Infrastructure

Bypassing Multi Factor Authentication

Intercepting multi factor authentication credentials using an Nginx reverse proxy.

Infrastructure

Phishing

Sending Phishing emails to capture login credentials.

Infrastructure

Terraform

Using Terraform to deploy testing infrastructure & auditing Terraform configuration files.

Malware Dev

Keystroke Logging

Logging Keystrokes with SetWindowHookEx.

Malware Dev

Process Mitigation Policies & ACG

Attempting to use binary signature policies and arbitrary code guard to bypass userland hooks.

Malware Dev

Parent Process ID Spoofing

Supplying arbitrary PPID values to CreateProcess.

Web Application

File Upload Vulnerabilities

Exploiting file upload vulnerabilities to execute arbitrary code.

Web Application

SQL Injection

SQL Injection for MySQL databases.

Web Application

XML External Entity Injection (XXE)

Exploiting XML parsers.

Web Application

Web Content Discovery

Identifying web content to launch further attacks.

Web Application

Cross Site Scripting (XSS)

Injecting malicious code into web applications.

Malware Dev

Shellcode Obfuscation

Encoding Shellcode for use within malware.