My adventures in infosec. Pentesting, red teaming and the rest of it.
In this post I present a short piece of PowerShell that helped me find missing patches in a .net application. The target was a thick client where source code was not provided. Almost everything has outdated dependencies and the goal for me is to see if any of them will provide an obvious way to…Keep reading
Back in 2018 I blogged about how java gives a shell for everything, and also how to compile in memory as an AV Evasion technique. Some of these techniques have now been added into gtfo bins, and heroes even integrated them into metasploit. In this post I go through the most recent JDK/JRE and look…Keep reading
Local networks have lots of things on them that we as penetration testers can exploit. In a Windows environment there are often protocols (LLMNR and NBT-NS) which can be easily exploitable. Effectively you are running a man in the middle attack and using that to intercept traffic being sent by users in order to capture…Keep reading
Back in 2018 I wrote a post about finding and exploiting XSS using the new(ish) event handlers in HTML 5. Those techniques paid out recently and I thought I’d write up the situation. Using the lists provided in the earlier post I discovered the application allowed an “SVG” tag. Within that tag it allowed the…Keep reading
I needed to enumerate RDP configurations when nmap, and nessus were not available to me. I found this blog post which described exactly the registry keys required. A bit of poking and so the PowerShell rdp-enum was born: https://github.com/cornerpirate/rdp-enum Does exactly what it says on the tin. Hope it helpsKeep reading
Something went wrong. Please refresh the page and/or try again.