Whilst the science of logic can feel abstract, at its core, it is understanding how conclusions follow from premises. This act of ‘following’ can happen twofold (fundamentally) through syntactic an...

After discussing XOR obfuscation in a previous post, we examine a real-world use in Cloudflare’s Email Address Obfuscation service. This is used to stop simple (albeit lazy) bots from finding email...

XOR obfuscation is a bare-bones and lightweight way of obfuscating data (usually shellcode). It involves the bitwise XOR operation where we combine data with a key to get our result. It is useful f...

SMB relay is a man-in-the-middle attack used in AD environments in the case that we as an attacker (for whatever reason) can’t crack a hash we have. Instead of wasting valuable time cracking the pa...

A stager is a small piece of software that has only one primary task: to trigger a larger implant’s download and make the initial connection between host and C2. Stagers are small, lightweight and ...

Sliver is an “adversary emulation framework” or a powerful command and control (C2) framework designed “to provide advanced capabilities for covertly managing and controlling remote systems”. Slive...

Active is an easy windows box that begins with an open SMB share that contains an interesting file (namely “Groups.xml”) with config data for a Group Policy Preference. This data is encrypted with ...

Rooting is the process of gaining elevated privileges on a comparatively restricted device, such as a phone. In this walkthrough, we will run through the process of rooting a phone (S20FE 5G, r8q) ...

LLMNR poisoning is a man-in-the-middle (MiTM) attack that exploits a Windows fallback protocol to steal user credentials. An attacker listens for Link-Local Multicast Name Resolution (LLMNR) reques...

Chemistry is an easy linux box that begins with us finding a website allowing us to upload .cif files. We gain RCE through file upload, giving us low privilege access as the app user. From there, w...