WAF Evavasion Techniques #3
admin
September 2, 2018
Part 3 of a series of posts by @TheMiddle, using uninitialized Bash variable to bypass Web Application Firewalls, tested on CloudFlare WAF and ModSecurity OWASP CRS. Chck it out ::HERE::
Author Archives: admin
admin
September 2, 2018
skiptracer released
admin
June 3, 2018
Our new open source python OSINT framework, skiptracer was released yesterday @ HushCon. Initial attack vectors for recon usually involve utilizing pay-for-data/API (Recon-NG), or paying to utilize transforms (Maltego) to get data mining results...
CT’s #1 hacker part deux – electric boogaloo
admin
April 25, 2018
Seems our pal Mario Dinatale, or’ Mario Di Natale’ as he now uses for SEO reasons (see post: Hacks Lies Nation States) has bullshitted his way into another job. I wonder how much bullshit he fed into his new employer Kyber Secure ‘Why do you care’ you might ask? Because charlatans like him lie their way into jobs and bragging about ransomware ‘take...
OWASP Top 10 – 2017 released
admin
November 20, 2017
You can get it from here: github.com/OWASP/Top10/tree/master/2017
Spookflare
admin
November 20, 2017
SpookFlare gives you the opportunity to bypass the endpoint countermeasures at the client-side detection and network-side detection. SpookFlare is a loader generator for Meterpreter Reverse HTTP and HTTPS stages...
Bypassing UAC with access tokens
admin
November 20, 2017
@tiraniddo released slides, demo videos, and some source code from his Zero Nights 2017 talk: Abusing Access Tokens for UAC Bypasses. Get it on his Github.
Summary:
“UAC, specifically Admin-Approval mode, has been known to be broken ever since it was first released in Windows Vista...
Backdooring PE Files
admin
November 20, 2017
Haider Mahmood has a nice write-up on his blog using a few different techniques to backdoor PE files, making them (hopefully) fully undetectable by anti-viruses...
Office DDEAUTO attacks
admin
October 21, 2017
New post on willgenovese.com about macro-less Office command execution and how to use different payloads with the attack.
Exploiting with EternalRomance with Win10 WSL
admin
October 4, 2017
How to install metasploit inside Win10 WSL and use some python scripts to exploit vulnerable Win2k through 2k16 machines.
willgenovese.com/exploiting-with-eternalromance-using-metapsloit-installed-inside-win10-wsl/
bitcracker – bitlocker password cracker
admin
October 1, 2017
BitCracker is the first open source password cracking tool for memory units encrypted with BitLocker. Check it out @ https://github.com/e-ago/bitcracker or use as a plugin for John The Ripper Jumbo version @ http://openwall.info/wiki/john/OpenCL-BitLocker