C:\Users\mr.d0x> whoami_
Phishing with Progressive Web Apps and UI manipulation
Continue Reading →Hijacking SentinelOne’s “Scan For Threats” context menu option and creating your own option for persistence
Continue Reading →This article explores a phishing technique that emulates a file archiver software in the browser while using a .zip domain
Continue Reading →In this blog post I show how Chromium’s application mode allows us to easily create realistic desktop phishing applications
Continue Reading →Dumping tokens from Microsoft Office desktop applications’ memory
Continue Reading →Exploring WebView2 applications and how they can be used for credential and cookie theft
Continue Reading →Analyzing Cortex XDR and finding ways to bypass it
Continue Reading →ForcePoint One DLP EndPoint lacks tamper protection allowing attackers to disable the product, raise privileges and establish persistence on the machine
Continue Reading →This article explores a phishing technique that simulates a browser window within the browser to spoof a legitimate domain
Continue Reading →Steal credentials and bypass 2FA by giving users remote access to your server via an HTML5 VNC client that has a browser running in kiosk mode
Continue Reading →