I plan to perform DLL Hijacking chaining with DLL Proxying on a target DLL that the onedrive application loads in order to utilize its functions. Setup: Linux environment(Attacker) Python netcat 2. Windows environment(Target) Disabled windows defender Compromised using initial access OneDrive Installed MinGW-w64 compiler Microsoft SysInternals Suite Link to download the…

Overview In this post, we will attempt to perform Shellcode Injection into a separate process. This technique is also known as “Portable Executable Injection” in the MITRE ATT&CK Framework. It falls under the category of “Process injection,” which is a method used to evade defenses. This technique is part of the…

Static Detection Static detection is how AVs analyze files or code without executing them. It involves examining the characteristics, structure, and content of a file to determine whether the file is potentially malicious. In essence, it employs pattern-matching techniques in detection, such as identifying unique strings, CRC checksums, sequences of bytecode/Hex values…

Setup: Linux environment(Attacker) Metasploit Python 2. Windows environment(Target) Disabled windows defender MS Office 1. Developing a Malicious Document (MalDoc): Techniques and Considerations First, we will create a document containing an embedded macro. When the document is opened, the macro will automatically execute, initiating the download of a malicious Meterpreter payload and subsequently executing it.

Hello readers! Welcome to the fourth installment of this series. It’s been a while since I posted. A lot has been happening, which kept me busy and caused delays. My biggest enemy, procrastination, has also played a significant role in the delay of this post. Along with another cute anime…

Welcome back to the 3rd Part of this ongoing Cryptography series. As mentioned earlier, this series is about solving cryptography challenges and providing write-ups and explanations as we counter new concepts and techniques. For curious minds, links are attached for further reading and deep scouting into the concepts. Part 3…

In Part 2, we will cover cryptography challenges from a recent CTF organized by NED Cyber Community. I won’t go into too much detail about the concepts and will try to explain them with as much simplicity as possible and further provide resources for learning. 1. Warmup Description: **final_flag = flag1 +…

I am starting a cryptography blog series, where I will undergo various challenges from different CTFs and learning platforms, providing write ups and resources which help me progress further and build concepts. Part 1 will showcase PicoCTF and its first few cryptography challenges. 1. Mod 26

Careem posted a Job on Linkedin for a position of Offensive Security engineer. Mentioning that the applicants need to crack the code in the given link pasted below, to apply for the job. The link redirects to an image.