How I hacked my washing machine - Nex's Blog
I ran out of characters for microblogging so this is where the big words go| nexy.blog
I ran out of characters for microblogging so this is where the big words go| nexy.blog
One of the useful features Chrome has had for a long is text prediction. When you start to search for something Google attempts to predict w...| www.stark4n6.com
Mist is an insane-level Windows box mostly focused on Active Directory attacks. It starts off with a simple file disclosure vulneraility in Pluck CMS that allows me to leak the admin password and upload a malicious Pluck module to get a foothold on the webserver. There’s a directory at the filesystem root with links in it, and by overwriting one, I get execution as a user on the host. I’ll find LDAP signing is off, and use PetitPotam to coerce the server to authenticate to my, and relay t...| 0xdf hacks stuff
The challenge| blog.scrt.ch
CyberChef is a versatile tool for beginners and experts, offering powerful features for easy data handling and analysis.| HackerTarget.com
See technical analysis PSLoramyra, an advanced malware that leverages PowerShell, VBS, and BAT scripts to execute directly in memory.| ANY.RUN's Cybersecurity Blog
Huntress identified an emerging threat involving Cleo’s LexiCom, VLTransfer, and Harmony software, known as CVE-2024-55956, commonly used to manage file transfers. Read more about this emerging threat on the Huntress Blog.| www.huntress.com
fullspeed is a challenge around a .NET-AOT binary, which means unlike typical .NET binaries, it’s fully compiled to assembly. The binary makes an Elliptic Curve Diffie-Hellmen exchange and then uses it to send data including the flag. I’ll show how I use the given PCAP and the initialized values in the binary to recover the randomly generated privarte key, and decrypt the messages.| 0xdf hacks stuff
I thought I would try out this weeknotes format which seems to have gained some popularity. I want to write more about stuff that isn’t technical in nature, and I think these weeknotes could be the way for me to do that. I don’t know if I’ll be able to publish one every week, but I’ll try my best! If I can stick to the habit, I might look into making weeknotes a dedicated concept in my Today I Learned theme.| Michael Henriksen
Discover our Reverse Shell Cheat Sheet, featuring one-liners, listeners, obfuscation, and expert tips to help you master these essential techniques.| StationX
The CloudChat infostealer returns, worse in almost everyway except that now the second stage is encrypted! Yipee!| alden.io
In this post, we will look at how the security of the AES-GCM mode of operation can be completely compromised when a nonce is reused.| frereit's blog
I'm happy to announce there is a new Hindsight release available! 2021.04.26 has many small improvements and fixes, including adding support Chrome 88 - 90, but the main new features are an Unfurl plugin and parsing of the Site Characteristics Database! Unfurl Plugin I'm excited that this new| dfir.blog
Part 1 of analyzing the KrakenKeylogger Malware| Toxin Labs
Breakdown of a recent Gozi trojan Italian targeted campaign| Toxin Labs
Introduction This is the fourth post of a series which regards the development of malicious software. In this series we will explore and try to implement multiple techniques used by malicious applications to execute code, hide from defenses and persist. In the previous part of the series we discussed methods for detecting sandboxes, virtual machines, automated analysis and making manual debugging harder for an analyst. In this post we will talk more about compiling and linking the code with V...| 0xpat.github.io
10/22 - 10/23という日程で開催された。keymoonさん、ptr-yudaiさん、ふるつきさん、そして私から構成される98ptsで参加して全完し1位。前回はソロチームで今回は4人チームという違いはあるけれども、2年連続で優勝できて嬉しい。 *1 全部で35問が出題されたうち、「OSINT」問が26問というCTFだった*2。CTFで出る「OSINT」には色々あるが、今回は写真が1枚与えられるのでその撮影...| st98 の日記帳 - コピー
