A few days ago I participated with a colleague in a Red Teaming exercise. I’m just starting out in this kind of exercise (I hope to get my Red Team Operator certificate before the end of the year), but my colleague is an expert who has been working on this for years and has spoken … Read more
A memory corruption vulnerability (CVE-2021-4034) in PolKit, a component used in all major Linux distributions and in some Unix-like operating systems, has just appeared and can be easily exploited by unprivileged local users to gain full root privileges. This vulnerability is really interesting given how easy it is to exploit. Moreover, it has been exploitable … Read more
This is the third post on the post-exploitation method based on code caves. In the first part I showed you how to create a basic code cave in an executable to introduce a shell. In the second part I improved its detection rate using natural code caves and hiding the jump to the cave between … Read more
This is the second part of the set of posts about Post Explotation Backdooring. If you haven’t read the previous post, I recommend you do so to understand this post. Again I want to thank OscarAkaElvis, who taught me these PE Backdooring techniques. In the previous post we saw how to introduce the code of … Read more
A few months ago I was in a post-exploitation course taught by my ex colleagueOscarAkaElvis (creator of the tool to audit Airgeddon, which I recommend you try). I also want to warn that this is an advanced technique and you need to have basic knowledge of assembler and reversing. If you don’t have them, I … Read more
Recently I am doing some very interesting Pentester Academy courses. Thanks to them I am learning a lot, since they deal with very particular topics with clear examples. Today I am going to show you what I have learned about DLL Hijacking. A DLL is a library of dynamic links. There are two types of … Read more