Cybersecurity News & Threat Intelligence
Penetration Basics - Obtaining the List of Installed Programs on the Current System
Learn how to get a complete list of installed programs using WMI and registry enumeration for penetration testing and system analysis.
Outlook MAPI Development Guide
Learn to use Outlook MAPI for accessing Outlook resources, reading emails, and extending applications with C# code examples and open-source tools.
SharpGen Utilization Analysis
Learn how to use SharpGen to integrate, restructure, and encrypt .NET assemblies with Roslyn. Includes setup, compilation, and utilization methods.
Use CLR to maintain persistence
Learn how to use CLR to maintain persistence without admin privileges, hijack all .NET programs, and develop a backdoor with POC and detection methods.
VMware Workspace ONE Access Vulnerability Debugging Environment Setup
Step-by-step guide to set up VMware Workspace ONE Access vulnerability debugging environment, including OVA installation, SSH setup, and remote debugging configuration.
Catalog Signature Forgery - Long UNC Filename Spoofing
Exploit Long UNC filenames to forge catalog signatures, copying attributes from system files to bypass security checks and deceive Windows.
Phishing credentials via Basic Authentication (phishery) exploitation test
Test phishery for phishing credentials via Basic Authentication. Learn setup, exploitation, and defense tips for this SSL-enabled HTTP server tool.
Penetration Techniques - Exploitation of Clipboard in Windows
Explore Windows clipboard exploitation techniques: writing/reading methods, real-time monitoring for penetration testing, and pastejacking risks. Learn security implications.
Use COM Object hijacking to maintain persistence——Hijack CAccPropServicesClass and MMDeviceEnumerator
Learn how to use COM object hijacking for persistence by targeting CAccPropServicesClass and MMDeviceEnumerator. No admin rights or reboot needed. Includes POC and defense tips.
Penetration Technique - Extracting User Plaintext Passwords via CredSSP
Learn how to extract plaintext Windows user passwords via CredSSP Group Policy exploit without lsass process manipulation. Includes principles, exploitation methods, and defense tips.
Windows Event Viewer Log (EVT) Single Log Deletion (Part 3) — Deleting EVT Log Records for a Specified Time Period on the Current System
Learn to delete Windows EVT log records for a specific time period on XP systems via handle enumeration and DLL injection methods. Includes code examples.
Penetration Techniques - Enabling Anonymous Access Shares on Windows Systems via Command Line
Learn to enable anonymous access file shares on Windows via command line for penetration testing, data transfer, and payload delivery in internal networks.
Analysis of Windows Backdoor Exploitation Methods in CIA Vault7 RDB
Analysis of Windows backdoor exploitation methods from CIA Vault7 RDB, including VBR persistence, registry hijacking, and DLL injection techniques.
Windows Event Viewer Log (EVT) Single Log Deletion (Part 2) – Program Implementation for Deleting Log Records within a Specified Time Range from EVT Files
Learn how to delete log records from EVT files within a specified time range. Includes program approach, time_t to GMT conversion, and open-source code.
Domain Penetration - AdminSDHolder
Learn how to exploit AdminSDHolder for domain privilege escalation, including ACL modification, enumeration of protected accounts, and detection methods.
Domain Penetration - Implementation of Pass The Hash
Learn Pass The Hash implementation for domain penetration: principles, tools like mimikatz, wmiexec, and Invoke-TheHash, with practical examples for security testing.
Windows XML Event Log (EVTX) Single Log Deletion (Part 2) – Program Implementation for Deleting Single Log Records in EVTX Files
Learn how to delete single log entries from EVTX files with detailed programming steps, including handling intermediate, first, and last log deletions.
Penetration Techniques - Clearing Single Records in RecentFileCache.bcf and Amcache.hve
Learn how to clear single file execution records in RecentFileCache.bcf and Amcache.hve on Windows systems for penetration testing and forensic analysis.
Expansion on the Exploitation of "Lateral Movement — SCM and DLL Hijacking Primer"
Learn advanced exploitation of wlbsctrl.dll for privilege escalation and TSMSISrv.dll/TSVIPSrv.dll for backdoor attacks via SCM in Windows systems.
GadgetToJScript Exploitation Analysis
Analyze GadgetToJScript for .Net program encapsulation in js/vbs, bypassing AMSI and .Net 4.8+ Assembly.Load blocks. Includes code analysis, payload testing modifications, and SILENTTRINITY integration.