WNF Chronicles I: Introduction
WNF is a Kernel component internally used to send notifications accross the system, which can be abused to achieve malicious goals.
Blog
Real Stories: XXE Error-Based and OOB Exfiltration
Today I will talk about a severe vulnerability I found during a real pentesting exercise. More precisely, I was able to exploit XXE in order to “blindly” exfiltrate system files from a server using SSRF and an error-based technique.
Bypassing Antivirus using Direct System Calls
In today’s post we will talk about how most AV/EDRs detect malicious behaviours and a really interesting way to bypass them. PEzor is a tool developed by @phra which I have analyzed to understand how Direct System Calls can be used for this purpose.
Asymmetric Cryptography: RSA (II)
In the previous post we talked about RSA and how its maths mork. As I promised, today I bring you a real implementation of the algorithm, using Python. The scope is to understand how RSA works in order to use it in a secure way.
Asymmetric Cryptography: RSA (I)
Today I would like to talk to you about one of the most important asymmetric cryptographic algorithms in history: RSA.
Because of the algorithm complexity, I decided to divide this post in two parts. In the first one I will explain the algorithm and how the maths do their job here (don’t run away! They are not so complicated!). In the next part I will show you a real RSA implementation.