Infrastructure

Packet Capture with Native Tools

Capturing network traffic with pktmon and netsh.

Infrastructure

Getting Started with Bash Bunny

Stealing credentials using Quick Creds.

Infrastructure

Password Cracking

Using hashcat to reveal Windows passwords.

Malware Dev

Access Token Manipulation

Assuming other users identities by copying access tokens.

Malware Dev

Shellcode Execution via Fibers

Using fibers instead of threads to run shellcode.

Malware Dev

Process Argument Spoofing

Modifying the Process Environment Block for process argument spoofing.

Malware Dev

Windows Defender Memory Scanning Evasion

Evading Windows Defender memory scanning.

Malware Dev

Process Injection

CreateRemoteThread Process Injection in C#

Malware Dev

Unhooking Event Tracing for Windows

Bypassing ETW userland hooks.

Malware Dev

Assembly.Load & AMSI

Bypassing AMSI when using Assembly.Load.

Malware Dev

DNS Tunneling

Using the Domain Name System as a Command & Control mechanism.

Malware Dev

ICMP Tunneling

Tunneling C2 messages in ICMP traffic.

Exploit Dev

Use After Free Vulnerabilities

Exploiting use-after-free vulnerabilities.

Exploit Dev

Heap Exploitation: The House of Force

Tampering with the top chunk size field for an arbitrary write primitive.

Exploit Dev

Ubuntu 20.04 Heap Exploitation

Exploiting heap corruption on Ubuntu 20.04.

Exploit Dev

Heap Thread Cache Exploitation

Exploiting heap thread caching on glibc 2.26.

Exploit Dev

Heap Fastbin Exploitation

Double free exploitation of glibc heap fastbins.

Infrastructure

Certificate Based Persistence

Using AD CS certificates to achieve persistence in an Active Directory environment.