X-C3LL's Personal Blog :) https://x-c3ll.github.io a rant about Red Teaming. Fri, 30 Jan 2026 10:00:00 +0000 /posts/Rant-Red-Team/ https://x-c3ll.github.io/posts/Rant-Red-Team/ An inventory of my current comics. Sun, 25 Aug 2024 00:03:37 +0000 /posts/comics/ https://x-c3ll.github.io/posts/comics/ New approach for this blog. Mon, 15 Jul 2024 00:03:37 +0000 /posts/Now-is-personal/ https://x-c3ll.github.io/posts/Now-is-personal/ Hooking mysqld to steal net-NTLM hashes from developers. Sun, 12 Jul 2020 01:03:37 +0000 /posts/rogue-mysqld-steal-net-ntlm/ https://x-c3ll.github.io/posts/rogue-mysqld-steal-net-ntlm/ Brief description of how to use GetEnvironmentVariable as an alternative to WriteProcessMemory Thu, 28 May 2020 11:22:33 +0000 /posts/GetEnvironmentVariable-Process-Injection/ https://x-c3ll.github.io/posts/GetEnvironmentVariable-Process-Injection/ Overview of PHP internals related with disable_functions and how common exploits works Sun, 09 Feb 2020 01:13:37 +0000 /posts/UAF-PHP-disable_functions/ https://x-c3ll.github.io/posts/UAF-PHP-disable_functions/ Description of how to pivot though the MySQL service. Turning MySQL into a SOCKS5 that can be used by proxychains. Fri, 06 Dec 2019 13:48:08 +0000 /posts/Pivoting-MySQL-Proxy/ https://x-c3ll.github.io/posts/Pivoting-MySQL-Proxy/ Article describing how we used LIEF to isolate target functions and kaitai to describe the protocol. Fri, 01 Nov 2019 12:00:00 +0000 /posts/blackbox-lief-kaitai/ https://x-c3ll.github.io/posts/blackbox-lief-kaitai/ Collection of CSS / HTML primitives. Tricks to use as an alternative to JavaScript (exfiltration, timing, etc.) Wed, 16 Oct 2019 01:00:00 +0000 /posts/CSS-Injection-Primitives/ https://x-c3ll.github.io/posts/CSS-Injection-Primitives/ Walkthrough of discovering CVE-2018-7081 (memory corruption). Proof of Concept inside :) Wed, 04 Sep 2019 01:00:00 +0000 /posts/CVE-2018-7081-RCE-ArubaOS/ https://x-c3ll.github.io/posts/CVE-2018-7081-RCE-ArubaOS/ Example of how WFP can be used to communicate with an infected machine Wed, 05 Jun 2019 13:30:07 +0000 /posts/windows-port-knocking/ https://x-c3ll.github.io/posts/windows-port-knocking/ Examples of how the inotify API can be useful for the Red Team Mon, 01 Apr 2019 11:00:00 +0000 /posts/rethinking-inotify/ https://x-c3ll.github.io/posts/rethinking-inotify/ Some ideas about how to extract hidden parameters in PHP functions and how to find potential bypasses Sun, 09 Dec 2018 13:00:00 +0000 /posts/find-bypass-disable_functions/ https://x-c3ll.github.io/posts/find-bypass-disable_functions/ Brief tutorial of how to use backend pipes in PowerDNS for exfiltration Fri, 09 Nov 2018 15:00:00 +0000 /posts/DNS-endpoint-exfiltration/ https://x-c3ll.github.io/posts/DNS-endpoint-exfiltration/ Solutions to the challenges made by me in Navaja Negra CTF (Web, Pwn, Rev. & Misc.) Thu, 11 Oct 2018 12:00:00 +0000 /posts/nn8ed-CTF/ https://x-c3ll.github.io/posts/nn8ed-CTF/ Description of how the vulnerability was found and a few indications about its explotability Tue, 14 Aug 2018 13:11:37 +0000 /posts/swoole-deserialization-cve-2018-15503/ https://x-c3ll.github.io/posts/swoole-deserialization-cve-2018-15503/ Article about how to build backdoors for the Zend Engine. Sat, 28 Jul 2018 12:00:10 +0000 /posts/PHP-extension-backdoor/ https://x-c3ll.github.io/posts/PHP-extension-backdoor/ Learn the basic usage of Frida with this tutorial. Build your own cheat with Frida. Thu, 05 Jul 2018 13:00:37 +0000 /posts/Frida-Pwn-Adventure-3/ https://x-c3ll.github.io/posts/Frida-Pwn-Adventure-3/ Description of how to backdoor PAM and exfiltrate credentials via DNS requests. Capture credentials FTW! Wed, 27 Jun 2018 13:37:00 +0000 /posts/PAM-backdoor-DNS/ https://x-c3ll.github.io/posts/PAM-backdoor-DNS/ Quick article about how to improve well-known tools used in pentests. Forkpty() FTW!! Tue, 08 May 2018 12:00:00 +0000 /posts/forkpty-dnscat2/ https://x-c3ll.github.io/posts/forkpty-dnscat2/ Article about how to subvert file integrity checks made by most popular WordPress Plugins Fri, 09 Mar 2018 12:00:00 +0000 /posts/bypass-wordpress-plugins/ https://x-c3ll.github.io/posts/bypass-wordpress-plugins/ Example of how to abuse permissive environments to infect processes with custom code using ptrace Sat, 24 Feb 2018 12:00:00 +0000 /posts/parasite-web-server-process/ https://x-c3ll.github.io/posts/parasite-web-server-process/ List of antidebugging techniques applied to JavaScript (focused on browsers) Thu, 08 Feb 2018 12:00:00 +0000 /posts/javascript-antidebugging/ https://x-c3ll.github.io/posts/javascript-antidebugging/ Solution to an easy python jail challenge Sat, 03 Feb 2018 10:00:00 +0000 /posts/impeldown-python-jail/ https://x-c3ll.github.io/posts/impeldown-python-jail/ An example of how to drop modules on a target using the syscall memfd_create Fri, 02 Feb 2018 12:00:00 +0000 /posts/fileless-memfd_create/ https://x-c3ll.github.io/posts/fileless-memfd_create/