Win32 APIs, also known as Windows API or Win API, serve as the interface between applications and the Windows operating system, facilitating access to system resources, low-level operations, and robust application development. This integral component of Windows programming offers diverse services including window management, file operations, device I/O, networking, and more. Any developer looking to...
Process Injection Process injection is an advanced penetration testing technique used by experienced penetration testers to introduce malicious code into non-malicious processes, infiltrating stealthily without detection and response solutions. Also referred to as shellcode injection, process injection employs various mechanisms and methodologies in its quest. We will explore its theory as well as different forms...
Rust is an efficient systems programming language designed by Mozilla that stands out for its exceptional efficiency, strong memory safety guarantees, high-performance capabilities, and strong concurrency support. Long viewed as an alternative to C and C++ languages such as PHP or Ruby, Rust has quickly found favour among developers. This blog will delve further into...
Endpoint Detection and Response (EDR) solutions are essential for monitoring and responding to security incidents on endpoints. These solutions employ various techniques to identify malicious behavior, including the use of API hooking. API hooking is one of the commonly employed methods by EDRs. It helps to intercept and redirect the execution flow of specific functions...
In today’s digital landscape, organizations face a constant barrage of cyber threats. One such threat is DNS Data Exfiltration, a technique used by malicious actors to surreptitiously transfer sensitive information out of a compromised network. This can lead to significant data breaches and substantial financial losses for organizations. In this blog, we will explore the...
In today’s digital landscape, protecting our systems from malicious threats is of utmost importance. Antivirus software plays a significant role in defending against various forms of malware. However, cybercriminals are constantly evolving their techniques to bypass these security measures. One such method in Windows Antivirus evasion is DLL Injection, which involves manipulating a process to load...
Havoc C2 has quickly become one of many peoples’ favorite open-source C2s. Its features offer everything you need to complete a pen test or red team engagement. It is a modern and malicious post-exploitation framework written and maintained by @C5pider. If you are not familiar with the C2 framework, click here. TL;DR: Now that you...
Command and Control (C2) frameworks have emerged as a sophisticated and consequential dimension in the ever-evolving cybersecurity landscape. These frameworks are commonly employed by threat actors, particularly those involved in Advanced Persistent Threats (APTs), to orchestrate and manage cyber-attacks on targeted organizations or individuals. This blog delves into the intricacies of such frameworks, explaining their...
Access Control Lists (ACLs) are a crucial component of securing data and resources in an IT infrastructure. By assigning permissions to users and groups, ACLs regulate access to files, directories, and other objects. However, when ACLs are misconfigured or abused, they can become a significant vulnerability, allowing unauthorized users to gain access to sensitive information...
In the ever-evolving world of cybersecurity, staying one step ahead of malicious actors is crucial. Command and control (C2) frameworks play a vital role in post-exploitation activities, allowing security professionals to execute payloads on compromised hosts and gain control over the target network. One such framework that has gained significant attention is Covenant. In this...
