Unveiling DNSStager: A tool to hide your payload in DNS

Estimated Reading Time: 8 minutes In the past few weeks, I was working on a new project that could help me to solve an issue during a case I was facing, I needed a tool to help me pulling off my payload through DNS without being noisy or suspicious with the ability to inject this payload to the memory and…

Customising an existing evilginx phishlet to work with modern Citrix

Estimated Reading Time: 6 minutes As part of a recent Red Team engagement, we had a need to clone the Citrix endpoint of the target company and see if we could grab some credentials. Sounded like a job for evilginx2 (https://github.com/kgretzky/evilginx2) – the amazing framework by the immensely talented @mrgretzky. What is evilginx2? evilginx2 is a man-in-the-middle attack framework used…

Introducing APT-Hunter : Threat Hunting Tool via Windows Event Log

Estimated Reading Time: 8 minutes APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity without the need to have complicated solution for parsing and detecting attacks in windows event logs like SIEM solutions…

Uncovering New Attack group ( APT FIREPLACE ) Targeting MENA

Estimated Reading Time: 14 minutes In this article am revealing technical details about a new attack group ( FIREPLACE APT as i named them based on the findings ) . i did reverse engineering on the backdoors to understand its usage so you will find in details analysis for these malwares . Note : All the observed evidences and analyzes…

Octopus v1.2 stable: shellcode generation, spoofed args agent & much more!

Estimated Reading Time: 4 minutes It’s been a while since I released the stable version of Octopus, and today, I’m glad to announce that version 1.2 from Octopus is out! We added new features to this version and fixed some issues from the previous one to make it more stable. With time going by, we noticed that Octopus usage is…

In-Memory shellcode decoding to evade AVs/EDRs

Estimated Reading Time: 9 minutes During the previous week, I was doing some research about win32 APIs and how we can use them during weaponizing our attack, I already did some work related to process injection in the past, but I was looking for something more advanced and to do an extra mile in process injection. So, I took my…

OCS Inventory NG v2.7 Remote Command Execution (CVE-2020-14947)

Estimated Reading Time: 7 minutes Summary of OCS Inventory NG Open Computer and Software Inventory Next Generation is free software that enables users to inventory IT assets. OCS-NG collects information about the hardware and software of networked machines running the OCS client program. OCS can visualize the inventory through a web interface. About the exploit I found this vulnerability by…

Ninja C2 V1.1 : New Update with many features

Estimated Reading Time: 4 minutes After seeing many positive feedback regarding Ninja C2 . I decided to enhance it , solve the known issues and provide more features that will help every pentester . i tested Ninja in real world pentest engagements , also in CRTP exam and it proved to be worthy to make your life easy while doing…