During the first phase of a penetration test, especially when the test is performed in blackbox mode, is really important to gather correct informations from company websites and employees social accounts.
In my previous post “Code injection on Windows using Python: a simple example“, i’ve explored the ctype python library and the usage of Windows API in order to perform a code injection on 32bit systems. All tests was performed using shellcodes generated by metasploit or found on some online repository, i ask myself: “Is […]
Recently i had to perform some comparative tests on a couple of whitelisting solutions. One of the crucial step of the test was the proper functioning of memory monitoring feature, useful in case of process injection: infact, when a trusted process has been started, an attacker may use it as vector for inject a malicious […]
The Netflix Security Intelligence and Response Team (SIRT) has released (under Apache 2.0 license) a triage tool to help digital forensics and incident response teams quickly identify compromised hosts on which to focus their response. The tool, written in python 3 and named “Diffy”, is strictly focused on security incidents on cloud architectures.
Recently i’ve published this post focused on hunting malware using volatility and Yara rules.