Linux process hollowing
Sep 07, 2024
Process injection, hollowing and stealth on Linux operating system
Windows explorer restrictions bypasses - filesystem access
Apr 08, 2024
Explaining and bypassing some Windows explorer restrictions.
CVE-2023-40303: unchecked return values of set*id() family functions in GNU inetutils
Aug 14, 2023
GNU inetutils do not check return values of set*id() family functions, leading to potential privilege escalations in binaries such as ftpd or rcpd.
On checking set*id() return values
Jul 26, 2023
If set*id()
syscalls' return values are not checked, it can cause security issues such as privilege escalation.
CVE-2023-38336: Command injection in netkit-rcp
Jul 18, 2023
Netkit-rcp is vulnerable to a command injection in filenames used as copy arguments.
CVE-2023-36631: Circumventing Windows Firewall controls with... Malwarebytes' Windows Firewall Control
Jun 21, 2023
Malwarebytes' software for firewall management let unprivileged users perform administrative firewall actions without access controls allowing for local network rules bypass.
OSINT from images' metadata hosted on websites
Apr 13, 2023
TL;DR; Images hosted by websites contains numerous metadata fields depending on their filetype (JPG, PNG…). These fields include interesting information for reconnaissance purposes such as: names, telephone numbers, email addresses or URLs. Often, website editors do not strip the images hosted on their websites, making leaks of information possible.
Introduction Imagine you are part of a red team and your task is to penetrate inside a company’s perimeter. First, you want to gather intelligence.
...
➦
DMARC Identifier Alignment: relax, don't do it, when you want to go to it
Jan 25, 2023
From subdomain takeover to phishing mails
TL;DR; if you have a subdomain takeover for a given domain, and default DMARC alignment settings, you can create emails that passes SPF and DMARC for phishing purposes. DKIM, however, cannot be passed for the domain but a trick is possible to make emails look more trustworthy.
This post and more are now part of a book I wrote on email security:
Introduction I like Mozilla’s definition of a subdomain takeover:
...
➦
Nmap - detecting the network mapper
Jan 03, 2023
Detecting network scans When we speak about detection, you can often hear “let’s detect attackers' scans”. I believe that sentence is thrown in order to detect intruders on early stages of an attack. However there are a few issues with this mindset as blindly detecting all types of scans made on a security perimeter will drive the SOC crazy with the amount of false positive and legit alerts generated. It will not improve the level of detection you have either because you will not be able to treat all the alerts and may miss the ones revealing the presence of intruders.
...
➦