Reverse Engineering a JavaScript Obfuscated Dropper splinter_code blog 21 December 2023 at 09:06 by splinter_code - 31 July 2017 1. Introduction Nowadays one of the techniques most used to spread malware on windows systems is...
Weaponizing Mapping Injection with Instrumentation Callback for stealthier process injection splinter_code blog 21 December 2023 at 09:06 by splinter_code - 16 July 2020 Process Injection is a technique to hide code behind benign and/or system processes. This technique is u...
RomHack2020 - Windows Privilege Escalations: Still abusing local service accounts to get SYSTEM privileges splinter_code blog 21 December 2023 at 09:06 Slides here: https://github.com/antonioCoco/infosec-talks/blob/main/RomHack2020_Windows_Privilege_Escalations_Still_abusing_Service_Acco...
Relaying Potatoes: Another Unexpected Privilege Escalation Vulnerability in Windows RPC Protocol splinter_code blog 21 December 2023 at 09:06 by splinter_code & decoder_it - 26 April 2021 Executive Summary Every Windows system is vulnerable to a particular NTLM relay attack...
We thought they were potatoes but they were beans (from Service Account to SYSTEM again) splinter_code blog 21 December 2023 at 09:06 by splinter_code - 6 December 2019 This post has been written by me and two friends: @splinter_code and 0xea31 This is the “unintended...
The hidden side of Seclogon part 2: Abusing leaked handles to dump LSASS memory splinter_code blog 21 December 2023 at 09:06
Black Hat Asia 2021 - The Rise of Potatoes: Privilege Escalations in Windows Services splinter_code blog 21 December 2023 at 09:06