VL Shinra Part 3 – Initial Payload Design, Host Enumeration & getting SYSTEM
This is the third video of the Shinra series. We will get a shell on Ashleighs machine & escalate privileges.
18Jan
10Jan
VL Shinra Part 2 – Enumerate, Enumerate, Enumerate!
This is the second video of the Shinra series. Before setting foot onto any of the network's internal machines, we are going to spend a bit of time enumerating various things from our machine
03Nov
Ekoparty 2022 BFS Windows Challenge
In this blog post, we will solve the Windows userland challenge that Blue Frost Security published for Ekoparty 2022.
24Sep
Windows Kernel Exploitation – Arbitrary Memory Mapping (x64)
In this post, we will develop an exploit for the HW driver. I picked this one because I looked for some real-life target to practice on and saw a post by Avast that mentioned vulnerabilities in an old version of this driver (Version 4.8.2 from 2015), that was used as...
17Sep
SQLi, LFI to RCE and Unintended Privesc via XAMLX & Impersonation – StreamIO @ HackTheBox
Video & additional notes for StreamIO, a medium difficulty Windows machine on HackTheBox that involves manual MSSQL Injection, going from file inclusion to RCE and in this case getting the SeImpersonate privilege back to get SYSTEM via an EFS-based potato.
27Aug
Resource-Based Constrained Delegation – Resourced @ PG-Practice
Video & additional notes for Resourced, an intermediate difficulty Windows machine on PG-Practice that involves password spraying and an RBCD attack.
16Jul
Active Directory, JEA & Random Stuff – Acute @ HackTheBox
Acute is a 40-point Active Directory Windows machine on HackTheBox. I'm going to use it to show some techniques which can be useful in other scenarios and keep it short on the things that are not that important.
14Jul
Windows Kernel Exploitation – HEVD x64 Use-After-Free
This part will look at a Use-After-Free vulnerability in HEVD on Windows 11 x64.
10Jul
Windows Kernel Exploitation – HEVD x64 Type Confusion
In the last post, we looked at a Stack Overflow in HEVD on Windows 11 x64, now are going to continue with a Type Confusion Vulnerability.
02Jul
Windows Kernel Exploitation – HEVD x64 Stack Overflow
After setting up our debugging environment, we will look at HEVD for a few posts before diving into real-world scenarios. HEVD is an awesome, intentionally vulnerable driver by HackSysTeam that allows exploiting a lot of different kernel vulnerability types. I think this one is great to get started because...