Create your own Netcat using Python
Update: 11/4/2024
tags
- elevationstation 9
- 2024 9
- Shellcoding 7
- x64 7
- x64dbg 7
- nasm 7
- assembly 7
- debugging 7
- red team 6
- privilege escalation 6
- malware 5
- escalation 4
- win32api 4
- privesc 4
- getsystem 4
- metasploit 4
- psexec 3
- elk 3
- elastic 3
- kibana 3
- logstash 3
- filebeats 3
- threat hunting 3
- blue team 3
- winlogbeat 3
- sysmon 3
- bitwise 2
- encoding 2
- author 1
- personal 1
- Introductions 1
- dll injection 1
- hashdump 1
- thumbdrive 1
- SAM 1
- SECURITY 1
- SYSTEM 1
- registry hive 1
- xor 1
- shift right 1
- shift left 1
- and 1
- or 1
- encryption 1
- shellcode 1
- sockets 1
- threading 1
- netcat 1
- server 1
- python 1
- client 1
- AV 1
- EDR 1
- EDR bypass 1
- AV bypass 1
- jscript 1
- wscript 1
- cscript 1
- obfuscate 1
- XOR 1
- NTLMv2 1
- hashes 1
- Responder 1
- Outlook 1
- foothold 1
- smb 1
- llmnr 1
- mdns 1
- nbns 1
- UAC Bypass 1
- Windows 11 1
- ctfmon 1
- UI Access 1
- token manipulation 1
- MSI 1
- symlink 1
- arbitrary write 1
- CVE-2024-50804 1
elevationstation
How to use Bitwise Arithmetic Shift Right Encoding with your Shellcode
You have likely seen various forms of shellcode encoders in use via your favorite C2 toolkit. I’m oldschool and started my shellcode encoding experience usi...
Detecting SAM registry hive dumps using Elastic!
You guys know what time it is? IT’S GO TIME! Time to dive in and learn how to detect a red teamer trying to grab your local SAM hashes from the registry.
Sending Sysmon Logs to Elastic ELK stack
Let’s pickup where we left off. If you haven’t done so already, please do check out the previous writeup on how to setup Elastic Stack, Logstash, and Kibana...
Installing Elastic Stack (ELK) from Scratch
Hey there red team….I mean BLUE TEAM cadet 😅 I don’t just focus on red team stuff you know…and it’s been long overdue that I do a writeup on not just red t...
ElevationStation - A walk through the development process [Finale/Wrapping things up]
Hello again cyber amigos! It’s time to draw our talk of ElevationStation to a close, well…at least this portion of Elevation Station. Stay tuned in the nea...
ElevationStation - A walk through the development process [PART 3]
Hey, we made it to part 3 already! Glad you are still hanging around and hopefully this part is as insightful and exciting to you as it was for me…er…I get ...
ElevationStation - A walk through the development process [PART 2]
Hello again Infosec enthusiasts! Last time we talked, we discussed enabling token privileges for our current process so we can remotely access other processe...
ElevationStation - A walk through the development process [PART 1]
Hello Infosec enthusiasts! I want to finally provide a detailed overview of the concepts and functionality behind elevationstation. This tool came about fro...
2024
x64 Assembly & Shellcoding 101 - Conclusion
Well it’s been a fun ride, but we’ve reached our destination. 🚗 Time to wrap things up with our Assembly and Shellcoding 101 course and move on to the next e...
Arbitrary Write Privilege Escalation - CVE-2024-50804
This writeup provides an overview of the recently discovered arbitrary write vulnerability in the MSI Center Pro 2.1.37.0 software for MSI branded machines. ...
x64 Assembly & Shellcoding 101 - Part 6
Today is reverse shell day! I’m sure most of you were hoping we’d eventually be able to discuss writing a reverse shell using x64 assembly, and today just s...
x64 Assembly & Shellcoding 101 - Part 5
Well, you will all be happy to know I’m finally keeping my word and doing what I promised early on in the series…We’re going to do the following today:
x64 Assembly & Shellcoding 101 - Part 4
Hey all! This will be a shorter post today, so I’ll get right to it. Let’s talk shellcode basic encoding functionality built in to x64 assembly instruction...
x64 Assembly & Shellcoding 101 - Part 3
Now is the time for the expected continuation of part 1 of this blog series, where we clean up our code and remove those NULLs. In this way, we’ll be able t...
x64 Assembly & Shellcoding 101 - Part 2
Okay, I lied 😄 I thought I’d use part 2 to discuss removing NULL bytes, and that’s going to happen I promise! But I had some good feedback from the first p...
x64 Assembly & Shellcoding 101
I have admittedly scoured the internet looking for examples of basic x64 shellcode development and have not had much luck. So many tutorials and lessons see...
Creative UAC Bypass Methods for the Modern Era
It’s been almost a year since my last post, and during that time I have acquired a strong interest in revisiting privilege escalation techniques for the mode...
Shellcoding
x64 Assembly & Shellcoding 101 - Conclusion
Well it’s been a fun ride, but we’ve reached our destination. 🚗 Time to wrap things up with our Assembly and Shellcoding 101 course and move on to the next e...
x64 Assembly & Shellcoding 101 - Part 6
Today is reverse shell day! I’m sure most of you were hoping we’d eventually be able to discuss writing a reverse shell using x64 assembly, and today just s...
x64 Assembly & Shellcoding 101 - Part 5
Well, you will all be happy to know I’m finally keeping my word and doing what I promised early on in the series…We’re going to do the following today:
x64 Assembly & Shellcoding 101 - Part 4
Hey all! This will be a shorter post today, so I’ll get right to it. Let’s talk shellcode basic encoding functionality built in to x64 assembly instruction...
x64 Assembly & Shellcoding 101 - Part 3
Now is the time for the expected continuation of part 1 of this blog series, where we clean up our code and remove those NULLs. In this way, we’ll be able t...
x64 Assembly & Shellcoding 101 - Part 2
Okay, I lied 😄 I thought I’d use part 2 to discuss removing NULL bytes, and that’s going to happen I promise! But I had some good feedback from the first p...
x64 Assembly & Shellcoding 101
I have admittedly scoured the internet looking for examples of basic x64 shellcode development and have not had much luck. So many tutorials and lessons see...
x64
x64 Assembly & Shellcoding 101 - Conclusion
Well it’s been a fun ride, but we’ve reached our destination. 🚗 Time to wrap things up with our Assembly and Shellcoding 101 course and move on to the next e...
x64 Assembly & Shellcoding 101 - Part 6
Today is reverse shell day! I’m sure most of you were hoping we’d eventually be able to discuss writing a reverse shell using x64 assembly, and today just s...
x64 Assembly & Shellcoding 101 - Part 5
Well, you will all be happy to know I’m finally keeping my word and doing what I promised early on in the series…We’re going to do the following today:
x64 Assembly & Shellcoding 101 - Part 4
Hey all! This will be a shorter post today, so I’ll get right to it. Let’s talk shellcode basic encoding functionality built in to x64 assembly instruction...
x64 Assembly & Shellcoding 101 - Part 3
Now is the time for the expected continuation of part 1 of this blog series, where we clean up our code and remove those NULLs. In this way, we’ll be able t...
x64 Assembly & Shellcoding 101 - Part 2
Okay, I lied 😄 I thought I’d use part 2 to discuss removing NULL bytes, and that’s going to happen I promise! But I had some good feedback from the first p...
x64 Assembly & Shellcoding 101
I have admittedly scoured the internet looking for examples of basic x64 shellcode development and have not had much luck. So many tutorials and lessons see...
x64dbg
x64 Assembly & Shellcoding 101 - Conclusion
Well it’s been a fun ride, but we’ve reached our destination. 🚗 Time to wrap things up with our Assembly and Shellcoding 101 course and move on to the next e...
x64 Assembly & Shellcoding 101 - Part 6
Today is reverse shell day! I’m sure most of you were hoping we’d eventually be able to discuss writing a reverse shell using x64 assembly, and today just s...
x64 Assembly & Shellcoding 101 - Part 5
Well, you will all be happy to know I’m finally keeping my word and doing what I promised early on in the series…We’re going to do the following today:
x64 Assembly & Shellcoding 101 - Part 4
Hey all! This will be a shorter post today, so I’ll get right to it. Let’s talk shellcode basic encoding functionality built in to x64 assembly instruction...
x64 Assembly & Shellcoding 101 - Part 3
Now is the time for the expected continuation of part 1 of this blog series, where we clean up our code and remove those NULLs. In this way, we’ll be able t...
x64 Assembly & Shellcoding 101 - Part 2
Okay, I lied 😄 I thought I’d use part 2 to discuss removing NULL bytes, and that’s going to happen I promise! But I had some good feedback from the first p...
x64 Assembly & Shellcoding 101
I have admittedly scoured the internet looking for examples of basic x64 shellcode development and have not had much luck. So many tutorials and lessons see...
nasm
x64 Assembly & Shellcoding 101 - Conclusion
Well it’s been a fun ride, but we’ve reached our destination. 🚗 Time to wrap things up with our Assembly and Shellcoding 101 course and move on to the next e...
x64 Assembly & Shellcoding 101 - Part 6
Today is reverse shell day! I’m sure most of you were hoping we’d eventually be able to discuss writing a reverse shell using x64 assembly, and today just s...
x64 Assembly & Shellcoding 101 - Part 5
Well, you will all be happy to know I’m finally keeping my word and doing what I promised early on in the series…We’re going to do the following today:
x64 Assembly & Shellcoding 101 - Part 4
Hey all! This will be a shorter post today, so I’ll get right to it. Let’s talk shellcode basic encoding functionality built in to x64 assembly instruction...
x64 Assembly & Shellcoding 101 - Part 3
Now is the time for the expected continuation of part 1 of this blog series, where we clean up our code and remove those NULLs. In this way, we’ll be able t...
x64 Assembly & Shellcoding 101 - Part 2
Okay, I lied 😄 I thought I’d use part 2 to discuss removing NULL bytes, and that’s going to happen I promise! But I had some good feedback from the first p...
x64 Assembly & Shellcoding 101
I have admittedly scoured the internet looking for examples of basic x64 shellcode development and have not had much luck. So many tutorials and lessons see...
assembly
x64 Assembly & Shellcoding 101 - Conclusion
Well it’s been a fun ride, but we’ve reached our destination. 🚗 Time to wrap things up with our Assembly and Shellcoding 101 course and move on to the next e...
x64 Assembly & Shellcoding 101 - Part 6
Today is reverse shell day! I’m sure most of you were hoping we’d eventually be able to discuss writing a reverse shell using x64 assembly, and today just s...
x64 Assembly & Shellcoding 101 - Part 5
Well, you will all be happy to know I’m finally keeping my word and doing what I promised early on in the series…We’re going to do the following today:
x64 Assembly & Shellcoding 101 - Part 4
Hey all! This will be a shorter post today, so I’ll get right to it. Let’s talk shellcode basic encoding functionality built in to x64 assembly instruction...
x64 Assembly & Shellcoding 101 - Part 3
Now is the time for the expected continuation of part 1 of this blog series, where we clean up our code and remove those NULLs. In this way, we’ll be able t...
x64 Assembly & Shellcoding 101 - Part 2
Okay, I lied 😄 I thought I’d use part 2 to discuss removing NULL bytes, and that’s going to happen I promise! But I had some good feedback from the first p...
x64 Assembly & Shellcoding 101
I have admittedly scoured the internet looking for examples of basic x64 shellcode development and have not had much luck. So many tutorials and lessons see...
debugging
x64 Assembly & Shellcoding 101 - Conclusion
Well it’s been a fun ride, but we’ve reached our destination. 🚗 Time to wrap things up with our Assembly and Shellcoding 101 course and move on to the next e...
x64 Assembly & Shellcoding 101 - Part 6
Today is reverse shell day! I’m sure most of you were hoping we’d eventually be able to discuss writing a reverse shell using x64 assembly, and today just s...
x64 Assembly & Shellcoding 101 - Part 5
Well, you will all be happy to know I’m finally keeping my word and doing what I promised early on in the series…We’re going to do the following today:
x64 Assembly & Shellcoding 101 - Part 4
Hey all! This will be a shorter post today, so I’ll get right to it. Let’s talk shellcode basic encoding functionality built in to x64 assembly instruction...
x64 Assembly & Shellcoding 101 - Part 3
Now is the time for the expected continuation of part 1 of this blog series, where we clean up our code and remove those NULLs. In this way, we’ll be able t...
x64 Assembly & Shellcoding 101 - Part 2
Okay, I lied 😄 I thought I’d use part 2 to discuss removing NULL bytes, and that’s going to happen I promise! But I had some good feedback from the first p...
x64 Assembly & Shellcoding 101
I have admittedly scoured the internet looking for examples of basic x64 shellcode development and have not had much luck. So many tutorials and lessons see...
red team
Create your own Netcat using Python
Update: 11/4/2024
How to use Bitwise Arithmetic Shift Right Encoding with your Shellcode
You have likely seen various forms of shellcode encoders in use via your favorite C2 toolkit. I’m oldschool and started my shellcode encoding experience usi...
ElevationStation - A walk through the development process [Finale/Wrapping things up]
Hello again cyber amigos! It’s time to draw our talk of ElevationStation to a close, well…at least this portion of Elevation Station. Stay tuned in the nea...
ElevationStation - A walk through the development process [PART 3]
Hey, we made it to part 3 already! Glad you are still hanging around and hopefully this part is as insightful and exciting to you as it was for me…er…I get ...
ElevationStation - A walk through the development process [PART 2]
Hello again Infosec enthusiasts! Last time we talked, we discussed enabling token privileges for our current process so we can remotely access other processe...
ElevationStation - A walk through the development process [PART 1]
Hello Infosec enthusiasts! I want to finally provide a detailed overview of the concepts and functionality behind elevationstation. This tool came about fro...
privilege escalation
Arbitrary Write Privilege Escalation - CVE-2024-50804
This writeup provides an overview of the recently discovered arbitrary write vulnerability in the MSI Center Pro 2.1.37.0 software for MSI branded machines. ...
Creative UAC Bypass Methods for the Modern Era
It’s been almost a year since my last post, and during that time I have acquired a strong interest in revisiting privilege escalation techniques for the mode...
ElevationStation - A walk through the development process [Finale/Wrapping things up]
Hello again cyber amigos! It’s time to draw our talk of ElevationStation to a close, well…at least this portion of Elevation Station. Stay tuned in the nea...
ElevationStation - A walk through the development process [PART 3]
Hey, we made it to part 3 already! Glad you are still hanging around and hopefully this part is as insightful and exciting to you as it was for me…er…I get ...
ElevationStation - A walk through the development process [PART 2]
Hello again Infosec enthusiasts! Last time we talked, we discussed enabling token privileges for our current process so we can remotely access other processe...
ElevationStation - A walk through the development process [PART 1]
Hello Infosec enthusiasts! I want to finally provide a detailed overview of the concepts and functionality behind elevationstation. This tool came about fro...
malware
Malware EDR Evasion Techniques
Yo, how’s it going everyone. Sorry it’s been a while since my last post. Fear not, I’m geared up and ready to dive in to a full discussion on Malware evasi...
ElevationStation - A walk through the development process [Finale/Wrapping things up]
Hello again cyber amigos! It’s time to draw our talk of ElevationStation to a close, well…at least this portion of Elevation Station. Stay tuned in the nea...
ElevationStation - A walk through the development process [PART 3]
Hey, we made it to part 3 already! Glad you are still hanging around and hopefully this part is as insightful and exciting to you as it was for me…er…I get ...
ElevationStation - A walk through the development process [PART 2]
Hello again Infosec enthusiasts! Last time we talked, we discussed enabling token privileges for our current process so we can remotely access other processe...
ElevationStation - A walk through the development process [PART 1]
Hello Infosec enthusiasts! I want to finally provide a detailed overview of the concepts and functionality behind elevationstation. This tool came about fro...
escalation
ElevationStation - A walk through the development process [Finale/Wrapping things up]
Hello again cyber amigos! It’s time to draw our talk of ElevationStation to a close, well…at least this portion of Elevation Station. Stay tuned in the nea...
ElevationStation - A walk through the development process [PART 3]
Hey, we made it to part 3 already! Glad you are still hanging around and hopefully this part is as insightful and exciting to you as it was for me…er…I get ...
ElevationStation - A walk through the development process [PART 2]
Hello again Infosec enthusiasts! Last time we talked, we discussed enabling token privileges for our current process so we can remotely access other processe...
ElevationStation - A walk through the development process [PART 1]
Hello Infosec enthusiasts! I want to finally provide a detailed overview of the concepts and functionality behind elevationstation. This tool came about fro...
win32api
ElevationStation - A walk through the development process [Finale/Wrapping things up]
Hello again cyber amigos! It’s time to draw our talk of ElevationStation to a close, well…at least this portion of Elevation Station. Stay tuned in the nea...
ElevationStation - A walk through the development process [PART 3]
Hey, we made it to part 3 already! Glad you are still hanging around and hopefully this part is as insightful and exciting to you as it was for me…er…I get ...
ElevationStation - A walk through the development process [PART 2]
Hello again Infosec enthusiasts! Last time we talked, we discussed enabling token privileges for our current process so we can remotely access other processe...
ElevationStation - A walk through the development process [PART 1]
Hello Infosec enthusiasts! I want to finally provide a detailed overview of the concepts and functionality behind elevationstation. This tool came about fro...
privesc
ElevationStation - A walk through the development process [Finale/Wrapping things up]
Hello again cyber amigos! It’s time to draw our talk of ElevationStation to a close, well…at least this portion of Elevation Station. Stay tuned in the nea...
ElevationStation - A walk through the development process [PART 3]
Hey, we made it to part 3 already! Glad you are still hanging around and hopefully this part is as insightful and exciting to you as it was for me…er…I get ...
ElevationStation - A walk through the development process [PART 2]
Hello again Infosec enthusiasts! Last time we talked, we discussed enabling token privileges for our current process so we can remotely access other processe...
ElevationStation - A walk through the development process [PART 1]
Hello Infosec enthusiasts! I want to finally provide a detailed overview of the concepts and functionality behind elevationstation. This tool came about fro...
getsystem
ElevationStation - A walk through the development process [Finale/Wrapping things up]
Hello again cyber amigos! It’s time to draw our talk of ElevationStation to a close, well…at least this portion of Elevation Station. Stay tuned in the nea...
ElevationStation - A walk through the development process [PART 3]
Hey, we made it to part 3 already! Glad you are still hanging around and hopefully this part is as insightful and exciting to you as it was for me…er…I get ...
ElevationStation - A walk through the development process [PART 2]
Hello again Infosec enthusiasts! Last time we talked, we discussed enabling token privileges for our current process so we can remotely access other processe...
ElevationStation - A walk through the development process [PART 1]
Hello Infosec enthusiasts! I want to finally provide a detailed overview of the concepts and functionality behind elevationstation. This tool came about fro...
metasploit
ElevationStation - A walk through the development process [Finale/Wrapping things up]
Hello again cyber amigos! It’s time to draw our talk of ElevationStation to a close, well…at least this portion of Elevation Station. Stay tuned in the nea...
ElevationStation - A walk through the development process [PART 3]
Hey, we made it to part 3 already! Glad you are still hanging around and hopefully this part is as insightful and exciting to you as it was for me…er…I get ...
ElevationStation - A walk through the development process [PART 2]
Hello again Infosec enthusiasts! Last time we talked, we discussed enabling token privileges for our current process so we can remotely access other processe...
ElevationStation - A walk through the development process [PART 1]
Hello Infosec enthusiasts! I want to finally provide a detailed overview of the concepts and functionality behind elevationstation. This tool came about fro...
psexec
ElevationStation - A walk through the development process [PART 3]
Hey, we made it to part 3 already! Glad you are still hanging around and hopefully this part is as insightful and exciting to you as it was for me…er…I get ...
ElevationStation - A walk through the development process [PART 2]
Hello again Infosec enthusiasts! Last time we talked, we discussed enabling token privileges for our current process so we can remotely access other processe...
ElevationStation - A walk through the development process [PART 1]
Hello Infosec enthusiasts! I want to finally provide a detailed overview of the concepts and functionality behind elevationstation. This tool came about fro...
elk
Detecting SAM registry hive dumps using Elastic!
You guys know what time it is? IT’S GO TIME! Time to dive in and learn how to detect a red teamer trying to grab your local SAM hashes from the registry.
Sending Sysmon Logs to Elastic ELK stack
Let’s pickup where we left off. If you haven’t done so already, please do check out the previous writeup on how to setup Elastic Stack, Logstash, and Kibana...
Installing Elastic Stack (ELK) from Scratch
Hey there red team….I mean BLUE TEAM cadet 😅 I don’t just focus on red team stuff you know…and it’s been long overdue that I do a writeup on not just red t...
elastic
Detecting SAM registry hive dumps using Elastic!
You guys know what time it is? IT’S GO TIME! Time to dive in and learn how to detect a red teamer trying to grab your local SAM hashes from the registry.
Sending Sysmon Logs to Elastic ELK stack
Let’s pickup where we left off. If you haven’t done so already, please do check out the previous writeup on how to setup Elastic Stack, Logstash, and Kibana...
Installing Elastic Stack (ELK) from Scratch
Hey there red team….I mean BLUE TEAM cadet 😅 I don’t just focus on red team stuff you know…and it’s been long overdue that I do a writeup on not just red t...
kibana
Detecting SAM registry hive dumps using Elastic!
You guys know what time it is? IT’S GO TIME! Time to dive in and learn how to detect a red teamer trying to grab your local SAM hashes from the registry.
Sending Sysmon Logs to Elastic ELK stack
Let’s pickup where we left off. If you haven’t done so already, please do check out the previous writeup on how to setup Elastic Stack, Logstash, and Kibana...
Installing Elastic Stack (ELK) from Scratch
Hey there red team….I mean BLUE TEAM cadet 😅 I don’t just focus on red team stuff you know…and it’s been long overdue that I do a writeup on not just red t...
logstash
Detecting SAM registry hive dumps using Elastic!
You guys know what time it is? IT’S GO TIME! Time to dive in and learn how to detect a red teamer trying to grab your local SAM hashes from the registry.
Sending Sysmon Logs to Elastic ELK stack
Let’s pickup where we left off. If you haven’t done so already, please do check out the previous writeup on how to setup Elastic Stack, Logstash, and Kibana...
Installing Elastic Stack (ELK) from Scratch
Hey there red team….I mean BLUE TEAM cadet 😅 I don’t just focus on red team stuff you know…and it’s been long overdue that I do a writeup on not just red t...
filebeats
Detecting SAM registry hive dumps using Elastic!
You guys know what time it is? IT’S GO TIME! Time to dive in and learn how to detect a red teamer trying to grab your local SAM hashes from the registry.
Sending Sysmon Logs to Elastic ELK stack
Let’s pickup where we left off. If you haven’t done so already, please do check out the previous writeup on how to setup Elastic Stack, Logstash, and Kibana...
Installing Elastic Stack (ELK) from Scratch
Hey there red team….I mean BLUE TEAM cadet 😅 I don’t just focus on red team stuff you know…and it’s been long overdue that I do a writeup on not just red t...
threat hunting
Detecting SAM registry hive dumps using Elastic!
You guys know what time it is? IT’S GO TIME! Time to dive in and learn how to detect a red teamer trying to grab your local SAM hashes from the registry.
Sending Sysmon Logs to Elastic ELK stack
Let’s pickup where we left off. If you haven’t done so already, please do check out the previous writeup on how to setup Elastic Stack, Logstash, and Kibana...
Installing Elastic Stack (ELK) from Scratch
Hey there red team….I mean BLUE TEAM cadet 😅 I don’t just focus on red team stuff you know…and it’s been long overdue that I do a writeup on not just red t...
blue team
Detecting SAM registry hive dumps using Elastic!
You guys know what time it is? IT’S GO TIME! Time to dive in and learn how to detect a red teamer trying to grab your local SAM hashes from the registry.
Sending Sysmon Logs to Elastic ELK stack
Let’s pickup where we left off. If you haven’t done so already, please do check out the previous writeup on how to setup Elastic Stack, Logstash, and Kibana...
Installing Elastic Stack (ELK) from Scratch
Hey there red team….I mean BLUE TEAM cadet 😅 I don’t just focus on red team stuff you know…and it’s been long overdue that I do a writeup on not just red t...
winlogbeat
Detecting SAM registry hive dumps using Elastic!
You guys know what time it is? IT’S GO TIME! Time to dive in and learn how to detect a red teamer trying to grab your local SAM hashes from the registry.
Sending Sysmon Logs to Elastic ELK stack
Let’s pickup where we left off. If you haven’t done so already, please do check out the previous writeup on how to setup Elastic Stack, Logstash, and Kibana...
Installing Elastic Stack (ELK) from Scratch
Hey there red team….I mean BLUE TEAM cadet 😅 I don’t just focus on red team stuff you know…and it’s been long overdue that I do a writeup on not just red t...
sysmon
Detecting SAM registry hive dumps using Elastic!
You guys know what time it is? IT’S GO TIME! Time to dive in and learn how to detect a red teamer trying to grab your local SAM hashes from the registry.
Sending Sysmon Logs to Elastic ELK stack
Let’s pickup where we left off. If you haven’t done so already, please do check out the previous writeup on how to setup Elastic Stack, Logstash, and Kibana...
Installing Elastic Stack (ELK) from Scratch
Hey there red team….I mean BLUE TEAM cadet 😅 I don’t just focus on red team stuff you know…and it’s been long overdue that I do a writeup on not just red t...
bitwise
Malware EDR Evasion Techniques
Yo, how’s it going everyone. Sorry it’s been a while since my last post. Fear not, I’m geared up and ready to dive in to a full discussion on Malware evasi...
How to use Bitwise Arithmetic Shift Right Encoding with your Shellcode
You have likely seen various forms of shellcode encoders in use via your favorite C2 toolkit. I’m oldschool and started my shellcode encoding experience usi...
encoding
Malware EDR Evasion Techniques
Yo, how’s it going everyone. Sorry it’s been a while since my last post. Fear not, I’m geared up and ready to dive in to a full discussion on Malware evasi...
How to use Bitwise Arithmetic Shift Right Encoding with your Shellcode
You have likely seen various forms of shellcode encoders in use via your favorite C2 toolkit. I’m oldschool and started my shellcode encoding experience usi...
personal
Introductions
I currently serve in a senior management infosec role. I started out as a network admin, then eventually landed a gig as Senior security analyst. Not long af...
Introductions
Introductions
I currently serve in a senior management infosec role. I started out as a network admin, then eventually landed a gig as Senior security analyst. Not long af...
dll injection
ElevationStation - A walk through the development process [Finale/Wrapping things up]
Hello again cyber amigos! It’s time to draw our talk of ElevationStation to a close, well…at least this portion of Elevation Station. Stay tuned in the nea...
hashdump
Detecting SAM registry hive dumps using Elastic!
You guys know what time it is? IT’S GO TIME! Time to dive in and learn how to detect a red teamer trying to grab your local SAM hashes from the registry.
thumbdrive
Detecting SAM registry hive dumps using Elastic!
You guys know what time it is? IT’S GO TIME! Time to dive in and learn how to detect a red teamer trying to grab your local SAM hashes from the registry.
SAM
Detecting SAM registry hive dumps using Elastic!
You guys know what time it is? IT’S GO TIME! Time to dive in and learn how to detect a red teamer trying to grab your local SAM hashes from the registry.
SECURITY
Detecting SAM registry hive dumps using Elastic!
You guys know what time it is? IT’S GO TIME! Time to dive in and learn how to detect a red teamer trying to grab your local SAM hashes from the registry.
SYSTEM
Detecting SAM registry hive dumps using Elastic!
You guys know what time it is? IT’S GO TIME! Time to dive in and learn how to detect a red teamer trying to grab your local SAM hashes from the registry.
registry hive
Detecting SAM registry hive dumps using Elastic!
You guys know what time it is? IT’S GO TIME! Time to dive in and learn how to detect a red teamer trying to grab your local SAM hashes from the registry.
xor
How to use Bitwise Arithmetic Shift Right Encoding with your Shellcode
You have likely seen various forms of shellcode encoders in use via your favorite C2 toolkit. I’m oldschool and started my shellcode encoding experience usi...
shift right
How to use Bitwise Arithmetic Shift Right Encoding with your Shellcode
You have likely seen various forms of shellcode encoders in use via your favorite C2 toolkit. I’m oldschool and started my shellcode encoding experience usi...
shift left
How to use Bitwise Arithmetic Shift Right Encoding with your Shellcode
You have likely seen various forms of shellcode encoders in use via your favorite C2 toolkit. I’m oldschool and started my shellcode encoding experience usi...
and
How to use Bitwise Arithmetic Shift Right Encoding with your Shellcode
You have likely seen various forms of shellcode encoders in use via your favorite C2 toolkit. I’m oldschool and started my shellcode encoding experience usi...
or
How to use Bitwise Arithmetic Shift Right Encoding with your Shellcode
You have likely seen various forms of shellcode encoders in use via your favorite C2 toolkit. I’m oldschool and started my shellcode encoding experience usi...
encryption
How to use Bitwise Arithmetic Shift Right Encoding with your Shellcode
You have likely seen various forms of shellcode encoders in use via your favorite C2 toolkit. I’m oldschool and started my shellcode encoding experience usi...
shellcode
How to use Bitwise Arithmetic Shift Right Encoding with your Shellcode
You have likely seen various forms of shellcode encoders in use via your favorite C2 toolkit. I’m oldschool and started my shellcode encoding experience usi...
sockets
Create your own Netcat using Python
Update: 11/4/2024
threading
Create your own Netcat using Python
Update: 11/4/2024
netcat
Create your own Netcat using Python
Update: 11/4/2024
server
Create your own Netcat using Python
Update: 11/4/2024
python
Create your own Netcat using Python
Update: 11/4/2024
client
Create your own Netcat using Python
Update: 11/4/2024
AV
Create your own Netcat using Python
Update: 11/4/2024
EDR
Create your own Netcat using Python
Update: 11/4/2024
EDR bypass
Malware EDR Evasion Techniques
Yo, how’s it going everyone. Sorry it’s been a while since my last post. Fear not, I’m geared up and ready to dive in to a full discussion on Malware evasi...
AV bypass
Malware EDR Evasion Techniques
Yo, how’s it going everyone. Sorry it’s been a while since my last post. Fear not, I’m geared up and ready to dive in to a full discussion on Malware evasi...
jscript
Malware EDR Evasion Techniques
Yo, how’s it going everyone. Sorry it’s been a while since my last post. Fear not, I’m geared up and ready to dive in to a full discussion on Malware evasi...
wscript
Malware EDR Evasion Techniques
Yo, how’s it going everyone. Sorry it’s been a while since my last post. Fear not, I’m geared up and ready to dive in to a full discussion on Malware evasi...
cscript
Malware EDR Evasion Techniques
Yo, how’s it going everyone. Sorry it’s been a while since my last post. Fear not, I’m geared up and ready to dive in to a full discussion on Malware evasi...
obfuscate
Malware EDR Evasion Techniques
Yo, how’s it going everyone. Sorry it’s been a while since my last post. Fear not, I’m geared up and ready to dive in to a full discussion on Malware evasi...
XOR
Malware EDR Evasion Techniques
Yo, how’s it going everyone. Sorry it’s been a while since my last post. Fear not, I’m geared up and ready to dive in to a full discussion on Malware evasi...
NTLMv2
Getting that first Foothold - Stealing NTLMv2 hashes with ease
Well it’s already been a month since my last post, and that’s just way to long. Time gets ahead of me these days, especially being as interested in so many ...
hashes
Getting that first Foothold - Stealing NTLMv2 hashes with ease
Well it’s already been a month since my last post, and that’s just way to long. Time gets ahead of me these days, especially being as interested in so many ...
Responder
Getting that first Foothold - Stealing NTLMv2 hashes with ease
Well it’s already been a month since my last post, and that’s just way to long. Time gets ahead of me these days, especially being as interested in so many ...
Outlook
Getting that first Foothold - Stealing NTLMv2 hashes with ease
Well it’s already been a month since my last post, and that’s just way to long. Time gets ahead of me these days, especially being as interested in so many ...
foothold
Getting that first Foothold - Stealing NTLMv2 hashes with ease
Well it’s already been a month since my last post, and that’s just way to long. Time gets ahead of me these days, especially being as interested in so many ...
smb
Getting that first Foothold - Stealing NTLMv2 hashes with ease
Well it’s already been a month since my last post, and that’s just way to long. Time gets ahead of me these days, especially being as interested in so many ...
llmnr
Getting that first Foothold - Stealing NTLMv2 hashes with ease
Well it’s already been a month since my last post, and that’s just way to long. Time gets ahead of me these days, especially being as interested in so many ...
mdns
Getting that first Foothold - Stealing NTLMv2 hashes with ease
Well it’s already been a month since my last post, and that’s just way to long. Time gets ahead of me these days, especially being as interested in so many ...
nbns
Getting that first Foothold - Stealing NTLMv2 hashes with ease
Well it’s already been a month since my last post, and that’s just way to long. Time gets ahead of me these days, especially being as interested in so many ...
UAC Bypass
Creative UAC Bypass Methods for the Modern Era
It’s been almost a year since my last post, and during that time I have acquired a strong interest in revisiting privilege escalation techniques for the mode...
Windows 11
Creative UAC Bypass Methods for the Modern Era
It’s been almost a year since my last post, and during that time I have acquired a strong interest in revisiting privilege escalation techniques for the mode...
ctfmon
Creative UAC Bypass Methods for the Modern Era
It’s been almost a year since my last post, and during that time I have acquired a strong interest in revisiting privilege escalation techniques for the mode...
UI Access
Creative UAC Bypass Methods for the Modern Era
It’s been almost a year since my last post, and during that time I have acquired a strong interest in revisiting privilege escalation techniques for the mode...
token manipulation
Creative UAC Bypass Methods for the Modern Era
It’s been almost a year since my last post, and during that time I have acquired a strong interest in revisiting privilege escalation techniques for the mode...
MSI
Arbitrary Write Privilege Escalation - CVE-2024-50804
This writeup provides an overview of the recently discovered arbitrary write vulnerability in the MSI Center Pro 2.1.37.0 software for MSI branded machines. ...
symlink
Arbitrary Write Privilege Escalation - CVE-2024-50804
This writeup provides an overview of the recently discovered arbitrary write vulnerability in the MSI Center Pro 2.1.37.0 software for MSI branded machines. ...
arbitrary write
Arbitrary Write Privilege Escalation - CVE-2024-50804
This writeup provides an overview of the recently discovered arbitrary write vulnerability in the MSI Center Pro 2.1.37.0 software for MSI branded machines. ...
CVE-2024-50804
Arbitrary Write Privilege Escalation - CVE-2024-50804
This writeup provides an overview of the recently discovered arbitrary write vulnerability in the MSI Center Pro 2.1.37.0 software for MSI branded machines. ...