Category: research

    Compact view
  • November 2, 2023
    Parsing the msDS-KeyCredentialLink value for ShadowCredentials attack

    In-depth explanation of the msDS-KeyCredentialLink attribute used in a shadow credentials attack, and how to parse it.
    November 2, 2023 Parsing the msDS-KeyCredentialLink value for ShadowCredentials attack
  • April 20, 2023
    Windows debugging - Analyzing a BSOD crash dump

    Learn how to analyze a BSOD crash dump on Windows to understand what happens during a system crash and how to troubleshoot effectively.
    April 20, 2023 Windows debugging - Analyzing a BSOD crash dump
  • July 27, 2022
    Python vulnerabilities : Code execution in jinja templates

    We will see how to create context-free payloads for jinja2, always allowing direct access to the os module in a jinja2 template without requirements. These payloads will be particularly useful for exploiting SSTI vulnerabilities.
    July 27, 2022 Python vulnerabilities : Code execution in jinja templates
  • August 26, 2021
    Python context free payloads in Mako templates

    We will see how to create context-free payloads for Mako, always allowing direct access to the os module in a jinja2 template without requirements. These payloads will be particularly useful for exploiting SSTI vulnerabilities.
    August 26, 2021 Python context free payloads in Mako templates
  • July 27, 2021
    Python vulnerabilities : Code execution in jinja templates

    We will see how to create context-free payloads for jinja2, always allowing direct access to the os module in a jinja2 template without requirements. These payloads will be particularly useful for exploiting SSTI vulnerabilities.
    July 27, 2021 Python vulnerabilities : Code execution in jinja templates
  • April 20, 2021
    TTYs and where to find them

    TTYs and where to find them
    April 20, 2021 TTYs and where to find them
  • March 24, 2021
    Python format string vulnerabilities

    Python format strings can be very useful but they can be prone to vulnerabilities when misused.
    March 24, 2021 Python format string vulnerabilities
  • December 11, 2020
    Reverse Shells 101

    This article explains the necessary components to create a reverse shell.
    December 11, 2020 Reverse Shells 101
  • November 12, 2020
    Constructing a semi-interactive reverse shell with curl

    This article details how I created a curl-based reverse shell, from scratch.
    November 12, 2020 Constructing a semi-interactive reverse shell with curl
  • November 11, 2020
    Constructing a semi-interactive reverse shell with wget

    This article details how I created a wget-based reverse shell, from scratch.
    November 11, 2020 Constructing a semi-interactive reverse shell with wget