mr.d0x

C:\Users\mr.d0x> whoami_

Stealing Access Tokens From Office Desktop Applications

September 17, 2022

Dumping tokens from Microsoft Office desktop applications' memory

Continue Reading →

Attacking With WebView2 Applications

June 21, 2022

Exploring WebView2 applications and how they can be used for credential and cookie theft

Continue Reading →

Bypassing Cortex XDR

April 13, 2022

Analyzing Cortex XDR and finding ways to bypass it

Continue Reading →

Tampering With ForcePoint One DLP EndPoint

April 4, 2022

ForcePoint One DLP EndPoint lacks tamper protection allowing attackers to disable the product, raise privileges and establish persistence on the machine

Continue Reading →

Browser In The Browser (BITB) Attack

March 15, 2022

This article explores a phishing technique that simulates a browser window within the browser to spoof a legitimate domain

Continue Reading →

Steal Credentials & Bypass 2FA Using noVNC

February 19, 2022

Steal credentials and bypass 2FA by giving users remote access to your server via an HTML5 VNC client that has a browser running in kiosk mode

Continue Reading →

Twitter Recap - Part 1

January 8, 2022

This is the start of a Twitter recap series which highlights interesting or useful posts that never made it to the blog

Continue Reading →

Phishing With Spoofed Cloud Attachments

December 31, 2021

Abuse the way O365 Outlook renders cloud attachments to make malicious executable cloud attachments look like harmless files

Continue Reading →

Microsoft Teams Abuse

December 10, 2021

UPDATED: With the announcment that MS Teams allows users outside of an organization to message users, I revisited Teams and added new techniques

Continue Reading →

Abusing Google Drive's Email File Functionality

November 17, 2021

Google Drive's email file functionality can be used to send phishing emails via the google.com domain

Continue Reading →