X-C3LL’s Personal Blog :)| Doomsday Vault
An inventory of my current comics.|
New approach for this blog.|
Hooking mysqld to steal net-NTLM hashes from developers.|
Brief description of how to use GetEnvironmentVariable as an alternative to WriteProcessMemory|
Overview of PHP internals related with disable_functions and how common exploits works|
Description of how to pivot though the MySQL service. Turning MySQL into a SOCKS5 that can be used by proxychains.|
Article describing how we used LIEF to isolate target functions and kaitai to describe the protocol.|
Collection of CSS / HTML primitives. Tricks to use as an alternative to JavaScript (exfiltration, timing, etc.)|
Walkthrough of discovering CVE-2018-7081 (memory corruption). Proof of Concept inside :)|
Example of how WFP can be used to communicate with an infected machine|
Examples of how the inotify API can be useful for the Red Team|
Some ideas about how to extract hidden parameters in PHP functions and how to find potential bypasses|
Brief tutorial of how to use backend pipes in PowerDNS for exfiltration|
Solutions to the challenges made by me in Navaja Negra CTF (Web, Pwn, Rev. & Misc.)|
Description of how the vulnerability was found and a few indications about its explotability|
Article about how to build backdoors for the Zend Engine.|
Learn the basic usage of Frida with this tutorial. Build your own cheat with Frida.|
Description of how to backdoor PAM and exfiltrate credentials via DNS requests. Capture credentials FTW!|
Quick article about how to improve well-known tools used in pentests. Forkpty() FTW!!|
Article about how to subvert file integrity checks made by most popular WordPress Plugins|
Example of how to abuse permissive environments to infect processes with custom code using ptrace|
List of antidebugging techniques applied to JavaScript (focused on browsers)|
Solution to an easy python jail challenge|
An example of how to drop modules on a target using the syscall memfd_create| Doomsday Vault