Tags - XPN InfoSec Blog

XPN / Adam Chester

Posts Tags About

Twitter GitHub LinkedIn RSS Instagram

« Back to home

claude (1) llm (3) mcp (1) vulnerability (1) cve (4) adfs (1) redteam (28) oauth2 (1) windows (22) payload (1) laps (1) reversing (16) vscode (1) c2 (2) low-level (16) malware (5) apt28 (1) apt32 (1) phishing (1) cobalt strike (3) aws (2) active directory (6) azuread (2) azure (2) C2 (1) bettercap (1) mitm (2) meterpreter (1) blog (1) devops (3) ctf (10) macos (12) loader (2) privacy (1) powershell (1) security (4) foomatic-rip (1) exploit (20) flash (1) .net (5) defcon (1) iot (1) kernel (4) office (1) sysmon (1) etw (2) web (2) xss (1) secarma (4) cobaltstrike (2) externalc2 (1) mimikatz (2) amsi (1) csv (1) mdf (1) forensics (2) github (2) drivers (1) hevd (2) hopper (1) non-security (1) javascript (1) kerberos (4) kentico (1) idp (1) okta (2) ping (1) onelogin (1) entraid (1) ptrace (1) linux (1) sharepoint (1) tools (2) smb (1) plaidctf (3) vba (1) radare2 (1) dyld (1) rop (3) sql (1) metasploit (1) sqlserver (1) machine-learning (1) sccm (1) docker (1) dotnet (1) xbox (1) usb (1)

claude

An Evening with Claude (Code)

llm

An Evening with Claude (Code)

The Accidental C2 - Exploring Dev Tunnels for Remote Access

Tokenization Confusion

mcp

An Evening with Claude (Code)

vulnerability

An Evening with Claude (Code)

cve

An Evening with Claude (Code)

Foomatic-RIP (CVE-2015-8560)

Linux USBIP overflow (CVE-2016-3955)

Moving jobs and exploiting flash (CVE-2018-4878)

adfs

ADFS - Living in the Legacy of DRS

redteam

ADFS - Living in the Legacy of DRS

Administrator Protection Review

The Accidental C2 - Exploring Dev Tunnels for Remote Access

AWS Lambda Redirector

Azure AD Connect for Red Teamers

Azure Application Proxy C2

ActiveBreach, powered by Ethereum Blockchain

Alternative methods of becoming SYSTEM

Bring Your Own VM - Mac Edition

Exploring Cobalt Strike's ExternalC2 framework

Exploring PowerShell AMSI and Logging Evasion

Hiding your .NET - COMPlus_ETWEnabled

Hiding your .NET - ETW

Identity Providers for RedTeamers

Kerberos AD Attacks - Kerberoasting

Kerberos AD Attacks - More Roasting with AS-REP

macOS Research Outtakes - File Extensions

MacOS Injection via Third Party Frameworks

Okta for Red Teamers

Protecting Your Malware with blockdlls and ACG

RunDLL32 your .NET (AKA DLL exports from .NET)

Setting Service Principal Names To Roast Accounts

Silencing Cylance: A Case Study in Modern EDRs

Tailoring Cobalt Strike on Target

Testing your RedTeam Infrastructure

The SQL Server Crypto Detour

Understanding and Evading Get-InjectedThread

Using machine account credentials during an engagement

oauth2

ADFS - Living in the Legacy of DRS

windows

LAPS 2.0 Internals

Administrator Protection Review

Alternative methods of becoming SYSTEM

Cisco AMP - Bypassing Self-Protection

AppLocker CLM Bypass via COM

Debugging into .NET

Exploring PowerShell AMSI and Logging Evasion

g_CiOptions in a Virtualized World

Exploiting Windows 10 Kernel Drivers - NULL Pointer Dereference

Exploiting Windows 10 Kernel Drivers - Stack Overflow

Hiding your .NET - ETW

Inter-Realm Key Roasting (well... within the first 30 days)

Kerberos AD Attacks - Kerberoasting

Object Overloading

Protecting Your Malware with blockdlls and ACG

RunDLL32 your .NET (AKA DLL exports from .NET)

Exploiting CVE-2018-1038 - Total Meltdown

Understanding and Evading Get-InjectedThread

WAM BAM - Recovering Web Tokens From Office

Exploring SCCM by Unobfuscating Network Access Accounts

Kernel Exploit Demo - Windows 10 privesc via WARBIRD

payload

LAPS 2.0 Internals

laps

LAPS 2.0 Internals

reversing

Administrator Protection Review

Windows Anti-Debug techniques - OpenProcess filtering

Analysing RPC With Ghidra and Neo4j

Analysis of APT28 hospitality malware (Part 2)

Analysis of APT28 hospitality malware

Cisco AMP - Bypassing Self-Protection

ExplodingCan - A vulnerability review

Hiding your .NET - COMPlus_ETWEnabled

Hiding your .NET - ETW

Industroyer C2 Communication

Endpoint Security Self-Protection on MacOS

MacOS Filename Homoglyphs Revisited

Exploiting with pwndbg - Solving PlaidCTF 2016 SmartStove

Radare2 - Using Emulation To Unpack Metasploit Encoders

The .NET Export Portal

Kernel Exploit Demo - Windows 10 privesc via WARBIRD

vscode

The Accidental C2 - Exploring Dev Tunnels for Remote Access

c2

The Accidental C2 - Exploring Dev Tunnels for Remote Access

ActiveBreach, powered by Ethereum Blockchain

low-level

Analysing RPC With Ghidra and Neo4j

Building, Modifying, and Packing with Azure DevOps

Evading Sysmon DNS Monitoring

Exploring Mimikatz - Part 1 - WDigest

Exploring Mimikatz - Part 2 - SSP

g_CiOptions in a Virtualized World

How to Argue like Cobalt Strike

MacOS Filename Homoglyphs Revisited

MacOS Injection via Third Party Frameworks

Object Overloading

PNG Steganography from First Principles

Silencing Cylance: A Case Study in Modern EDRs

The .NET Export Portal

WAM BAM - Recovering Web Tokens From Office

We Need To Talk About MACL

Weird Ways to Run Unmanaged Code in .NET

malware

Analysis of APT28 hospitality malware (Part 2)

Analysis of APT28 hospitality malware

Reviewing the APT32 phishing malware

Using Hopper scripting to analyse MacRansom

Industroyer C2 Communication

apt28

Analysis of APT28 hospitality malware (Part 2)

apt32

Reviewing the APT32 phishing malware

phishing

Reviewing the APT32 phishing malware

cobalt strike

AWS Lambda Redirector

How to Argue like Cobalt Strike

Protecting Your Malware with blockdlls and ACG

aws

AWS Lambda Redirector

Designing The Adversary Simulation Lab

active directory

Azure AD Connect for Red Teamers

Inter-Realm Key Roasting (well... within the first 30 days)

Kerberos AD Attacks - Kerberoasting

Kerberos AD Attacks - More Roasting with AS-REP

Setting Service Principal Names To Roast Accounts

Using machine account credentials during an engagement

azuread

Azure AD Connect for Red Teamers

Identity Providers for RedTeamers

azure

Azure Application Proxy C2

WAM BAM - Recovering Web Tokens From Office

C2

Azure Application Proxy C2

bettercap

Bettercap - Capturing NTLM Hashes

mitm

Bettercap - Capturing NTLM Hashes

SQL Server Authentication With Metasploit and MITM

meterpreter

Alternative methods of becoming SYSTEM

blog

New Blog and the Technology that powers it

devops

New Blog and the Technology that powers it

Designing The Adversary Simulation Lab

Testing your RedTeam Infrastructure

ctf

BSidesSF CTF: b-64-b-tuff Walkthrough

BSidesSF CTF - Steel Mountain: Sensors Walkthrough

BSidesSF CTF - DNSCap Walkthrough

Defcon 25 in Review

PlaidCTF - no_mo_flo writeup

Exploiting with pwndbg - Solving PlaidCTF 2016 SmartStove

Revisiting PlaidCTF - bigpicture

ROP Primer - Walkthrough of Level 0

ROP Primer - Walkthrough of Level 1

ROP Primer - Walkthrough of Level 2

macos

Bring Your Own VM - Mac Edition

Building a Custom Mach-O Memory Loader for macOS - Part 1

Bypassing MacOS Privacy Controls

MacOS "DirtyNIB" Vulnerability

Disabling MacOS SIP via a VirtualBox kext Vulnerability

Escaping the Sandbox – Microsoft Office on MacOS

Endpoint Security Self-Protection on MacOS

MacOS Filename Homoglyphs Revisited

macOS Research Outtakes - File Extensions

MacOS Injection via Third Party Frameworks

Restoring Dyld Memory Loading

We Need To Talk About MACL

loader

Building a Custom Mach-O Memory Loader for macOS - Part 1

PNG Steganography from First Principles

privacy

Bypassing MacOS Privacy Controls

powershell

AppLocker CLM Bypass via COM

security

Foomatic-RIP (CVE-2015-8560)

From CSV to Meterpreter

Linux ptrace introduction AKA injecting into sshd for fun

MS15-099 - Sharepoint XSS

foomatic-rip

Foomatic-RIP (CVE-2015-8560)

exploit

Foomatic-RIP (CVE-2015-8560)

Linux USBIP overflow (CVE-2016-3955)

Moving jobs and exploiting flash (CVE-2018-4878)

MacOS "DirtyNIB" Vulnerability

Disabling MacOS SIP via a VirtualBox kext Vulnerability

Escaping the Sandbox – Microsoft Office on MacOS

Universal XSS via Evernote WebClipper

ExplodingCan - A vulnerability review

Github Desktop - DOM XSS

GitHub Desktop - RCE

Exploiting Windows 10 Kernel Drivers - NULL Pointer Dereference

Exploiting Windows 10 Kernel Drivers - Stack Overflow

Kentico CMS (< 9.0.42) SQLi

MS15-099 - Sharepoint XSS

ROP Primer - Walkthrough of Level 0

ROP Primer - Walkthrough of Level 1

ROP Primer - Walkthrough of Level 2

Exploiting CVE-2018-1038 - Total Meltdown

Windows Server 2016 / Docker Privilege Escalation

Kernel Exploit Demo - Windows 10 privesc via WARBIRD

flash

Moving jobs and exploiting flash (CVE-2018-4878)

.net

Building, Modifying, and Packing with Azure DevOps

Debugging into .NET

Hiding your .NET - ETW

RunDLL32 your .NET (AKA DLL exports from .NET)

The .NET Export Portal

defcon

Defcon 25 in Review

iot

Defcon 25 in Review

kernel

Disabling MacOS SIP via a VirtualBox kext Vulnerability

Exploiting Windows 10 Kernel Drivers - NULL Pointer Dereference

Exploiting Windows 10 Kernel Drivers - Stack Overflow

Exploiting CVE-2018-1038 - Total Meltdown

office

Escaping the Sandbox – Microsoft Office on MacOS

sysmon

Evading Sysmon DNS Monitoring

etw

Evading Sysmon DNS Monitoring

Hiding your .NET - COMPlus_ETWEnabled

web

Universal XSS via Evernote WebClipper

MS15-099 - Sharepoint XSS

xss

Universal XSS via Evernote WebClipper

secarma

ExplodingCan - A vulnerability review

Industroyer C2 Communication

Setting Service Principal Names To Roast Accounts

Using machine account credentials during an engagement

cobaltstrike

Exploring Cobalt Strike's ExternalC2 framework

Tailoring Cobalt Strike on Target

externalc2

Exploring Cobalt Strike's ExternalC2 framework

mimikatz

Exploring Mimikatz - Part 1 - WDigest

Exploring Mimikatz - Part 2 - SSP

amsi

Exploring PowerShell AMSI and Logging Evasion

csv

From CSV to Meterpreter

mdf

Extracting SQL Server Hashes From master.mdf

forensics

Extracting SQL Server Hashes From master.mdf

Offensive Forensics - Recovering Files

github

Github Desktop - DOM XSS

GitHub Desktop - RCE

drivers

g_CiOptions in a Virtualized World

hevd

Exploiting Windows 10 Kernel Drivers - NULL Pointer Dereference

Exploiting Windows 10 Kernel Drivers - Stack Overflow

hopper

Using Hopper scripting to analyse MacRansom

non-security

How GitHub login detection banner works

javascript

How GitHub login detection banner works

kerberos

Inter-Realm Key Roasting (well... within the first 30 days)

Kerberos AD Attacks - Kerberoasting

Kerberos AD Attacks - More Roasting with AS-REP

Setting Service Principal Names To Roast Accounts

kentico

Kentico CMS (< 9.0.42) SQLi

idp

Identity Providers for RedTeamers

okta

Identity Providers for RedTeamers

Okta for Red Teamers

ping

Identity Providers for RedTeamers

onelogin

Identity Providers for RedTeamers

entraid

Identity Providers for RedTeamers

ptrace

Linux ptrace introduction AKA injecting into sshd for fun

linux

Linux ptrace introduction AKA injecting into sshd for fun

sharepoint

MS15-099 - Sharepoint XSS

tools

Exploring SCCM by Unobfuscating Network Access Accounts

smb

plaidctf

PlaidCTF - no_mo_flo writeup

Exploiting with pwndbg - Solving PlaidCTF 2016 SmartStove

Revisiting PlaidCTF - bigpicture

vba

Protecting Your Malware with blockdlls and ACG

radare2

Radare2 - Using Emulation To Unpack Metasploit Encoders

dyld

Restoring Dyld Memory Loading

rop

ROP Primer - Walkthrough of Level 0

ROP Primer - Walkthrough of Level 1

ROP Primer - Walkthrough of Level 2

sql

SQL Server Authentication With Metasploit and MITM

metasploit

SQL Server Authentication With Metasploit and MITM

sqlserver

The SQL Server Crypto Detour

machine-learning

Tokenization Confusion

sccm

Exploring SCCM by Unobfuscating Network Access Accounts

docker

Windows Server 2016 / Docker Privilege Escalation

dotnet

Weird Ways to Run Unmanaged Code in .NET

xbox

Xbox One Controller Hacking

usb

Xbox One Controller Hacking