Home
Culbert Report
Cancel

Covenant In 2022

Intro    What great timing, s3cur3th1ssh1t just made a post on stageless vs staged Grunts in Covenant. Check it out! A quick background before diving in. What is Covenant? Covenant i...

Hiding In Alternate Data Streams

    While reading Gray Hat Python, I came across another interesting tactic of hiding files in what's known as alternate data streams. I had previously seen this used by Microsoft to...

Switchblade To Swiss Army Knife: Expanding The Toolset With Python

Intro     A while ago I posted about Switchblade. This was a C2 technique that utilized mutual TLS to authenticate beacons that were compromised and separate them out from other tra...

Sometimes Projects Don't Pan Out

 When things just don't work It's been maddening. I had this great idea where I would download the Wireguard deb file, modify it to have some pre-configured commands that run after installatio...

CVE-2021-3919: Using HP Omen Gaming Center Offensively

Background: HP OMEN allowed any user who launched OMEN Gaming Hub version 11.9.4.0 to block outbound network traffic. This action required no UAC and could be abused by unprivileged users to block ...

Browser Password Safes

 How Safe Are They?     I wanted to talk briefly about this as a lot of people don't believe browsers have strong password safes, that they can be retrieved in plaintext far eas...

Detecting When Someone Isnt Who They Say They Are

Using PowerShell To Find Fraudulent DLLs We've talked a lot on here about offensive stuff as of late, so let's shift gears and think about some methods for detecting what we've done. In the image b...

Lessons In C2 From The CIA

Intro I've always wanted to make my own C2 framework but have never really found the inspiration to, until I came across a post from Byt3bl33d3r talking about modernizing the CIA's C2 framework. Th...

Custom Encoding For Shellcode

Tired of your payloads constantly getting detected? Tried MSFVenom and still have had no luck with making it past EDR?  Then read on for to how to make your own encoder. Preface: Before we ge...

Can You Tell Real From Fake: Lightshot Malware Campaign

Background: Lightshot is a utility for Windows and Macs that allows you to take screenshots of select portions of your screen. It's handy if you don't want to use the built in Windows function whic...