This is Part II. If you haven’t read Part I — HookChain, go do that first. Part I showed how to defeat userland NTDLL hooks with IAT manipulation, dynamic SSN resolution, and indirect syscalls. Tha...

Every red team engagement I have ever been on has walked into a Microsoft SQL Server at some point. HR systems, ticketing backends, CMDBs, finance, inventory — any of them. It is, after SMB, the se...

Dungeon Game Memory Exploitation CTF Intro I recently tackled a challenging CTF that required reverse engineering a dungeon game to extract a hidden flag. Instead of playing the game legitimate...

HookChain is a novel technique aimed at bypassing Endpoint Detection and Response (EDR) solutions by leveraging low-level Windows APIs and manipulating how system calls interact with user-mode hook...

Introduction API hooking is an essential technique in modern malware development, allowing attackers to intercept and manipulate system calls for malicious purposes. One of the most popular librar...

Cobalt Strike C2 Memory Evasion Intro Cobalt Strike is a popular tool among red teams for simulating advanced threats and conducting penetration testing. However, its widespread use has made it a...

HABOOB BLUE CTF Difficulty: HARD Windows 10 Notifications I discovered this information within the browser history. The user accessed Telegram, so we need to examine the messages. To do this, n...

Attack ‫ بسم الله الرحمن الرحيم. سنتطرق اليوم بمشيئة الله لشرح الـ unconstrained delegation ‫ Unconstrained delegation ‫ الدلقيشن يسمح لمستخدم أو خدمة للعمل نيابةً عن سيرفس اكاونت او مستخدم أخر ‫...

Description: ‫ بسم الله الرحمن الرحيم والصلاة والسلام على اشرف المرسلين. أActive Directory Certificate Services or AD CS هي تمبلت مقدمة من مايكروسوفت كنقطة بداية لتوزيع ال certificates وهي مصممه لت...

Description: ‫ مرحبًا، راح أشرح اليوم بإذن الله الـ Kerberoasting . ولكن قبل ما أبدأ بشرحه راح اتكلم عن ال Kerberos بشكل مبسط لكي يتضح لنا التكنيك. Kerberos: ‫ الـ Kerberos يحتوي على الكثير من الا...