Home
Culbert Report
Cancel

Do You Want To Be A Millionaire

Do You Want To Be A Millionaire? I got the weirdest phishing email the other day. It was a link to a cryptocurrency exchange called protoncoin[.]net with a username and password. So naturally, I c...

How AV Hooks NTDLL

How Does AV Know? Have you ever wondered how AV knows what that the application you’re trying to run is malicious when it doesn’t have a known signature? NTDLL is the answer. Before we begin It’...

Please pardon the mess!

Please pardon the mess as the old Blogger site is transitioned here. Some of the posts got saved oddly, some of them have poor formatting because I made poor design choices, and some are missing fo...

Setting Up A Phishing Platform With GoPhish

     What is GoPhish?     GoPhish is a great platform for launching phishing campaigns on a budget. By simply installing it along with Postfix on a Digitalocean drop...

A Beginners Guide To Everything WebApp Pentesting

So you want to be a pentester     There's a ton of different types of pentesting that you can do. What we'll talk about here though is website pentesting. This is the type of pentest...

Covenant In 2022

Intro    What great timing, s3cur3th1ssh1t just made a post on stageless vs staged Grunts in Covenant. Check it out! A quick background before diving in. What is Covenant? Covenant i...

Hiding In Alternate Data Streams

    While reading Gray Hat Python, I came across another interesting tactic of hiding files in what's known as alternate data streams. I had previously seen this used by Microsoft to...

Switchblade To Swiss Army Knife: Expanding The Toolset With Python

Intro     A while ago I posted about Switchblade. This was a C2 technique that utilized mutual TLS to authenticate beacons that were compromised and separate them out from other tra...

Sometimes Projects Don't Pan Out

 When things just don't work It's been maddening. I had this great idea where I would download the Wireguard deb file, modify it to have some pre-configured commands that run after installatio...

CVE-2021-3919: Using HP Omen Gaming Center Offensively

Background: HP OMEN allowed any user who launched OMEN Gaming Hub version 11.9.4.0 to block outbound network traffic. This action required no UAC and could be abused by unprivileged users to block ...