Home
Culbert Report
Cancel

DLL Hijacking

What is DLL hijacking? DLL hijacking is an adversarial technique for exploiting trusted applications in order to load malicious code. There are many more advanced techniques than what I will displa...

CVE-2020-13958 Full Kill Chain

CVE-2020-13958 - Breakdown In the simplest of terms, CVE-2020-13958 is an issue with OpenOffice where, upon opening specially crafted documents, a program or webpage can be opened with no user inte...

Defeating Defender

     So far Defender has being the reigning champion for AV detection rates. Up there with McAfee somehow. Well, today Defender comes toppling down leaving McAfee at the top of ...

Examining Python Malware And AV Detection

<h2 style="text-align: left;">What does Python malware look like?</h2><h3 style="text-align: left;">It comes in many flavors</h3><p style="text-align: left;">Python ma...

Is Windows Defender Up To Par?

How Effective Is Defender? Short answer: Effective Enough Long answer: Read on Testing Methodology:     I have a bunch of random malware samples on my PC ranging from Mimikatz to ra...

Using YARA To Detect Python Executables

Python malware is on the rise, with many low level criminals switching to it for it's ease of use, low entry level, and many libraries available to choose from. However, the most widely used tools ...

Containerizing Your C2: Nuages, Docker, & A Dusty Pi

Why? I wanted a low powered container platform and had a rPi 3b sitting around collecting dust. This project isn’t for any practical reasons, but I wanted to emulate what bigger companies do, ...

Setting Up Grafana To Display Nessus Results And Jira Tasks

This is a run through on setting up Grafana to pull data from Nessus and tasks from Jira. Prerequisites:  Two VMs capable of 4 GB of RAM, 2 Cores, 32 GB Disk space each.Nessus Version: Nessus-...

HTB - Nest Writeup

    This was my first Hack The Box challenge and I've been waiting for so long to post this. It took a lot of work and a lot of trying to work through problems I created for myself, ...

MSHTA Files & Exploitations

What is it:Microsoft HTML Application Host and CHM files. The program is located at C:\Windows\SysWOW64An outdated relic on Windows machines used to host help documents.Microsoft has documented tha...