Blog

PowerShell Empire StarKiller - Standard Account - KeePass Master Password Extraction (Version 2.52)

KeePass Password Managers are highly recommended and used in global companies, but also targeted by threat actors. Therefore, attackers having a foothold with limited privileges (Standard User) to the machine can identify if KeePass is running by listing the processes and unauthorized download the .KDBX KeePass Database file. While the KeePass Database file is opened, the password is stored in Plain Text in Memory which allows intruders to load scripts such as “KeeThief” to extract the Master Password and gain access to the compromised user credentials.

Cobalt Strike - OneDrive DLL injection - RedTeam

Advanced Persistent Threats (APTs) Ransomware threat actors are targeting more legitimate software’s used in global companies like default backup solutions such as Microsoft OneDrive. Therefore, when investigating the missing OneDrive DLL’s with ProcMon, the file “cscapi.dll” is loaded from “C:\Users\%USERNAME%\AppData\Local\Microsoft\OneDrive”. This allows threat actors to gain persistence when end-user opens OneDrive since the DLL will be loaded in the process.

OSCP Training - Brainpan Walkthrough - Buffer Overflow in 6 Steps!

Buffer overflow in 6 steps – scripts are in the video please feel free to pause them and copy them for yourself.Something I wish someone would show me before, in less than 20minutes! Time is key, so use it wisely. – this will work for any software that is vulnerable.Useful notes – Control+F2 is to restart the Immunity debugger instead of closing it and opening as Administrator.
Practice makes Perfect.