x64 Assembly & Shellcoding 101 - Conclusion
Well it’s been a fun ride, but we’ve reached our destination. 🚗 Time to wrap things up with our Assembly and Shellcoding 101 course and move on to the next e...
categories
- Shellcoding 7
- Assembly 7
- Debugging 7
- privilege escalation 4
- Threat Hunting 3
- C2 3
- Python 3
- Aboutme 1
- Encoding 1
- Sockets 1
- EDR Bypass 1
- NTLMv2 hashes 1
- Privilege Escalation 1
- CVE 1
- MSI 1
Shellcoding
x64 Assembly & Shellcoding 101 - Part 6
Today is reverse shell day! I’m sure most of you were hoping we’d eventually be able to discuss writing a reverse shell using x64 assembly, and today just s...
x64 Assembly & Shellcoding 101 - Part 5
Well, you will all be happy to know I’m finally keeping my word and doing what I promised early on in the series…We’re going to do the following today:
x64 Assembly & Shellcoding 101 - Part 4
Hey all! This will be a shorter post today, so I’ll get right to it. Let’s talk shellcode basic encoding functionality built in to x64 assembly instruction...
x64 Assembly & Shellcoding 101 - Part 3
Now is the time for the expected continuation of part 1 of this blog series, where we clean up our code and remove those NULLs. In this way, we’ll be able t...
x64 Assembly & Shellcoding 101 - Part 2
Okay, I lied 😄 I thought I’d use part 2 to discuss removing NULL bytes, and that’s going to happen I promise! But I had some good feedback from the first p...
x64 Assembly & Shellcoding 101
I have admittedly scoured the internet looking for examples of basic x64 shellcode development and have not had much luck. So many tutorials and lessons see...
Assembly
x64 Assembly & Shellcoding 101 - Conclusion
Well it’s been a fun ride, but we’ve reached our destination. 🚗 Time to wrap things up with our Assembly and Shellcoding 101 course and move on to the next e...
x64 Assembly & Shellcoding 101 - Part 6
Today is reverse shell day! I’m sure most of you were hoping we’d eventually be able to discuss writing a reverse shell using x64 assembly, and today just s...
x64 Assembly & Shellcoding 101 - Part 5
Well, you will all be happy to know I’m finally keeping my word and doing what I promised early on in the series…We’re going to do the following today:
x64 Assembly & Shellcoding 101 - Part 4
Hey all! This will be a shorter post today, so I’ll get right to it. Let’s talk shellcode basic encoding functionality built in to x64 assembly instruction...
x64 Assembly & Shellcoding 101 - Part 3
Now is the time for the expected continuation of part 1 of this blog series, where we clean up our code and remove those NULLs. In this way, we’ll be able t...
x64 Assembly & Shellcoding 101 - Part 2
Okay, I lied 😄 I thought I’d use part 2 to discuss removing NULL bytes, and that’s going to happen I promise! But I had some good feedback from the first p...
x64 Assembly & Shellcoding 101
I have admittedly scoured the internet looking for examples of basic x64 shellcode development and have not had much luck. So many tutorials and lessons see...
Debugging
x64 Assembly & Shellcoding 101 - Conclusion
Well it’s been a fun ride, but we’ve reached our destination. 🚗 Time to wrap things up with our Assembly and Shellcoding 101 course and move on to the next e...
x64 Assembly & Shellcoding 101 - Part 6
Today is reverse shell day! I’m sure most of you were hoping we’d eventually be able to discuss writing a reverse shell using x64 assembly, and today just s...
x64 Assembly & Shellcoding 101 - Part 5
Well, you will all be happy to know I’m finally keeping my word and doing what I promised early on in the series…We’re going to do the following today:
x64 Assembly & Shellcoding 101 - Part 4
Hey all! This will be a shorter post today, so I’ll get right to it. Let’s talk shellcode basic encoding functionality built in to x64 assembly instruction...
x64 Assembly & Shellcoding 101 - Part 3
Now is the time for the expected continuation of part 1 of this blog series, where we clean up our code and remove those NULLs. In this way, we’ll be able t...
x64 Assembly & Shellcoding 101 - Part 2
Okay, I lied 😄 I thought I’d use part 2 to discuss removing NULL bytes, and that’s going to happen I promise! But I had some good feedback from the first p...
x64 Assembly & Shellcoding 101
I have admittedly scoured the internet looking for examples of basic x64 shellcode development and have not had much luck. So many tutorials and lessons see...
privilege escalation
ElevationStation - A walk through the development process [Finale/Wrapping things up]
Hello again cyber amigos! It’s time to draw our talk of ElevationStation to a close, well…at least this portion of Elevation Station. Stay tuned in the nea...
ElevationStation - A walk through the development process [PART 3]
Hey, we made it to part 3 already! Glad you are still hanging around and hopefully this part is as insightful and exciting to you as it was for me…er…I get ...
ElevationStation - A walk through the development process [PART 2]
Hello again Infosec enthusiasts! Last time we talked, we discussed enabling token privileges for our current process so we can remotely access other processe...
ElevationStation - A walk through the development process [PART 1]
Hello Infosec enthusiasts! I want to finally provide a detailed overview of the concepts and functionality behind elevationstation. This tool came about fro...
Threat Hunting
Detecting SAM registry hive dumps using Elastic!
You guys know what time it is? IT’S GO TIME! Time to dive in and learn how to detect a red teamer trying to grab your local SAM hashes from the registry.
Sending Sysmon Logs to Elastic ELK stack
Let’s pickup where we left off. If you haven’t done so already, please do check out the previous writeup on how to setup Elastic Stack, Logstash, and Kibana...
Installing Elastic Stack (ELK) from Scratch
Hey there red team….I mean BLUE TEAM cadet 😅 I don’t just focus on red team stuff you know…and it’s been long overdue that I do a writeup on not just red t...
C2
Create your own C2 using Python- Part 3
Twas 5 days before Christmas, and all through the night. Not a sound was heard, because we bypassed EDR with no alerts in sight! 🎅
Create your own C2 using Python- Part 2
Hey everyone! Welcome to Part 2 of the Create your own C2 series. You have likely learned by now this is not going to be some crazy beefed out C2. My main...
Create your own C2 using Python- Part 1
Back in days of my adolescence, I was fascinated with all things Metasploit. I was a ripe old teenager when Metasploit first came out, and I was enamored by...
Python
Create your own C2 using Python- Part 3
Twas 5 days before Christmas, and all through the night. Not a sound was heard, because we bypassed EDR with no alerts in sight! 🎅
Create your own C2 using Python- Part 2
Hey everyone! Welcome to Part 2 of the Create your own C2 series. You have likely learned by now this is not going to be some crazy beefed out C2. My main...
Create your own C2 using Python- Part 1
Back in days of my adolescence, I was fascinated with all things Metasploit. I was a ripe old teenager when Metasploit first came out, and I was enamored by...
Aboutme
Introductions
I currently serve in a senior management infosec role. I started out as a network admin, then eventually landed a gig as Senior security analyst. Not long af...
Encoding
How to use Bitwise Arithmetic Shift Right Encoding with your Shellcode
You have likely seen various forms of shellcode encoders in use via your favorite C2 toolkit. I’m oldschool and started my shellcode encoding experience usi...
Sockets
Create your own Netcat using Python
Update: 11/4/2024
EDR Bypass
Malware EDR Evasion Techniques
Yo, how’s it going everyone. Sorry it’s been a while since my last post. Fear not, I’m geared up and ready to dive in to a full discussion on Malware evasi...
NTLMv2 hashes
Getting that first Foothold - Stealing NTLMv2 hashes with ease
Well it’s already been a month since my last post, and that’s just way to long. Time gets ahead of me these days, especially being as interested in so many ...
Privilege Escalation
Creative UAC Bypass Methods for the Modern Era
It’s been almost a year since my last post, and during that time I have acquired a strong interest in revisiting privilege escalation techniques for the mode...
CVE
Arbitrary Write Privilege Escalation - CVE-2024-50804
This writeup provides an overview of the recently discovered arbitrary write vulnerability in the MSI Center Pro 2.1.37.0 software for MSI branded machines. ...
MSI
Arbitrary Write Privilege Escalation - CVE-2024-50804
This writeup provides an overview of the recently discovered arbitrary write vulnerability in the MSI Center Pro 2.1.37.0 software for MSI branded machines. ...