LoginLocalPotato - When Swapping The Context Leads You To SYSTEM
12 February 2023 at 18:05
Normal view
Before yesterdaysplinter_code blog
-
splinter_code blog
- Custom-Branded Ransomware: The Vice Society Group and the Threat of Outsourced Development
Custom-Branded Ransomware: The Vice Society Group and the Threat of Outsourced Development
27 December 2022 at 18:05
-
- Black Basta Ransomware | Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor
Black Basta Ransomware | Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor
27 December 2022 at 18:05
Giving JuicyPotato a second chance:Β JuicyPotatoNG
27 December 2022 at 18:05
The hidden side of Seclogon part 3: Racing for LSASS dumps
28 June 2022 at 17:05
-
- Insomni'Hack 2022 - Ransomware Encryption Internals: A Behavioral Characterization
No more JuicyPotato? Old story, welcome RoguePotato!
5 May 2022 at 19:43
by splinter_code & decoder_it - 11 May 2020 After the hype we ( @splinter_code and me) created with our recent tweet , itβs time t...
-
- BlueHat IL 2022 - Relaying to Greatness: Windows Privilege Escalation by abusing the RPC/DCOM protocols
Locky Ransomware is back! 49 domains compromised!
5 May 2022 at 19:43
by splinter_code - 26 June 2016 Locky ransomware starts up again its illegal activity of stealing money from their victims after a temporary inactivity since the end of May. This time, it comes with hard-coded javascript...
-
- Hide and Seek | New Zloader Infection Chain Comes With Improved Stealth and Evasion Mechanisms
New Locky variant β Zepto Ransomware Appears On The Scene
5 May 2022 at 19:43
by splinter_code - 7 July 2016 New threat dubbed Zepto Ransomware is spreading out with a new email spam campaign. It is a variant of the...
A very simple and alternative PID finder
5 May 2022 at 19:43
Reverse Engineering a JavaScript Obfuscated Dropper
5 May 2022 at 19:43
by splinter_code - 31 July 2017 1. Introduction Nowadays one of the techniques most used to spread malware on windows systems is...
-
- Weaponizing Mapping Injection with Instrumentation Callback for stealthier process injection
Weaponizing Mapping Injection with Instrumentation Callback for stealthier process injection
5 May 2022 at 19:43
by splinter_code - 16 July 2020 Process Injection is a technique to hide code behind benign and/or system processes. This technique is u...
-
- RomHack2020 - Windows Privilege Escalations: Still abusing local service accounts to get SYSTEM privileges
RomHack2020 - Windows Privilege Escalations: Still abusing local service accounts to get SYSTEM privileges
5 May 2022 at 19:43
Slides here: https://github.com/antonioCoco/infosec-talks/blob/main/RomHack2020_Windows_Privilege_Escalations_Still_abusing_Service_Acco...
-
- Relaying Potatoes: Another Unexpected Privilege Escalation Vulnerability in Windows RPC Protocol
Relaying Potatoes: Another Unexpected Privilege Escalation Vulnerability in Windows RPC Protocol
5 May 2022 at 19:43
by splinter_code & decoder_it - 26 April 2021 Executive Summary Every Windows system is vulnerable to a particular NTLM relay attack...
-
- We thought they were potatoes but they were beans (from Service Account to SYSTEM again)
We thought they were potatoes but they were beans (from Service Account to SYSTEM again)
5 May 2022 at 19:43
by splinter_code - 6 December 2019 This post has been written by me and two friends: @splinter_code and 0xea31 This is the βunintended...
