Category: sploits

Matt harr0ey (@harr0ey) released a POC of an SVG Document ActiveX executing using a browser (not Internet Explorer) inside Microsoft Word. Details are on his blog homjxi0e.wordpress.com and a short demo video of it in action below

SpookFlare gives you the opportunity to bypass the endpoint countermeasures at the client-side detection and network-side detection. SpookFlare is a loader generator for Meterpreter Reverse HTTP and HTTPS stages. SpookFlare has custom encrypter with string obfuscation and run-time code compilation features so you can bypass the countermeasures of the target systems like a boss until … Read More “Spookflare” »

@tiraniddo released slides, demo videos, and some source code from his Zero Nights 2017 talk: Abusing Access Tokens for UAC Bypasses. Get it on his Github. Summary: “UAC, specifically Admin-Approval mode, has been known to be broken ever since it was first released in Windows Vista. Most of the research of bypassing UAC has focused … Read More “Bypassing UAC with access tokens” »

Haider Mahmood has a nice write-up on his blog using a few different techniques to backdoor PE files, making them (hopefully) fully undetectable by anti-viruses. Some restrictions he used in the process were: not changing the functionality of the program itself , or increasing the file size, and avoiding using other common techniques like msvenom, … Read More “Backdooring PE Files” »

Francisco Donoso gave a good talk @Derbycon on Equation Group’s leaked Danderspritz tool Check out his site danderspritz.com and more docs ::here::