recentpopularlog in

whip_lash : exploit   71

GitHub - Kevin-Robertson/Powermad: PowerShell MachineAccountQuota and DNS exploit tools
The default Active Directory ms-DS-MachineAccountQuota attribute setting allows all domain users to add up to 10 machine accounts to a domain. Powermad includes a set of functions for exploiting ms-DS-MachineAccountQuota without attaching an actual system to AD.
dns  exploit  pentest  powershell  activedirectory 
6 weeks ago by whip_lash
0x8 Exploit Tutorial: The Elusive Egghunter
This exploit development technique can be quite difficult to understand at first but by the time you reach the end of this mission, you should have a strong foundational sense of how it works. Egghunting can also be performed in Linux Exploitation but after some information gathering, we’ve discovered the Lee server is hosting Windows so we will stick to that operating system for this engagement.
egghunter  exploit  development 
9 weeks ago by whip_lash
Poster: Doug Lea's malloc() cheatsheet - Support / Beginner Guides - 0x00sec - The Home of the Hacker
I was studying Doug Lea’s malloc() vulnerability and, to keep track of some concepts, I wrote them down and ended up with tables and flowcharts.
Seeing it was pretty helpful to me and also kinda cute, I redid it in a poster format to put it up so I can remember that stuff.
memory  c  exploit  development 
9 weeks ago by whip_lash
GitHub - TheSecondSun/Shellab: Linux and Windows shellcode enrichment utility
Shellab is a tool that can be used to improve existing shellcodes and adapt them for personal needs. Developed to provide an alternative to msfvenom with new functionalities. Suitable for both Windows and Linux shellcode (32 and 64 bit).
hacking  tool  shellcode  exploit  development 
12 weeks ago by whip_lash
Reversing ALPC: Where are your windows bugs and sandbox escapes?
The goal of this post is to understand my process for finding bugs (which are generally done through any means necessary), so it’s important to note they aren’t indicative of mastery in any given subject. As always, if you find any errors, or corrections, feel free to contact me. This is a personal hobby of mine and do not profess to being a professional vulnerability researcher.
reverse-engineering  reverseengineering  exploit  development 
november 2018 by whip_lash
Exploit Development / Buffer Overflows – VeteranSec
This training section focuses on exploit development and buffer overflows.  We intend to release additional training videos in the near future.  Currently, our plans are to release a video series on 32-bit and 64-bit Windows and Linux operating systems. 
exploit  development  tutorial 
october 2018 by whip_lash
Wildpwn - Unix Wildcard Attack Tool - KitPloit - PenTest Tools for your Security Arsenal ☣
Wildpwn is a Python UNIX wildcard attack tool that helps you generate attacks, based on a paper by Leon Juranic. It’s considered a fairly old-skool attack vector, but it still works quite often.
unix  exploit  linux  pentest  tool 
september 2018 by whip_lash
GitHub - mdsecactivebreach/CACTUSTORCH: CACTUSTORCH: Payload Generation for Adversary Simulations
A JavaScript and VBScript shellcode launcher. This will spawn a 32 bit version of the binary specified and inject shellcode into it.
shellcode  pentest  exploit 
september 2018 by whip_lash
Injecting .Net Assemblies Into Unmanaged Processes - CodeProject
.Net is a powerful language for developing software quickly and reliably. However, there are certain tasks for which .net is unfit. This paper highlights one particular case, DLL injection. A .net DLL (aka managed DLL) cannot be injected inside a remote process in which the .net runtime has not been loaded. Furthermore, even if the .net runtime is loaded in a process one would like to inject, how can methods within the .net DLL be invoked? What about architecture? Does a 64 bit process require different attention than a 32 bit process? The goal of this paper is to show how to perform all of these tasks using documented APIs.
dotnet  exploit  programming 
september 2018 by whip_lash
How to create a network wildcard VM using CERT Tapioca for exploit testing - Tools - VulWiki
Let's say you have an exploit, and you're not sure what it does.  Many exploits do something on the network.  It would be nice to be able to observe these network operations, without actually being connected to the internet. Running an unknown exploit on an internet-connected machine is a bad idea. As it turns out, we can simulate an internet-connected machine by turning our CERT Tapioca VM into something that responds to everything (both DNS-addressed, and IP-addressed).
exploit  malware  analysis  vm 
august 2018 by whip_lash
Microsoft COM for Windows - Privilege Escalation
The keywords "COM" and "serialized" pretty much jumped into my face when the advisory came out. Since I had already spent several months of research time on Microsoft COM last year I decided to look into it. Although the vulnerability can result in remote code execution, I'm only interested in the privilege escalation aspects.
privesc  windows  pentest  exploit  security 
june 2018 by whip_lash
Practical Symbolic Execution and SATisfiability Module Theories (SMT) 101
Finding bugs is hard, reverse engineering is hard. Constraint solvers are the heart of many program analysis techniques, and can aid Fuzzing, and software verification.

This post contains a few hands-on experiments with Z3, a high performance theorem prover developed at Microsoft Research by Leonardo de Moura and Nikolaj Bjorner. With KLEE, a Symbolic Execution Engine built on top of the LLVM compiler infrastructure developed by Cristian Cadar, Daniel Dunbar, and Dawson Engler. And, angr, a binary analysis framework developed by the Computer Security Lab at UC Santa Barbara and their associated CTF team, Shellphish.
ctf  assembly  exploit  development  reverse-engineering 
may 2018 by whip_lash
klks/checksec: x64dbg plugin to check security settings
This plugin was inspired by OllySSEH by Mario Ballano and the linux by Tobias Klein. Please report any bugs/improvements/suggestions.
x64dbg  exploit  development  debugger 
may 2018 by whip_lash
!exploitable Crash Analyzer - MSEC Debugger Extensions - CodePlex Archive
The tool first creates hashes to determine the uniqueness of a crash and then assigns an exploitability rating to the crash: Exploitable, Probably Exploitable, Probably Not Exploitable, or Unknown.
security  Microsoft  debugger  windbg  exploit  development 
may 2018 by whip_lash
0xdabbad00 - Hurdles for a beginner to exploit a simple vulnerability on modern Windows
tl;dr This is basically a guide for newbies to the world of "vulnerability research" (exploit development), and shows how hard it is to get the simple exploit samples from books and tutorials to work on modern Windows using a modern compiler. This is just for fun to show all the pain points you are likely to encounter.
exploit  windows 
may 2018 by whip_lash
0x5 Exploit Tutorial: Porting Your First Exploit to Metasploit
In this edition of the Primal Security blog, we will be taking the exploit found in our first tutorial and porting it over to the Metasploit Framework.
metasploit  exploit  development 
april 2018 by whip_lash
Vulnerability Modeling with Binary Ninja | Trail of Bits Blog
Plenty of static analyzers can perform vulnerability discovery on source code, but what if you only have the binary? How can we model a vulnerability and then check a binary to see if it is vulnerable? The short answer: use Binary Ninja’s MLIL and SSA form. Together, they make it easy to build and solve a system of equations with a theorem prover that takes binaries and turns them, alchemy-like, into vulnerabilities!
assembly  binary  vulnerability  exploit 
april 2018 by whip_lash
vysec/CACTUSTORCH: CACTUSTORCH: Payload Generation for Adversary Simulations
A JavaScript and VBScript shellcode launcher. This will spawn a 32 bit version of the binary specified and inject shellcode into it.
exploit  windows  vbscript  javascript  github 
march 2018 by whip_lash
A Null Pointer Dereference Primer
In other words, a Null Pointer Dereference Vulnerability just means reading a NULL pointer.

That’s it.
c  vulnerability  exploit  pointer 
february 2018 by whip_lash
IDA text Execution – RISCY BUSINESS
It turned out to be simple, with a case change. This effectively bypassed the filter, which I didn’t even try because I thought surely it wouldn’t work…but it did, as we see the string argument to SHParseDisplayName.
ida  vulnerability  exploit 
february 2018 by whip_lash
ROP, NX and ASLR - A Love Triangle - Remote Code Execution - CVE-2018-5767 - Fidus InfoSecurity | Cyber Security, Penetration Testing, Red Teaming
In this post we will be presenting a pre-authenticated remote code execution vulnerability present in Tenda’s AC15 router. We start by analysing the vulnerability, before moving on to our regular pattern of exploit development – identifying problems and then fixing those in turn to develop a working exploit.
exploit  development 
february 2018 by whip_lash
Feature, not bug: DNSAdmin to DC compromise in one line
We will shallowly delve into the protocol’s implementation and detail a cute feature (certainly not a bug!) which allows us, under some circumstances, to run code as SYSTEM on domain controllers, without being a domain admin.
dns  domain  activedirectory  exploit  privesc  pentest  security 
february 2018 by whip_lash
Positive Technologies - learn and secure : How to Hack a Turned-off Computer, or Running Unsigned Code in Intel ME
After unpacking the executable modules, we proceeded to examine the software and hardware internals of Intel ME. Our efforts to understand the workings of ME were rewarded: ME was ultimately not so unapproachable as it had seemed.
exploit  intel  security  hardware 
january 2018 by whip_lash
CNIT 127: Exploit Development -- Sam Bowne
Learn how to find vulnerabilities and exploit them to gain control of target systems, including Linux, Windows, Mac, and Cisco. This class covers how to write tools, not just how to use them; essential skills for advanced penetration testers and software security professionals.
Advisory: CS 110A or equivalent familiarity with programming
pentest  exploit  development  programming  security  learning  class 
january 2018 by whip_lash
Windows Kernel Exploitation Tutorial Part 1: Setting up the Environment - rootkit
Recently, I had the pleasure to attend the training on Windows Kernel Exploitation at nullcon by the HackSysTeam. The training was well executed, and I got the intro into the world of kernel. But, as you know, nobody could teach you internals about Kernel Exploitation in a couple of days. So I thought of diving into the kernel, and share everything that I learn in the process. The series would be coming in parts, as I find the time to learn and document everything that I encounter.
windows  exploit 
january 2018 by whip_lash
ROP Emporium
Learn return-oriented programming through a series of challenges designed to teach ROP techniques in isolation, with minimal reverse-engineering and bug-hunting.
ctf  programming  security  exploit  development 
january 2018 by whip_lash
Janus Android App Signature Bypass Allows Attackers to Modify Legitimate Apps - TrendLabs Security Intelligence Blog
Firstly, it can be used to hide a payload. Malware may disguise itself as a single clean DEX file, with the malicious payload stored in the APK file loaded later. This is how the app discussed below uses it.

Secondly, it can be used to update an already installed app without the knowledge of the original developer. An attacker can use this to access the protected data of the original app such as user credentials and private information. Impersonating the identity of legitimate apps can also bypass some security solutions.

mobile  android  exploit 
december 2017 by whip_lash
Mailsploit: The Undetectable Spoofing Attack
Mailsploit easily passes through email servers and circumvents established spoofing protection tools like DMARC and spam filters. Emails sent with Mailsploit appear to come from totally legitimate senders. In most cases, unless email headers are inspected by technicians, emails sent using Mailsploit are undetectable.
email  security  exploit 
december 2017 by whip_lash
Securolytics | Blog
The Split Tunnel SMTP Exploit allows an attacker to bypass an organization’s email security gateway and inject messages with malicious payloads directly into the victim’s email server. This exploit targets a newly discovered vulnerability in popular Email Encryption appliances as a backdoor.
email  pentest  security  exploit  smtp 
may 2017 by whip_lash
GitHub - Kabot/Unix-Privilege-Escalation-Exploits-Pack: Exploits for getting local root on Linux, BSD, AIX, HP-UX, Solaris, RHEL, SUSE etc.
Unix-Privilege-Escalation-Exploits-Pack - Exploits for getting local root on Linux, BSD, AIX, HP-UX, Solaris, RHEL, SUSE etc.
december 2016 by whip_lash
Exploit Pack
Any security enthusiast whose needs aren't met with the default community Pack ( 350 exploits ) that comes with Exploit Pack, can take advantage of the Professional or Premium packs that are ready to use and contain a fullset of more than 37.000+ exploits with the latest vulnerabilities found in the wild, private stacks and public cves.
december 2016 by whip_lash
Exploit and vulnerability search and trending site.
exploit  search  pentest 
december 2016 by whip_lash
Finding the right exploit code – Medium
I am often looking for the right exploit code, to test and learn from in a lab setting, adapt and use during a penetration test, or to help determine the risk level of a finding during a risk…
exploit  search  pentest 
december 2016 by whip_lash
This course covers the exploitation of stack corruption vulnerabilities in the Windows environment. Stack overflows are programming flaws that often times allow an attacker to execute arbitrary code in the context of a vulnerable program. There are many nuances involved with exploiting these vulnerabilities in Windows. Window's exploit mitigations such as DEP, ASLR, SafeSEH, and SEHOP, makes leveraging these programming bugs more difficult, but not impossible.
security  exploit  software  tutorial 
august 2016 by whip_lash

Copy this bookmark:

to read