TL;DR During red teaming engagements or regular penetration testing, I always need to bypass certain AV, EDR or other defensive mechanisms. My usual approach was to just get rid of the signatures ...

TL;DR This post is a brief description of the work recently conducted on a known PowerShell obfuscator named Chimera by tokioneon_, which resulted in the creation of the illegitimate son of Chime...

TL;DR The term “Lateral movement” refers to the the set of techniques that allows an attacker to acquire further access into a network, after gaining initial access. The attacker, after gaining ac...

TL;DR The term “Lateral movement” refers to the the set of techniques that allows an attacker to acquire further access into a network, after gaining initial access. The attacker, after gaining ac...

One of the emerging security issues affecting Object Oriented Programming (OOP) Languages over the last few years was “Insecure Deserialization”. A wide range of literature is already available on ...

Ted - Authenticated Local File Inclusion Within this walkthrough, I will skip any part not related to the web application exploitation, but for sake of consistency I would briefly explain what (an...

Raven2 - Remote Command Execution Intro Within this walkthrough, I will skip any part not related to the web application exploitation, but for sake of consistency I would briefly explain what (an...

Pipe - Insecure Deserialization Within this walkthrough, I will skip any part not related to the web application exploitation, but for sake of consistency I would briefly explain what (and why) I ...

Homeless - Authentication Bypass through MD5 Collision Attack Within this walkthrough, I will skip any part not related to the web application exploitation, but for sake of consistency I would bri...

Flick2 - Remote Command Execution Within this walkthrough, I will skip any part not related to the web application exploitation, but for sake of consistency I would briefly explain what (and why) ...