CVE-2020-13958 - Breakdown In the simplest of terms, CVE-2020-13958 is an issue with OpenOffice where, upon opening specially crafted documents, a program or webpage can be opened with no user inte...
Defeating Defender
So far Defender has being the reigning champion for AV detection rates. Up there with McAfee somehow. Well, today Defender comes toppling down leaving McAfee at the top of ...
Examining Python Malware And AV Detection
<h2 style="text-align: left;">What does Python malware look like?</h2><h3 style="text-align: left;">It comes in many flavors</h3><p style="text-align: left;">Python ma...
Is Windows Defender Up To Par?
How Effective Is Defender? Short answer: Effective Enough Long answer: Read on Testing Methodology: I have a bunch of random malware samples on my PC ranging from Mimikatz to ra...
Using YARA To Detect Python Executables
Python malware is on the rise, with many low level criminals switching to it for it's ease of use, low entry level, and many libraries available to choose from. However, the most widely used tools ...
Containerizing Your C2: Nuages, Docker, & A Dusty Pi
Why? I wanted a low powered container platform and had a rPi 3b sitting around collecting dust. This project isn’t for any practical reasons, but I wanted to emulate what bigger companies do, ...
Setting Up Grafana To Display Nessus Results And Jira Tasks
This is a run through on setting up Grafana to pull data from Nessus and tasks from Jira. Prerequisites: Two VMs capable of 4 GB of RAM, 2 Cores, 32 GB Disk space each.Nessus Version: Nessus-...
HTB - Nest Writeup
This was my first Hack The Box challenge and I've been waiting for so long to post this. It took a lot of work and a lot of trying to work through problems I created for myself, ...
MSHTA Files & Exploitations
What is it:Microsoft HTML Application Host and CHM files. The program is located at C:\Windows\SysWOW64An outdated relic on Windows machines used to host help documents.Microsoft has documented tha...
What Is Microsoft.Workflow.Compiler.exe And Why Should You Disable It
What is it?This is a built in function for C# in Microsoft Windows that essentially allows arbitrary unsigned code execution. It is part of the .NET framework and it works by combining a serialized...