Challenge the Keemaker! How to bypass antiviruses and inject shellcode into KeePass memory

Recently, I was involved with a challenging pentesting project. Using the KeeThief utility from GhostPack, I tried to extract the master password for the open-source KeePass database from the process memory. Too bad, EDR was monitoring the system and prevented me from doing this: after all, KeeThief injects shellcode into a remote process in a classical oldie-goodie way, and in 2022, such actions have no chance to go unnoticed.
Read full article →

Vulnerable Java. Hacking Java bytecode encryption

Java code is not as simple as it seems. At first glance, hacking a Java app looks like an easy task due to a large number of available decompilers. But if the code is protected by bytecode encryption, the problem becomes much more complicated. In this article, I will explain in detail how to circumvent this protection mechanism.
Read full article →

Blindfold game. Manage your Android smartphone via ABD

One day I encountered a technical issue: I had to put a phone connected to a single-board Raspberry Pi computer into the USB-tethering mode on boot. To do this, I used Android Debug Bridge (ADB), a handy debugging interface for Android devices. There are several ways to automate the work of apps on an Android smartphone using ADB, and this paper examines one of them.
Read full article →

Climb the heap! Exploiting heap allocation problems

Some vulnerabilities originate from errors in the management of memory allocated on a heap. Exploitation of such weak spots is more complicated compared to ‘regular’ stack overflow; so, many hackers security researchers have no idea how to approach them. Even the Cracking the Perimeter (OSCE) course doesn’t go beyond a trivial rewrite of SEH. In this article, I will explain the heap mechanics and show how to exploit its vulnerabilities.
Read full article →