This article discusses the covert use of the NanoDump utility from memory (i.e. the simulated attacker doesn’t have a C&C ‘beacon’ on the attacked network node) and compares such an application of NanoDump with the use of SafetyKatz.
CONTINUE READING 🡒 Author: snovvcrash
Serpent pyramid. Run malware from the EDR blind spots!
In this article, I’ll show how to modify a standalone Python interpreter so that you can load malicious dependencies directly into memory using the Pyramid tool (not to be confused with the web framework of the same name). Potentially, this enables you to evade…
CONTINUE READING 🡒 
Poisonous spuds. Privilege escalation in AD with RemotePotato0
This article discusses different variations of the NTLM Relay cross-protocol attack delivered using the RemotePotato0 exploit. In addition, you will learn how to hide the signature of an executable file from static analysis.
CONTINUE READING 🡒 
Challenge the Keemaker! How to bypass antiviruses and inject shellcode…
Recently, I was involved with a challenging pentesting project. Using the KeeThief utility from GhostPack, I tried to extract the master password for the open-source KeePass database from the process memory. Too bad, EDR was monitoring the system and prevented me from doing this: after…
CONTINUE READING 🡒 
Stratosphere flight. How to crack Struts using an Action app…
Today, I will show how to conquer the stratosphere - i.e. gain root access on the Stratosphere VM available on [Hack The Box](https://www.hackthebox.eu/) CTF grounds. To capture the root flag, I will have to overcome the Apache…
CONTINUE READING 🡒 
The PWN realm. Modern techniques for stack overflow exploitation
The buffer overflow vulnerability is an extremely popular topic on hackers' forums. In this article, I will provide a universal and practically-oriented 'introduction' for enthusiasts studying the basics of low-level exploitation. Using stack overflow as an example,…
CONTINUE READING 🡒 
Compressed Token Format (CTF). One-time passwords, LDAP injections, and tricks…
Today, I will explain how to hack the CTF virtual machine available on [Hack The Box](https://www.hackthebox.eu/) training grounds. For the purposes of this article, the abbreviation "CTF" refers to Compressed Token Format, not Capture the Flag. This…
CONTINUE READING 🡒 
Diabolically reddish pentest. Building tunneling chains through docker containers on…
How to seize control over a host located in a different subnetwork? The right answer is: build numerous intricate tunnels. This article addresses tunneling techniques and their application in pentesting using as an example Reddish, a hardcore…
CONTINUE READING 🡒 
The great mischief. Working your way to the root flag…
In this article, I will explain how to gain superuser privileges on Mischief VM available on [Hack The Box](https://www.hackthebox.eu/) training grounds. During this journey, you will acquire some SNMP skills, understand the IPv6 routing principles, and learn…
CONTINUE READING 🡒 
Where to study pentesting? An overview of training grounds for…
Today, I will give a brief overview of some of the best pentesting portals recognized by security experts. These training grounds enable ethical hackers to polish their skills while preserving 'ethicality' and exploit newly-discovered vulnerabilities while staying…
CONTINUE READING 🡒 
Epic pivoting. Polishing traffic routing skills on HackTheBox virtual machines
A good knowledge of pivoting (a technique used to route traffic to the victim and back through interim hosts) is essential for any ethical hacker. Furthermore, this skill is absolutely mandatory for corporate network pentesting. In this…
CONTINUE READING 🡒 
The taming of Kerberos. Seizing control over Active Directory on…
In this article, I am going to show how to escalate from an unprivileged user to the administrator of the Active Directory domain controller. The demonstration will be performed on a virtual PC available for hacking on…
CONTINUE READING 🡒