It is a tool to collect data from an Active Directory (LDAP). This tool (written in rust) is based on the “mother” product called SharpHound.
Finally! After two years! We had the chance to go to the conference on Monday to enjoy the northern sun and the talks offered by Pass The SALT. The conference…
DESCRIPTION The new vulnerability called Follina (CVE-2022-30190) allows an attacker to exploit the MSDT tool (Microsoft Support Diagnostic Tool) using Microsoft Office files. MSDT collects and sends system information back…
Author : Joël Rabah Challenge maker : ghozt Introduction We are given an ELF binary, compiled on ARM architecture and linked statically which means the binary is gonna contains all…
Introduction During the STHACK 2022 (CTF event @Bordeaux France), Laluka has created few web challenges including the Headless Updateless Brainless challenge that had a "pwn" exploitation step. To be honest,…
Author : Quentin TEXIER (g0h4n) Introduction OpenCyber's pentest team participated to the CTF (Capture The Flag) challenge organised by the STHACK Friday 20 May from 8pm to Saturday morning 7am…
Introduction During the STHACK 2021 (CTF event @Bordeaux France), Mayfly has created few web challenges including the PDFMaker. We did block few (lost) hours on the exploitation part of the…
How to defeat nanomite packer with Dll injection and Winapi functions hooking Intro During the sthack 2021 (ctf event @bordeaux France), Phenol created a reverse challenge that was unsolved (if…
Préambule This blog post is about a Phishing campaign that we have done in our pentester's team. We try our best to avoid being in the spams box by checking…
Context During a pentest I wanted to escalate my privileges using a well-known UAC Bypass (WSReset.exe) on a compromised windows machine and I came across a detection I had never…
© 2012 — 2021
Mentions légales
Confidentialité
Cookies
