BLOG
IOCTL demistified
This article is more of a my own notes and it may profit to others. This is a DRAFT for the moment. Recently, I followed a course on developement on Offensive Driver Developpement from zeropointsecurity (link here). I recommend following it, it's not too expensive and...
XDR UnInstall password information disclosure
Since Mr. D0x post on XDR : https://twitter.com/mrd0x/status/1514318257112637440 things have improved. https://mrd0x.com/cortex-xdr-analysis-and-bypass/ Palo Alto has introduced an cipher to crypt the techsupport file. Password to be calculated via a private key in...
Lockbit 3.0 links
As of date 3.10.2022...
Escalate privileges with RemotePotato
Github repo for the tool of Antonio Cocomazzi @splinter_code and Andrea Pierini @decoder_it : https://github.com/antonioCoco/RemotePotato0 Potato what ? In the last few years, we saw tools likes RottenPotato, RottenPotatoN, SweetPotato, Juicy Potato and PrintSpoofer...
webclient_activation
Following reading an article from @CyberWarship : https://twitter.com/CyberWarship/status/1485623439633362946 The following test was done in my lab. in a share that users are connected on, create a file called "Documents.searchConnector-ms" In this file place the...
RBCD WebClient attack
In this post, I will explore the RBCD WebClient attack which has been described in many tweets and other forums, but I wanted to understand the main intricasis as I was learning it during a pentest engagement I had the chance to work on. I thought it could be helpfull...