My previous post covers walking the PEB using VBA within a x32 version of Microsoft Office. Upon reflection, I realised that my previous post could be more detailed so I thought I’d address the x64 version and try and cover some of the bits I left out. For anyone who wants a little more backgroundContinue reading Walking the PEB with VBA x64
A few months back I wrote a post about some work my colleague and I did about patching AMSI with VBA. Whilst AMSI bypasses aren’t new, we put a little twist on it by dynamically calculating the address in memory which needed patching, at that point, I also hadn’t seen a working example in VBA.Continue reading Walking the PEB with VBA
After an excellent training course run by MDSec which I attended at 44con last week I decided that I wanted to dig into some known techniques and look at what’s going on under the hood to make sure I understand them better. One of these techniques, whilst being far from new and having already beenContinue reading User Account Control & odbcad32.exe
By Richard Davy (@rd_pentest) & Gary Nield (@Monobehaviour) As most Pentesters know, Windows Defender is installed by default on Windows 10 and all new versions of Windows Server. During an engagement this can sometimes be frustrating, when wanting to obtain access to a remote machine, especially during a Phishing engagement. There are multiple AMSI bypassesContinue reading Dynamic Microsoft Office 365 AMSI In Memory Bypass Using VBA
A few months ago we got a dog and like most dog owners we were interested in what our little pooch gets up to when we’re not around so ended up buying a camera to keep an eye on it. After having a quick scan of the internet I ended up buying the camera below.Continue reading Where UART thou?
I decided that I’d have a go at writing a Metasploit module as it’s been a while since I’ve programmed anything in Ruby. When writing the python script which I previously posted, I created an odt file and then just added the modified content.xml file. Doing this in Metasploit and Ruby proved more challenging andContinue reading Malicious ODT File Generator Metasploit Module
Over the past couple of weeks I’ve read a number of articles both in and out of the IT Security field and also attended talks which discuss Imposter Syndrome and the impact which it has had on the individuals giving the talks. Imposter Syndrome is a term which was coined in 1978 by clinical psychologistsContinue reading Imposter Syndrome
CVE-2018-10583 https://www.exploit-db.com/exploits/44564/ A couple of days ago a piece of research was published by Check Point showing how NTLM hashes can be leaked via PDF files with no user interaction or exploitation. Their work was following on from recent discoveries that MS Outlook using OLE can be used to steal credentials also. Now Microsoft doContinue reading NTLM Credential Theft via malicious ODT Files