-
Recent Posts
- Shellcode: Windows on ARM64 / AArch64
- Delegated NT DLL
- WOW64 Callback Table (FinFisher)
- Shellcode: Linux on RISC-V 64-Bit
- MiniDumpWriteDump via COM+ Services DLL
- Shellcode: In-Memory Execution of JavaScript, VBScript, JScript and XSL
- Shellcode: In-Memory Execution of DLL
- Shellcode: Loading .NET Assemblies From Memory
- Shellcode: A reverse shell for Linux in C with support for TLS/SSL
- How the L0pht (probably) optimized attack against the LanMan hash.
Category Archives: security
Delegated NT DLL
Introduction redplait and Adam/Hexacorn already documented this in 2017 and 2018 respectively, so it’s not a new discovery. Officially available since RedStone 2 released in April 2017, redplait states it was introduced with insider build 15007 released in January 2017. … Continue reading
Posted in data structures, security, windows
Tagged amd64, ARM64, hacking, internals, shellcode, structures, windows, x64, x86
Leave a comment
WOW64 Callback Table (FinFisher)
Introduction Ken Johnson (otherwise known as Skywing) first talked about the KiUserExceptionDispatcher back in 2007 . Since then, scattered around the internet are various posts talking about it, but for some reason nobody demonstrating how to use it. It’s been … Continue reading
Posted in assembly, data structures, programming, security, windows
Tagged windows, x64, x86
1 Comment
Shellcode: In-Memory Execution of JavaScript, VBScript, JScript and XSL
Introduction A DynaCall() Function for Win32 was published in the August 1998 edition of Dr.Dobbs Journal. The author, Ton Plooy, provided a function in C that allows an interpreted language such as VBScript to call external DLL functions via a … Continue reading
Posted in assembly, programming, security, shellcode, windows
Tagged assembly, javascript, jscript, perl, python, shellcode, vbscript, x86
Leave a comment
Shellcode: In-Memory Execution of DLL
Introduction In March 2002, the infamous group 29A published their sixth e-zine. One of the articles titled In-Memory PE EXE Execution by Z0MBiE demonstrated how to manually load and run a Portable Executable entirely from memory. The InMem client provided … Continue reading
Posted in assembly, injection, programming, security, shellcode, windows
Tagged DLL, EXE, in-memory, x86 assembly
4 Comments
Shellcode: Loading .NET Assemblies From Memory
Introduction The dot net Framework can be found on almost every device running Microsoft Windows. It is popular among professionals involved in both attacking (Red Team) and defending (Blue Team) a Windows-based device. In 2015, the Antimalware Scan Interface (AMSI) … Continue reading
Posted in assembly, encryption, malware, programming, security, shellcode, windows
Tagged .net, c++, donut, dotnet, jscript, powershell, vbscript
2 Comments
How the L0pht (probably) optimized attack against the LanMan hash.
Introduction Data Encryption Standard The LanMan Algorithm Brute Force Attack Version 1 Precomputing Key Schedules 1 Version 2 Using Macros For The Key Schedule Algorithm Initial and Final Permutation Skipping Rounds Version 3 Precomputing Key Schedules 2 Version 4 Results … Continue reading
Posted in cryptography, passwords, programming, security, windows
Tagged crypto, lanman, microsoft, password cracking, windows
1 Comment
modexp 