Just a blog to preserve some thoughts about Red Teaming :)

Index of /

:: Searching systematically for PHP disable_functions bypasses :: 2018-12-09 13:00:00 +0000 ::
Some ideas about how to extract hidden parameters in PHP functions and how to find potential bypasses

:: Building simple DNS endpoints for exfiltration or C&C :: 2018-11-09 15:00:00 +0000 ::
Brief tutorial of how to use backend pipes in PowerDNS for exfiltration

:: Writeup Navaja Negra 2018 CTF :: 2018-10-11 12:00:00 +0000 ::
Solutions to the challenges made by me in Navaja Negra CTF (Web, Pwn, Rev. & Misc.)

:: Vulnerability in Swoole PHP extension [CVE-2018-15503] :: 2018-08-14 13:11:37 +0000 ::
Description of how the vulnerability was found and a few indications about its explotability

:: Improving PHP extensions as a persistence method :: 2018-07-28 12:00:10 +0000 ::
Article about how to build backdoors for the Zend Engine.

:: Hacking a game to learn FRIDA basics (Pwn Adventure 3) :: 2018-07-05 13:00:37 +0000 ::
Learn the basic usage of Frida with this tutorial. Build your own cheat with Frida.

:: Exfiltrating credentials via PAM backdoors & DNS requests :: 2018-06-27 13:37:00 +0000 ::
Description of how to backdoor PAM and exfiltrate credentials via DNS requests. Capture credentials FTW!

:: Beyond pty.spawn - use pseudoterminals in your reverse shells (DNScat2 example) :: 2018-05-08 12:00:00 +0000 ::
Quick article about how to improve well-known tools used in pentests. Forkpty() FTW!!

:: Defeating WordPress Security Plugins (Revisited) :: 2018-03-09 12:00:00 +0000 ::
Article about how to subvert file integrity checks made by most popular WordPress Plugins

:: Parasiting web server process with webshells in permissive environments :: 2018-02-24 12:00:00 +0000 ::
Example of how to abuse permissive environments to infect processes with custom code using ptrace

:: JavaScript AntiDebugging Tricks :: 2018-02-08 12:00:00 +0000 ::
List of antidebugging techniques applied to JavaScript (focused on browsers)

:: Writeup (CTF) - ImpelDown CodeGate PreQuals 2018 (MISC) :: 2018-02-03 10:00:00 +0000 ::
Solution to an easy python jail challenge

:: Loading "fileless" Shared Objects (memfd_create + dlopen) :: 2018-02-02 12:00:00 +0000 ::
An example of how to drop modules on a target using the syscall memfd_create