mr.d0x
C:\Users\mr.d0x> whoami_
Bypassing Cortex XDR
April 13, 2022Analyzing Cortex XDR and finding ways to bypass it.
Continue Reading →
Tampering With ForcePoint One DLP EndPoint
April 4, 2022ForcePoint One DLP EndPoint lacks tamper protection allowing attackers to disable the product, raise privileges and establish persistence on the machine
Continue Reading →Browser In The Browser (BITB) Attack
March 15, 2022This article explores a phishing technique that simulates a browser window within the browser to spoof a legitimate domain
Continue Reading →Steal Credentials & Bypass 2FA Using noVNC
February 19, 2022Steal credentials and bypass 2FA by giving users remote access to your server via an HTML5 VNC client that has a browser running in kiosk mode
Continue Reading →Twitter Recap - Part 1
January 8, 2022This is the start of a Twitter recap series which highlights interesting or useful posts that never made it to the blog
Continue Reading →Phishing With Spoofed Cloud Attachments
December 31, 2021Abuse the way O365 Outlook renders cloud attachments to make malicious executable cloud attachments look like harmless files
Continue Reading →
Microsoft Teams Abuse
December 10, 2021UPDATED: With the announcment that MS Teams allows users outside of an organization to message users, I revisited Teams and added new techniques
Continue Reading →Abusing Google Drive's Email File Functionality
November 17, 2021Google Drive's email file functionality can be used to send phishing emails via the google.com domain
Continue Reading →
Spoofing Calendar Invites Using .ics Files
November 2, 2021A new technique showing how an attacker can create calendar invites with spoofed attendees
Continue Reading →Introduction to Parent-Child Process Evasion
October 22, 2021Simple changes in process relationship could bypass certain security solutions
Continue Reading →