to chain logic featur...
Bypassing Web-Application Firewalls by abusing SSL/TLS
During the latest years Web Security has become a very important topic in the IT Security field. The advantages the web offers resulted in very critical serv...
Browser-C2 using legitimate browsers for Command and Control Operations
During the recent years companies are starting to get better at security. If 5-6 years before you could “finish” your pentest in a day , increased security a...
OSCE - CTP Course Preparation - HeapSpray + SEH + EggHunter
Introduction Hello humans! I have been busy working preparing myself for the CTP Course and wanted to share my experience.
WordSteal - Stealing Windows Credentials through crafted document
On every external pen-test I do after information gathering and enumeration phase I prepare some spear-phishing campaigns. My favorite method is using Word M...