X-C3LL's Personal Blog :)
An inventory of my current comics.
New approach for this blog.
Hooking mysqld to steal net-NTLM hashes from developers.
Brief description of how to use GetEnvironmentVariable as an alternative to WriteProcessMemory
Overview of PHP internals related with disable_functions and how common exploits works
Description of how to pivot though the MySQL service. Turning MySQL into a SOCKS5 that can be used by proxychains.
Article describing how we used LIEF to isolate target functions and kaitai to describe the protocol.
Collection of CSS / HTML primitives. Tricks to use as an alternative to JavaScript (exfiltration, timing, etc.)
Walkthrough of discovering CVE-2018-7081 (memory corruption). Proof of Concept inside :)
Example of how WFP can be used to communicate with an infected machine
Examples of how the inotify API can be useful for the Red Team
Some ideas about how to extract hidden parameters in PHP functions and how to find potential bypasses
Brief tutorial of how to use backend pipes in PowerDNS for exfiltration
Solutions to the challenges made by me in Navaja Negra CTF (Web, Pwn, Rev. & Misc.)
Description of how the vulnerability was found and a few indications about its explotability
Article about how to build backdoors for the Zend Engine.
Learn the basic usage of Frida with this tutorial. Build your own cheat with Frida.
Description of how to backdoor PAM and exfiltrate credentials via DNS requests. Capture credentials FTW!
Quick article about how to improve well-known tools used in pentests. Forkpty() FTW!!
Article about how to subvert file integrity checks made by most popular WordPress Plugins
Example of how to abuse permissive environments to infect processes with custom code using ptrace
List of antidebugging techniques applied to JavaScript (focused on browsers)
Solution to an easy python jail challenge
An example of how to drop modules on a target using the syscall memfd_create