mr.d0x

C:\Users\mr.d0x> whoami_

Bypassing Cortex XDR

April 13, 2022

Analyzing Cortex XDR and finding ways to bypass it.

Continue Reading →

Tampering With ForcePoint One DLP EndPoint

April 4, 2022

ForcePoint One DLP EndPoint lacks tamper protection allowing attackers to disable the product, raise privileges and establish persistence on the machine

Continue Reading →

Browser In The Browser (BITB) Attack

March 15, 2022

This article explores a phishing technique that simulates a browser window within the browser to spoof a legitimate domain

Continue Reading →

Steal Credentials & Bypass 2FA Using noVNC

February 19, 2022

Steal credentials and bypass 2FA by giving users remote access to your server via an HTML5 VNC client that has a browser running in kiosk mode

Continue Reading →

Twitter Recap - Part 1

January 8, 2022

This is the start of a Twitter recap series which highlights interesting or useful posts that never made it to the blog

Continue Reading →

Phishing With Spoofed Cloud Attachments

December 31, 2021

Abuse the way O365 Outlook renders cloud attachments to make malicious executable cloud attachments look like harmless files

Continue Reading →

Microsoft Teams Abuse

December 10, 2021

UPDATED: With the announcment that MS Teams allows users outside of an organization to message users, I revisited Teams and added new techniques

Continue Reading →

Abusing Google Drive's Email File Functionality

November 17, 2021

Google Drive's email file functionality can be used to send phishing emails via the google.com domain

Continue Reading →

Spoofing Calendar Invites Using .ics Files

November 2, 2021

A new technique showing how an attacker can create calendar invites with spoofed attendees

Continue Reading →

Introduction to Parent-Child Process Evasion

October 22, 2021

Simple changes in process relationship could bypass certain security solutions

Continue Reading →