Explore >> Select a destination

You are here

 www.wietzebeukema.nl
Save the Environment (Variable)
| | parsiya.net
Attack Surface Analysis - Part 2 - Custom Protocol Handlers
3.5 parsecs away

Travel
| | [AI summary] The provided text is a detailed technical article discussing various methods and techniques for exploiting custom protocol handlers and command-line switches in applications. It covers topics such as UNC path injection, command-line switch abuse, remote file execution, and leveraging startup directories for persistence. The article also includes practical examples, tools like Nirsoft's URLProtocolView, and advice on how to discover and exploit vulnerabilities in applications.
| | itm4n.github.io
Windows DLL Hijacking (Hopefully) Clarified | itm4n's blog
3.7 parsecs away

Travel
| | Whenever a "new" DLL hijacking / planting trick is posted on Twitter, it generates a lot of comments. "It's not a vulnerability!" or "There is a lot of hijackable DLLs on Windows..." are the most common reactions. Though, people often don't really speak about the same thing, hence the overall confusion which leads us nowhere. I don't pretend to know the ultimate truth but I felt the need to write this post in order to hopefully clarify some points.
| | gebir.ge
Remote Code Execution as a Service: A Privilege Escalation Journey | GEBIRGE
3.1 parsecs away

Travel
| | [AI summary] The provided text describes a detailed process of exploiting a Windows system through a REST API endpoint, leveraging DLL hijacking and dynamic code execution. The user outlines the steps taken to gain access, including crafting malicious DLLs, using reflection to load assemblies, and executing commands via PowerShell. The text concludes with a reflection on the learning experience and resources used.
| | blog.ikuamike.io
Hack The Box: Forest
25.6 parsecs away

Travel
| Introduction After passing my OSCP, I am planning on doing CRTP and CRTO sometime this year. I took the OSCP exam before the updates that are focused on Active Directory so I didn't actively focus on this area. So to learn and practice on AD and Windows and also as some prep for the certifications I plan on taking, I will be doing some machines that are AD related and try to get into the details of the included misconfigurations and vulnerabilities.