Stay up to date on the latest tech trends, IT news, and cybersecurity threats with our educational blog.

shellntel

Exploring Initial Access Methods #01 - Shortcuts and Tunnels to the Kingdom

Understanding the various methods and Tactics, Techniques and Procedures (TTP's) by which attackers gain initial access to systems is crucial for developing robust defense mechanisms. Initial access represents the first phase of an intrusion, where threat actors initially breach a target's defenses to establish a foothold within an organization's network. This blog series aims to […]

Learn More
Spoofing Command Line Arguments to Dump LSASS in Rust

One of the popular methods for dumping LSASS is using the procdump.exe program from the Sysinternals Suite. Something like: However, Microsoft is well aware of this method, and it is being tracked along with several other common methods and tools. Now procdump is legitimate software with many use cases and it is signed by Microsoft. […]

Learn More
Creating a Rootkit to Inject into a Protected Process and Dump LSASS

In my last blog post, I discussed one method of dumping LSASS where we created a DLL that we injected into Task Manager. We could then create an LSASS dump from Task Manager, and the DLL would hook the API calls responsible for creating the file and change the filename to something else. This allowed […]

Learn More
DEF CON 31 and Building A Wi-Fi Deauthentication Detector

Going to DEF CON was a dream I never thought would come to fruition. I remember 2009 being in 8th grade. Reading a physical copy of the magazine Wired. Sitting in the back of parent's minivan on the way to visit family in Milwaukee, WI, and seeing pictures and reading about the largest hacking conference […]

Learn More
Rotating Your Pentesting Vendor Is A Mistake!

Finding a great pentesting partner can be a challenge and there is much greater risk in changing firms than sticking with a partner you can trust. A good firm should have sufficient staff and work history to ensure that you can still get a new set of eyes without losing consistency or efficiency.

Learn More
Fun with AD CS from Windows Command Line

I’m a fan of full featured and weaponized C2s as much as anyone else to save time if it makes my job easier. Sometimes they can make your job harder when you’re dealing with EDR. A lot of opsec considerations come into play. Just because your C2 supports a particular feature doesn’t necessarily mean you […]

Learn More
Using API Hooking to Dump LSASS with Task Manager Undetected

There are many ways to create an LSASS dump file. One of the easiest ways is with Windows Task Manager. Simply right click the LSASS process and click “Create dump file”. This is great, except for the fact that Windows Defender will immediately flag this as malicious. Far from stealthy. Not ideal.  This raised some […]

Learn More
Executing Shellcode with Rust, AES-256, and a Gnome Photo

  Intro Disclaimer: this research is intended exclusively as an intellectual exercise and a means of making defenders aware of the simple possibilities with Rust malware. Using any of the provided tools or code is left to the discretion of the reader and I will not be held responsible. As Rust becomes increasingly popular, so […]

Learn More
Scheduled Tasks With Lucee: Abusing Built In Functionality For Command Execution

What is Lucee? Lucee is an open-source Cold Fusion Markup Language (CFML) application server and engine intended for rapid development and deployment. It provides a lot of out of the box functionality (tags and functions) to help build web applications. However, if an attacker has access to the Lucee dashboard, these very same functions allow […]

Learn More
What Does Chat GPT Think About Password Hash Assessments?

SynerComm's marketing team likes to ask our pentesters for help with their messaging. Like all good hackers, we adapt, automate and improve. So, when we asked our team for some helpful marketing messages, Dylan R. responded within seconds with this. Password security assessments are important because they help ensure that the passwords being used to […]

Learn More
1 2 3 5
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram