• News
  • Mobile
  • Security
  • Malware
  • Coding
  • Unix
  • DevOps
  • Log In
  • Sign Up
  • No bullshit
  • Cookie Policy
  • Privacy Policy
Log In / Sign Up

Author: MichelleVermishelle

Crooked path. New obfuscation techniques for WinAPI calls
Malware

Crooked path. New obfuscation techniques for WinAPI calls

3 weeks agoMichelleVermishelle2290
All malicious tools try to hide their WinAPI calls: if the program code contains suspicious functions, its execution can be blocked. There are very few documented ways to obfuscate WinAPI calls, but I would like to share with you some promising ideas…
CONTINUE READING 🡒
You won’t escape! Hijacking user sessions in Windows
Security

You won’t escape! Hijacking user sessions in Windows

08.07.202508/07/2025MichelleVermishelle1020
How often do you encounter a much-desired domain admin session on an outdated Windows 7 workstation? In the hands of a hacker pentester, this admin account is a ‘master key’ that can unlock the entire network. But imagine that an evil antivirus prevents you…
CONTINUE READING 🡒
Hijacking COM. Abusing COM classes to hijack user sessions
Security

Hijacking COM. Abusing COM classes to hijack user sessions

03.07.202503/07/2025MichelleVermishelle1530
As you are likely aware, Windows assigns a unique session to each user logging into the system. And if somebody logs into an already hacked device, you can hijack that person’s session. This article discusses a promising privilege escalation technique: the attacker steals users’…
CONTINUE READING 🡒
Flaying three-headed sheep. How to dump Kerberos tickets in C++
Security

Flaying three-headed sheep. How to dump Kerberos tickets in C++

21.01.202508/04/2025MichelleVermishelle530
Kerberos offers plenty of user authentication features. Its main ‘bricks’ are tickets; in the course of penetration testing, the attacker dumps such tickets from the LSASS process memory at least once. Today, I will explain how this operation can be performed without sophisticated hacker…
CONTINUE READING 🡒
Goodbye Mimikatz! Inject tickets with your own hands
Security

Goodbye Mimikatz! Inject tickets with your own hands

16.01.202508/04/2025MichelleVermishelle510
To implement a number of pass-the-ticket attacks, you have to inject a Kerberos ticket into the compromised system. Such tools as Mimikatz, Impacket, or Rubeus can be used for this purpose, but they are easily detected by antiviruses, thus, making this approach ineffective. In this…
CONTINUE READING 🡒
Privileger: Now you’re in control of privileges in Windows
Security

Privileger: Now you’re in control of privileges in Windows

16.01.202508/04/2025MichelleVermishelle520
In Windows, privileges play a key role: only the admin has the authority to grant special rights to users so that they can perform their tasks. This article discusses a software tool called Privileger: it enables you to search the system for accounts with certain…
CONTINUE READING 🡒
Insecurity provider. How Windows leaks user passwords
Security

Insecurity provider. How Windows leaks user passwords

16.01.202508/04/2025MichelleVermishelle720
In Windows, most security mechanisms are based on user account passwords. Today, you will learn several techniques making it possible to intercept a password at the time of user authentication and write code that automates this process.
CONTINUE READING 🡒
  • No bullshit
  • Cookie Policy
  • Privacy Policy
HackMag — Top-notch cybersecurity magazine © 2025
Support:support@hackmag.com