Encrypted Data Exfiltration with DNS
Hi folks! Long time no see 😀 In this post we will write our exfiltration tool with python and DNS. We will use; First at first, we have to understand some of the DNS basics. What is DNS? Why we
Category: Penetration Testing
Chaining the Vulns (SSRF-Deserialization to RCE)
Hi everyone, in this blog post we will cover SSRF, RCE and Deserialization vulnerabilities with a scenario. Despite of the knowing these vulnerabilities not enough for some red teaming / adversarial emulation operations. We should think how we can use
AV Evasion – Behavioral/Heuristic Engine
AV Evasion P3 – Behavioral/Heuristic Engine We discussed Static and Dynamic Engines. In this post I will try to explain heuristic engine bypassing. I don’t like to give direct techniques, like “you must use X codes or Y techniques”. The
AV Evasion – Static and Dynamic Engines
Malware Development – AV Evasion P2 Hi everyone in this post we will talk about bypassing AV Engines which we talked about on YouTube videos. Firstly, let’s remember the static and dynamic engines. What do these mean? Static Engine: The
Evasion P1 – How the Antiviruses Works?
Hi everyone, welcome back. I couldn’t write any blogs due to some extra projects and my OSEP Journey. In this post series, we will talk about evasion techniques and bypassing security solutions. But, firstly we must start with understanding these
Pivoting for Pentesters/Red Teamers
Hi everyone. In this article, ı want to explain what is pivoting and telling some keywords about it. Firstly, we should know post exploitation phase or something like this 🙂 What is Post-Exploitation? We could exploit an RCE vulnerability and
Book Review: Red Team – Development and Operations
Book Name: Red Team – Development And Operations Author: Joe VEST & James TUBBERVILLE Docs: https://redteam.guide/docs/ Topic: Red Teaming Level: Advanced Hi all!.. I’m here with a new book review. I’m interested in security topics like offensive security, red teaming,
Book Review: Advanced Penetration Testing
Book Name: Advanced Penetration Testing Author: WIL ALLSOPP, HANS VAN DE LOOY (Foreword) Publisher: Wiley Topic: Penetration Testing, Red Teaming Level: Advanced Hi everyone. I’m here with a new book review. I read this book a few months ago but
C2 Framework Alternatives for Red Teamers/Pentesters
Hi everyone, I’m back. In this post, I want to introduce some c2 frameworks and I will explain how to use tor services for our c2 server. Let’s start with frameworks!.. C2 Frameworks which I want to introduce: Covenant Cobalt
Data Exfiltiration with Phone Cam and OCR
I want to show you the data exfiltration technique with base64 and cellphone cam, also you can use it with OCR. But OCR doesn’t convert image to text %100, you must fix encoded file. Imagine that, you found a file