How I Leveraged WMI to Enumerate a Process Modules and Their Base Addresses

Introduction In this blog post, using WMI we’ll leverage Windows Management Instrumentation (WMI) to extract the loaded modules of a specific process and understand how to get each module base address, show the advantages and the ability to perform ShellCode injection in .text section directly using a technique shared before by Netero1010 Security Lab Advantages … Read more

Navigating Embedded Payload Extraction from RDP Files – Defence evasion

Introduction This blog post will explore how to embed malicious payload into the RDP configuration file. By leveraging the innate properties of the file extensions and specific RDP configuration parameters, I have successfully injected malicious content without impeding the file’s intended functionality. Today’s topic delves into the technical details of this defense evasion technique and … Read more

Abuse Cloudflare Zerotrust for C2 channels

What is Zero Trust Security? Zero Trust security is an IT security model that requires strict identity verification for every person and device trying to access resources on a private network, regardless of whether they are sitting within or outside of the network perimeter. ZTNA is the main technology associated with Zero Trust architecture, but Zero Trust is a holistic … Read more

MalewareBytes Support tool – SAM hash dump?

Malwarebytes provides a support tool that automatically repairs and fixes software issues and broken configurations, that’s actually common for anti-malware software to assist their customers to do that. after navigation into HelpCenter inside the Malwarebytes interface, you need to download the software package which will do self-extraction and requires elevated permission to continue running. since … Read more

Follina – CVE-2022-30190 RTF

Intro a recent code execution vulnerability targeting office365 using unpatched vulnerability which allows client-side command execution via ms-msdt protocol. the first appearance of wild exploitation comes from the submitted sample over Virus- total. according to Microsoft security response center announcement, An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of … Read more

Mortar Loader v2

https://github.com/0xsp-SRD/mortar Words to say I released the Mortar loader a couple of months ago, and it was good results in defeating and diverting advanced AV(anti-virus) solutions. However, even after many vendors pushed some updates to detect the loader, it was easy to compile an undetectable version by changing some code lines.,And here I am pointing … Read more