Introduzione Una delle sfide durante la scrittura di un exploit è la gestione dello spazio che serve per inserire lo shellcode malevolo. Certe volte si trovano Stack Buffer Overflow, ma ci sono talmente pochi byte per l’inserimento dello shellcode che è necessario trovare un metodo alternativo. L’egghunter (letteralmente “cacciatore di uova”) è una piccola porzione…

Introduzione Con questo articolo continuiamo la serie Stack Overflow passando ad un nuovo argomento, ossia il SEH Structured exception handling. Un gestore di eccezioni è un costrutto di programmazione utilizzato per fornire un modo strutturato per gestire le condizioni di errore a livello di sistema e di applicazione. A livello di codice solitamente si trova…

Disk Clean-up is a utility which is part of Windows operating systems and can free up hard drive disk space by deleting mainly cache and… Continue reading → Persistence – Disk Clean-up Go to Source

When the Windows Operating system is installed via a clean installation or via an upgrade, the Windows Setup binary is executed. The Windows setup allows… Continue reading → Persistence – Windows Setup Script Go to Source

Active Directory users that have the Kerberos pre-authentication enabled and require access to a resource initiate the Kerberos authentication process by sending an Authentication Server… Continue reading → AS-REP Roasting Go to Source

It is not uncommon developers or users responsible to write code (i.e. detection engineers using Sigma) to utilize Visual Studio Code as their code editor.… Continue reading → Persistence – Visual Studio Code Extensions Go to Source

Windows File Explorer is the is the graphical file management utility for the Windows operating system and the default desktop environment. Windows explorer was introduced… Continue reading → Persistence – Explorer Go to Source

DLL Proxy Loading is a technique which an arbitrary DLL exports the same functions as the legitimate DLL and forwards the calls to the legitimate… Continue reading → Persistence – DLL Proxy Loading Go to Source

Microsoft introduced Data Protection Application Programming Interface (DPAPI) in Windows environments as a method to encrypt and decrypt sensitive data such as credentials using the… Continue reading → Web Browser Stored Credentials Go to Source

Windows Event logs are the main source of information for defensive security teams to identify threats and for administrators to troubleshoot errors. The logs are… Continue reading → Persistence – Event Log Go to Source