C:\Users\mr.d0x> whoami_

Hijacking & Spoofing Context Menu Options

March 6, 2024

Hijacking SentinelOne’s “Scan For Threats” context menu option and creating your own option for persistence

Continue Reading →

File Archiver In The Browser

May 22, 2023

This article explores a phishing technique that emulates a file archiver software in the browser while using a .zip domain

Continue Reading →

Phishing With Chromium's Application Mode

October 1, 2022

In this blog post I show how Chromium’s application mode allows us to easily create realistic desktop phishing applications

Continue Reading →

Stealing Access Tokens From Office Desktop Applications

September 17, 2022

Dumping tokens from Microsoft Office desktop applications’ memory

Continue Reading →

Attacking With WebView2 Applications

June 21, 2022

Exploring WebView2 applications and how they can be used for credential and cookie theft

Continue Reading →

Bypassing Cortex XDR

April 13, 2022

Analyzing Cortex XDR and finding ways to bypass it

Continue Reading →

Tampering With ForcePoint One DLP EndPoint

April 4, 2022

ForcePoint One DLP EndPoint lacks tamper protection allowing attackers to disable the product, raise privileges and establish persistence on the machine

Continue Reading →

Browser In The Browser (BITB) Attack

March 15, 2022

This article explores a phishing technique that simulates a browser window within the browser to spoof a legitimate domain

Continue Reading →

Steal Credentials & Bypass 2FA Using noVNC

February 19, 2022

Steal credentials and bypass 2FA by giving users remote access to your server via an HTML5 VNC client that has a browser running in kiosk mode

Continue Reading →

Twitter Recap - Part 1

January 8, 2022

This is the start of a Twitter recap series which highlights interesting or useful posts that never made it to the blog

Continue Reading →