Using SSL Certificates for Red Team PayloadsThis idea came out when I was musing about giving the blue team something different to look at. In a stock or minimal Linux box, there…Nov 12, 2023Nov 12, 2023
Understanding TCCTCC (Transparency, Consent and Control), is built into MacOS as a means to protect sensitive user data from access by applications. The…Jul 11, 2023Jul 11, 2023
Phishing with Evilginx2Evilginx 2 is this super cool proxy framework that helps hardworking red teamers do phishing with ease. Gone are the days where you would…Jul 10, 20232Jul 10, 20232
Using RASP to look for evil in Java programsWelcome to Part 2 of my previous post on loading a Java class in Tomcat. A possible way to stop this kind of attack would be to dynamically…Jun 24, 2023Jun 24, 2023
Dynamically loading Java implant from a remote source to TomcatI had a situation where I could do JNDI injection into a Tomcat server leading to RCE. While off the shelf solutions such as this Github…Jun 4, 2023Jun 4, 2023
Reversing an enterprise Golang applicationRecently I needed to reverse engineer an application as I needed to figure out its login mechanisms. The diagram below is a high level…May 30, 2023May 30, 2023
Published inCSG @ GovTechWhen You Have No Money and Want to Find Bugs in RoutersEmulating Embedded Devices for Vulnerability ResearchJan 5, 2022Jan 5, 2022
Published inCSG @ GovTechWhy doesn’t my shellcode work anymore?Shellcode run on different versions of Linux kernels behave differently!Jul 14, 2021Jul 14, 2021
Troubleshooting Program Stability using DynamoRIOProgram stability is somewhat different with regards to fuzzing versus how we generally perceive it.Mar 30, 2021Mar 30, 2021