Encrypted Data Exfiltration with DNS
Hi folks! Long time no see 😀 In this post we will write our exfiltration tool with python and DNS. We will use; First at first, we have to understand some of the DNS basics. What is DNS? Why we
Category: Red Team
Weaponizing with ChatGPT
Hello everyone! I’m sure you’ve heard of ChatGPT, the language model trained by OpenAI. In this blog post, we’ll explore how we can use ChatGPT to create scripts or projects for testing systems or applications. However, it’s important to note
Analysis of Fake Application and Phishing Campaign in Turkey
Hi, there! While watching videos on Youtube, I saw a Google advertisement which one of wrote a well-paid job. That seemed interesting and weird. The advertisement was about an android application on Google Play. Let’s take a look at this
Chaining the Vulns (SSRF-Deserialization to RCE)
Hi everyone, in this blog post we will cover SSRF, RCE and Deserialization vulnerabilities with a scenario. Despite of the knowing these vulnerabilities not enough for some red teaming / adversarial emulation operations. We should think how we can use
AV Evasion – Behavioral/Heuristic Engine
AV Evasion P3 – Behavioral/Heuristic Engine We discussed Static and Dynamic Engines. In this post I will try to explain heuristic engine bypassing. I don’t like to give direct techniques, like “you must use X codes or Y techniques”. The
AV Evasion – Static and Dynamic Engines
Malware Development – AV Evasion P2 Hi everyone in this post we will talk about bypassing AV Engines which we talked about on YouTube videos. Firstly, let’s remember the static and dynamic engines. What do these mean? Static Engine: The
Evasion P1 – How the Antiviruses Works?
Hi everyone, welcome back. I couldn’t write any blogs due to some extra projects and my OSEP Journey. In this post series, we will talk about evasion techniques and bypassing security solutions. But, firstly we must start with understanding these
Initial Access with XSS and HTML Smuggling – Theory
Hi there! In this blog, we will discuss how to compromise an employee system with some tricks. We will cover a client-side attack and some chaining of techniques like phishing, HTML Smuggling, Droppers, etc. I couldn’t develop the demo lab
Pivoting for Pentesters/Red Teamers
Hi everyone. In this article, ı want to explain what is pivoting and telling some keywords about it. Firstly, we should know post exploitation phase or something like this 🙂 What is Post-Exploitation? We could exploit an RCE vulnerability and
Book Review: Red Team – Development and Operations
Book Name: Red Team – Development And Operations Author: Joe VEST & James TUBBERVILLE Docs: https://redteam.guide/docs/ Topic: Red Teaming Level: Advanced Hi all!.. I’m here with a new book review. I’m interested in security topics like offensive security, red teaming,