Automated Multi UAC Bypass – Streamlining Elevation Across Windows Versions
In today's digital landscape, navigating User Account Control (UAC) prompts efficiently across various Windows operating system versions is a critical aspect of system administration and security testing. This article explores an innovative approach to automate UAC bypasses, offering a seamless experience tailored for a spectrum of Windows versions, including Windows 10, Windows 11, Windows Server 2019, and Windows Server...
Clight GUI – Empowering Users With A User-Friendly Interface For Brightness Control On Linux
A graphical user interface built on Qt, designed to streamline the configuration and control of Clight and Clightd daemons. With features like tray applets for easy access to settings and seamless integration with the latest versions of Clight and Clightd, this tool offers Linux users a convenient solution for managing brightness settings. Explore how Clight GUI enhances your Linux...
io_uring_LPE-CVE-2023-2598 : Analysis Of The Conquering Memory Exploit
We dissect the exploit's mechanisms, shedding light on how it manipulates memory through io_uring. By delving into the technical nuances, we aim to provide a comprehensive understanding of this critical security issue for educational and research purposes. LPE exploit for CVE-2023-2598. My write-up of the vulnerability: Conquering the memory through io_uring - Analysis of CVE-2023-2598 You can compile the exploit with gcc exploit.c -luring...
TPM Sniffing – Unveiling Methods To Retrieve Bitlocker Keys Through Hardware Communication Channels
Retrieving Bitlocker keys from the TPM using SPI, I2C or LPC communications requires an understanding of the specific protocol supported by the TPM chip, as well as the device's make and model. Proper documentation and research are essential for successful key retrieval. This repo is to collaborate all the awesome resources and information hopefully into one place! NOTE: I'm 100%...
H4X-Tools : Empowering OSINT Enthusiasts With A Comprehensive Toolkit
Discover the power of H4X-Tools, a versatile toolkit designed for scraping, OSINT (Open-Source Intelligence), and beyond. From extracting information from social media accounts to conducting phone and IP lookups, H4X-Tools offers a wide array of functionalities to aid researchers, developers, and security enthusiasts alike. Explore its features, installation process, and community-driven development in this article. Toolkit for scraping, OSINT...
Hashcat – Unleashing The Power Of The World’s Fastest And Most Advanced Password Recovery Utility
Hashcat is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 300 highly-optimized hashing algorithms. Hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and macOS, and has facilities to help enable distributed password cracking. License Hashcat is licensed under the MIT license. Refer to docs/license.txt for more information. Installation Download the latest release and unpack it in...
Introduction To Cryptography – The Vigenère Cipher : Racking The Code And Exploring Its Challenges
In my first cryptography blogpost I introduced some definitions and concepts, one of them was the concept of substitution ciphers. In short, those ciphers substitute plaintext tokens by some methodology that depends on the cipher's key. I did forget to mention - encryption and decryption methodologies might be slightly different but the key would be used for both encryption and decryption - those...
LLVM-YX-Callobfuscator : Enhancing Windows x64 Native Call Security At Compile Time
A powerful LLVM plugin designed to bolster the security of Windows x64 native calls during the compilation process. This innovative tool transparently applies stack spoofing and indirect syscalls, providing enhanced protection against potential threats. LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time. "I've 5 Mins, What Is This?" This project is a...
v6.5.0 : dnSpy Version 6.5.0 – New Features, Improvements, And Bug Fixes
In this update, dnSpy introduces a host of new features, enhancements, and bug fixes, making it a more powerful and efficient .NET debugger and decompiler. From support for .NET 8 and C# ref types to improved debugger capabilities and performance optimizations, let's dive into the exciting changes brought by dnSpy v6.5.0. New Features dnSpy now runs on .NET 8 and .NET...
MobSF Remote Code Execution (CVE-2024-21633) – Uncovering Vulnerabilities In Mobile Security Framework
I have found an arbitrary file write in apktool and reported via github security advisory. I was aware that many projects were relied upon or dependent to apktool but after the publish of advisory and fix not many seem to be noticed or cared about it. I decided to check its impact and exploitability in some of the big dependants, I have then started...