PinnedPublished inInfoSec Write-upsWhen the Hunter Becomes the Hunted: Using Minifilters to Disable EDRsUsing Minifilters to disable EDRs. Minifilter callback routines are just one of many ways a signed malicious driver can be leveraged into…Jun 27Jun 27
PinnedPublished inInfoSec Write-upsBuilding a 30,000$ password cracking rig in the cloud for pennies.Leverage the Cloud to build a high performance on-demand password cracking rig for cents, with HashCloud.Jun 3, 20233Jun 3, 20233
PinnedPublished inThe Gray AreaDIY Rubber DuckyHack5’s Rubber Ducky is amazing but expensive. With 3$ and a bit of elbow grease, you can make your own.May 14, 20231May 14, 20231
PinnedPublished inInfoSec Write-upsPhishing 101: Bypassing 2FA like a proOne of the most common techniques used by hackers is phishing, which involves tricking people into giving away their personal information…Mar 26, 2023Mar 26, 2023
Published inInfoSec Write-upsThis Simple Hack Reveals Who’s Selling Your DataLearn how to unveil online privacy breaches and protect your personal data with “Plus Addressing”.Nov 10, 2023Nov 10, 2023
Published inInfoSec Write-upsHacking Chat GPT and infecting a conversation historyWe demonstrate how hackers can leak your ChatGPT data by Hacking into your conversation using Prompt Injection attacksJul 1, 20232Jul 1, 20232
Published inInfoSec Write-upsLeaking Account Credentials with Excel: Hunting Vulns in Office365Similarly to Outlook’s CVE-2023–23397, Excel can leak a victim’s NTLM hash by crafting malicious linksApr 30, 2023Apr 30, 2023
Published inInfoSec Write-ups“Ghost Malware”: Infecting a machine with an empty archive file.Archive files, such as zip, rar etc. are commonly used to transport malware because they can hide malicious code or files from security…Apr 15, 20231Apr 15, 20231
The Do-Over: Taking the OSCP exam again, 2 years later.In 2021, I went on un expected journey and took the OSCP. 2 years later, after massive changes to the exam structure, and with the…Apr 2, 20232Apr 2, 20232
Published inResponsible CyberPart II: SaaS-ational Command and Control — Using Social Media and SaaS Platforms for Malicious…In a previous article, we explained how cybercriminals make use of Social Media, SaaS platforms, or pretty much any service with an API to…Mar 20, 2023Mar 20, 2023