A stager is a small piece of software that has only one primary task: to trigger a larger implant’s download and make the initial connection between host and C2. Stagers are small, lightweight and ...

Sliver is an “adversary emulation framework” or a powerful command and control (C2) framework designed “to provide advanced capabilities for covertly managing and controlling remote systems”. Slive...

Active is an easy windows box that begins with an open SMB share that contains an interesting file (namely “Groups.xml”) with config data for a Group Policy Preference. This data is encrypted with ...

Rooting is the process of gaining elevated privileges on a comparatively restricted device, such as a phone. In this walkthrough, we will run through the process of rooting a phone (S20FE 5G, r8q) ...

LLMNR poisoning is a man-in-the-middle (MiTM) attack that exploits a Windows fallback protocol to steal user credentials. An attacker listens for Link-Local Multicast Name Resolution (LLMNR) reques...

Chemistry is an easy linux box that begins with us finding a website allowing us to upload .cif files. We gain RCE through file upload, giving us low privilege access as the app user. From there, w...

The SUID bit (Set owner User ID) is a special permission in Unix/Linux systems that, when set on an executable file, allows that file to be run with the permissions of the file’s owner, rather than...

The Lilygo T-Embed CC1101 is a pocket-sized dev board with in-built Sub-GHz, IR, NFC, WiFi, BLE, BadUSB and more. It uses an ESP-32 S3 for the microcontroller. I’ve made this blog as I’ve noticed a...