LIGHT
DARK
home
archive
about
RSS
Archive.
2024
Mixing watering hole attacks with history leak via CSS
VBA: overwriting R/W/X memory in a reliable way
A christmas tale: pwning GTB Central Console (CVE-2024-22107 & CVE-2024-22108)
VBA: having fun with macros, overwritten pointers & R/W/X memory
2023
Developers are juicy targets: DCOM & Visual Studio
VBA: resolving exports in runtime without NtQueryInformationProcess or GetProcAddress
Beating an old PHP source code protector
2022
Spice up your persistence: loading PHP extensions from memory
Thoughts on the use of noVNC for phishing campaigns
In the land of PHP you will always be (use-after-)free
2021
Having fun with a Use-After-Free in ProFTPd (CVE-2020-9273)
Adding a native sniffer to your implants: decomposing and recomposing PktMon
Knock! Knock! The postman is here! (abusing Mailslots and PortKnocking for connectionless shells)
Don't use commands, use code: the tale of Netsh & PortProxy
From theory to practice: analysis and PoC development for CVE-2020-28018 (Use-After-Free in Exim)
A physical graffiti of LSASS: getting credentials from physical memory for fun and learning
One thousand and one ways to copy your shellcode to memory (VBA Macros)
Hooks-On Hoot-Off: Vitaminizing MiniDump
The Kerberos Credential Thievery Compendium (GNU/Linux)
Hijacking connections without injections: a ShadowMoving approach to the art of pivoting
2020
The worst of the two worlds: Excel meets Outlook
Shedding light on creating VBA macros
Hacking in an epistolary way: implementing kerberoast in pure VBA
Remote Command Execution in Ruckus IoT Controller (CVE-2020-26878 & CVE-2020-26879)
A brief encounter with Leostream Connect Broker