Explore >> Select a destination
|
You are here 
|
macrosec.tech | ||
| | | | |
taeluralexis.com
|
|
| | | | | In this writeup, we'll exploit a Linux machine on Hack The Box with CVE-2023-46604, leveraging Java deserialization for remote code execution. | |
| | | | |
pentestlaboratories.com
|
|
| | | | | Microsoft .NET framework is being heavily utilized by threat actors and red teams for defense evasion and staying off the radar during operations. Every .NET binary contains application domains where assemblies are loaded in a safe manner. The AppDomainManager object can be used to create new ApplicationDomains inside a .NET process. From the perspective of... | |
| | | | |
pentestlab.blog
|
|
| | | | | In Windows environmentswhen an applicationor a serviceis startingit looks for a number of DLL's in orderto function properly.If these DLL'sdoesn't exist or are implemented in an insecure way (DLL'sare called withoutusing a fully qualified path) then itis possible to escalate privileges by forcing the application to load and execute amalicious DLL file. It should be... | |
| | | | |
enigma0x3.net
|
|
| | | A while back I was exploring userland COM and stumbled across some 2011 research by Jon Larimer explaining the dangers of per-user COM objects. Recently Casey Smith (@subtee) started digging into COM and its implications as well, which motivated me to finish the research I had started. After some poking around, I found out that... | ||
