April 26, 2018

Category: Offensive

Crypto Jacking – The New Threat

In this post I will discuss the new threat of Crypto Jacking – what it is, where it came from and why you should be on the look out. What is Crypto Jacking? Crypto Jacking is where malicious code is installed on your infrastructure/Computer with the aim of using your processing power to mine Crypto […]

Getting really low :: Backdooring an EXE

So recently I started my OSCE and part of it is backdooring an executable and doing some other things.  There are loads  of guides on the interwebz that basically just regurgitate the course content verbatim and claim it as their own.  I won’t provide links but trust me, they are out there.  These sites / blogs […]

Kali Linux :: Email Harvesting

In this post, I will show you a tool in Kali Linux that’s able to harvest email addresses that are publicly available on the internet. Why do I want to harvest emails? When working with a company to run a phishing campaign against you (for testing purposes), or indeed a hacker running a malicious phishing […]

My first Exploit-DB Post!!

Recently I’ve started to get interested in bug hunting to further my understanding of all sorts of programming languages and I highly recommend it! Today I decided to turn my attention to the Netman 204 card by Riello which is a small network management card which provides the ability to monitor Riello UPS products and […]

Bug Hunting – PHP

I’ve been doing a bit of bug hunting recently (with varying degrees of success) and really wanted to write this article just so I have a little cheat sheet to go back to!  I’ll keep updating it and adding bits as I find more. When I scoured the internet I came across a few “examples” […]

Using PowerSploit to inject MSFVenom shellcode

This article will discuss how we can use the rather brilliant PowerSploit project, coupled with MSFVenom, to inject a staged Meterpreter reverse HTTPS shell into a running process.  This script can then be Base64 encoded and used in a USB HID attack or a macro malware document and I will write the relevant guides for […]

USB HID – Teenyduino keyboard led feedback

After doing a bit of Google-Fu I managed to work out how to read the state of the simulated keyboard LEDs for the Teensyduino.  It turns out you read a single value with the predefined variable keyboard_leds which when converted to binary shows the state of each LED in the least significant bits.  The what?  Let’s […]

USB HID – what to do when cmd and run are disabled

All the articles I can find on the internet for the USB HID attack vector revolve around using one of two initial shell access methods.  These are: Windows key + R — Open a run  prompt Windows key, type “CMD”, press ENTER — Open a command window Anyone who has worked in enterprise IT in the […]

USB HID attack – A zero to hero guide

I’ve had a Teensy USB 3.2 Arduino board for around a year now with the intention of playing with some USB HID attacks and creating this blog has finally motivated me to do it.  Hurrah for the blog.  If you haven’t heard or seen anything about USB HID attacks they are a pretty neat little attack […]

PowerShell :: a macro malware sender

Hopefully you have landed here having read Part I and Part II of my How to make your own macro malware series and already have a little context behind this script.  In short, it came from a need to send an email with an attachment to hundreds of recipients whilst alternating the email content and spoofing the […]
Page 1 of 212 »

Subscribe to SYNACK via Email