One shell to HANDLE them all
New approach to escalate privileges by abusing open token handles after compromising a web app
New approach to escalate privileges by abusing open token handles after compromising a web app
Disclosure of two novel techniques to compromise a CA server by abusing the ManageCA permissions (AD CS)
Research and tooling development around the ESC7 attack (AD CS)
Combining DLL hijacking with Cobalt Strike Malleable C2 profiles to persist and stay stealthy
Turning an arbitrary file read vulnerability (CVE-2018-1685) into a full Linux host compromise, via Kerberos
Use of Google Apps Script as a proxy for communication with the C&C
Analysis and compromise of an RFID scanner used to pivot to the corporate network
Article about how disable_functions works in PHP and how to find bypasses
Technical details about how to pivot through a Microsoft SQL Server