mr.d0x
C:\Users\mr.d0x> whoami_
Twitter Recap - Part 1
January 8, 2022This is the start of a Twitter recap series which highlights interesting or useful posts that never made it to the blog
Continue Reading →Phishing With Spoofed Cloud Attachments
December 31, 2021Abuse the way O365 Outlook renders cloud attachments to make malicious executable cloud attachments look like harmless files
Continue Reading →
Microsoft Teams Abuse
December 10, 2021UPDATED: With the announcment that MS Teams allows users outside of an organization to message users, I revisited Teams and added new techniques
Continue Reading →Abusing Google Drive's Email File Functionality
November 17, 2021Google Drive’s email file functionality can be used to send phishing emails via the google.com domain
Continue Reading →
Spoofing Calendar Invites Using .ics Files
November 2, 2021A new technique showing how an attacker can create calendar invites with spoofed attendees
Continue Reading →Introduction to Parent-Child Process Evasion
October 22, 2021Simple changes in process relationship could bypass certain security solutions
Continue Reading →
Phishing With Google's Domain
October 20, 2021A quick and easy way to bypass link analyzers by hiding behind Google’s domain.
Continue Reading →Spoofing Vulnerabilities In GDrive and OneDrive
October 20, 2021Google Drive and OneDrive contain spoofing vulnerabilities that can aid attackers with phishing
Continue Reading →
Leveraging VirtualBox During Engagements
August 4, 2021If you run into VirtualBox on a machine during an engagement try some of these methods
Continue Reading →
Easy Bounty With Exposed Buckets & Blobs
July 26, 2021A simple guide on finding exposed AWS S3 buckets and Azure Blobs
Continue Reading →