Password cracking has come a long way, but what about password analysis? Back in the day, Pipal was our go-to tool for basic statistics and base-word identification. In 2017, two of SynerComm’s...
While reading through the MSDN documentation for Bluetooth, I started thinking about what opportunities there were to leverage Bluetooth for offensive purposes. I ended up creating a shellcode...
I recently started learning about the world of game modding. I have always played games on a console, so modding was not something I ever pursued. However, after picking up the PC version of my...
This is a follow-up blog post from our CypherCon 2024 presentation. The slides are located here: https://x.com/TheL0singEdge/status/1776101737461399780 Active Directory Certificate Services (AD CS)...
Understanding the various methods and Tactics, Techniques and Procedures (TTP's) by which attackers gain initial access to systems is crucial for developing robust defense mechanisms. Initial access...
One of the popular methods for dumping LSASS is using the procdump.exe program from the Sysinternals Suite. Something like: procdump64.exe -accepteula -ma -o dumpfile.dmp However, Microsoft is well...
In my last blog post, I discussed one method of dumping LSASS where we created a DLL that we injected into Task Manager. We could then create an LSASS dump from Task Manager, and the DLL would hook...
Going to DEF CON was a dream I never thought would come to fruition. I remember 2009 being in 8th grade. Reading a physical copy of the magazine Wired. Sitting in the back of parent's minivan on the...
I’m a fan of full featured and weaponized C2s as much as anyone else to save time if it makes my job easier. Sometimes they can make your job harder when you’re dealing with EDR. A lot of opsec...
There are many ways to create an LSASS dump file. One of the easiest ways is with Windows Task Manager. Simply right click the LSASS process and click “Create dump file”. This is great, except for...