πŸ”’
❌
There are new articles available, click to refresh the page.
Before yesterday@Wietze - Blog

Spoofing Google Search results

7 January 2019 at 00:00
By: @Wietze
By adding two parameters to any Google Search URL, you can replace search results with a Knowledge Graph card of your choice. A malicious user can use this to generate false information or 'fake news'.

PowerShell Obfuscation using SecureString

20 January 2020 at 00:00
By: @Wietze
PowerShell has built-in functionality to save sensitive plaintext data to an encrypted object called `SecureString`. Malicious actors have exploited this functionality as a means to obfuscate PowerShell commands. This blog post discusses `SecureString`, examples seen in the wild, and presents a tool [[8](https://wietze.github.io/powershell-securestring-decoder/)] that helps analyse `SecureString` obfuscated commands.

Hijacking DLLs in Windows

22 June 2020 at 00:00
By: @Wietze
DLL Hijacking is a popular technique for executing malicious payloads. This post lists nearly 300 executables vulnerable to relative path DLL Hijacking on Windows 10 (1909), and shows how with a few lines of VBScript some of the DLL hijacks can be executed with elevated privileges, bypassing UAC.

Windows Command-Line Obfuscation

23 July 2021 at 00:00
By: @Wietze
Many Windows applications have multiple ways in which the same command line can be expressed, usually for compatibility or ease-of-use reasons. As a result, command-line arguments are implemented inconsistently making detecting specific commands harder due to the number of variations. This post shows how more than 40 often-used, built-in Windows applications are vulnerable to forms of command-line obfuscation, and presents a tool for analysing other executables.

  • There are no more articles
❌