Clik here to view.
Comodo AV and Sandbox bypass
Actually I think that Comodo’s sandbox approach is very good. You take any unknown binaries and automatically distrust them and place them into sandbox. Thus if we for example bypass its Antivirus...
View ArticleClik here to view.
圖勝萬言
A little video update on the Comodo sandbox bypass. More Abracadabra added for special effects, starring Matt A. Sploit and comrade Viktor. * One picture is worth more than ten thousand words. –...
View ArticleClik here to view.
Executable Ascii files pt. 2
Here is something very old, but still very cool. Attached are txt files that when saved as com (16bit MS DOS binary executables) will run. Pure magic. It works in DOS, Win9x, Win2k and WinXP SP3. In...
View ArticleClik here to view.
Fun with msv1_0.dll in Windows 7 SP1 64bit
Recently I was able to look at the 64bit version of Windows 7 and check the MsvpPasswordValidate within the ms1_0.dll to see if it is possible to NOP the TRUE/FALSE RtlCompareMemory function when we...
View ArticleClik here to view.
Fun with msv1_0.dll in Windows 8 64bit
I’ve always wondered what this logo reminds me of…wait it was an old Greek state flag from 1822 – 1969 The colors were used in the Greek revolution when they fought the Ottoman Empire. OK, now we...
View ArticleClik here to view.
Numerology of 32 and 64
Oh boy, I just love numbers and all sorts of combinations. It creates a never-ending space of possibilities and meanings. Take anything and you can always relate to numbers in one way or the other....
View ArticleClik here to view.
Lets remember some people ….
People forget, lets go back and bring back some truly random thoughts These people came from different nationalities, religions and classes for fighting for what is right knows not of race, color or...
View ArticleClik here to view.
Hacking Ubuntu 12.04 LTS using Metasploit
This was a particularly fun exercise and I decided to share the details as well as the scripts that I’ve created and modified from various sources. First of all, there are very few articles describing...
View ArticleClik here to view.
Hacking OSX using Metasploit
OK, the next interesting exercise was with OSX. I dont have a powerful machine to run the latest Mountain Lion, but rather I have used the Snow Leopard 10.6.2 These findings are not new, main idea was...
View ArticleClik here to view.
Protected: DEP FUD executable generator for Metasploit
This post is password protected. You must visit the website and enter the password to continue reading.
View ArticleClik here to view.
Dark side of the …. ?
A prism can be used to break light up into its constituent spectral colors (the colors of the rainbow). Prisms can also be used to reflect light, or to split light into components with different...
View ArticleClik here to view.
Windows equivalent of rm -rf /
For todays exercise I have created a scenario where the target Windows system needs to be nuked after a successful compromise so that it cannot boot back to windows. Being a Linux user I have always...
View ArticleClik here to view.
Unicorn 2 C source generator
There is an excellent python script out made available by David Kennedy called the Unicorn; a simple python script that does PowerShell downgrade attack and inject shellcode straight into memory. The...
View ArticleClik here to view.
Windows 8.1 64bit msv1_0.dll patch update
Recently Microsoft has issued a Consumer Preview for public download of Windows 8.1. I have gone through the msv1_0.dll file to look for the msvppasswordvalidate function in the dll and patch the...
View ArticleClik here to view.
Looting LiveCDs for fun and profit
Recently I ran into a need to run a good native Antivirus software on one of my linux boxes (Debian amd64). There are many available options, but I have always liked F-Secure and its products for some...
View ArticleClik here to view.
Looting LiveCDs part 2.
Another great LiveCD is one from Kaspersky Labs called Kaspersky Rescue Disk 10 downloadable from here : rescuedisk.kaspersky-labs.com/rescuedisk/updatable/kav_rescue_10.iso It is a powerful antivirus...
View ArticleClik here to view.
Dll hijacking reloaded
Well, this issue has been discussed many times already dating a few years back. A good description on this was originally published by HD Moore here :...
View ArticleClik here to view.
Grsecurity/PAX hardened Kernel
While playing around with all those meterpreter binary payloads on Linux either in virtual environment or on a live system an important question comes to mind, how to prevent this from executing on my...
View ArticleClik here to view.
Customizing custom Meterpreter loader
This sounds crazy, but I have thought of improving a little an already well made code for meterpreter-loader for Windows targets. Based on the work from Raphael Mudge I have decided to create a little...
View ArticleClik here to view.
ExE ASCII
A quick post here. I have already written a Teensy loader for this, and thought somebody might enjoy it without the device. So I decided to fill in a gap while all this craziness about BadBios is...
View Article