Husband 🤴🏻Hacker 💻 Developer 🤓 Scot 🏴
Everything in Linux is a file, that even goes for your process information. This lived inside the /proc directory on your filesystem. Today we will use and abuse this knowledge to hide a target process from the ps command in Linux, and in essence other Unix based systems. But first…
How does the ps command work? As mentioned previously everything in Linux is a file, including the process tree in /proc.
XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application’s processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access, and in the case of PHP can lead to Command Execution.
Today I took the step to migrate away from the Medium platorm and revert back to a Hugo and AWS setup.
Over the past few years I have been blogging (fairly infrequently) on the platform and was mainly attracted to getting paid per post behind their paywall.
However more recently I’ve came to realise I don’t really write content to get paid $3.99 per month (Max i’ve been paid is $50 for an article, then it drops to pennies).
There are a plethora of reasons as to why you may want to have a custom written shellcode runner, Whether that be to Avoid Detection or Aid in Portability there are also a plethora of ways and languages to write one in from C all the way down to PowerShell.
Today i’m going to show you how to use native Golang functions to use the Windows API to execute a Meterpreter Shell.
In the good ol’ days to write a credential sniffer you had to spend alot of time learning C and libpcap this was extremely time consuming and no one really wants to go through that.
So today we have GoLang, the statically typed language from google, specifically the gopacket library from google.
Gopacket is a library that introduces packet filtering and capturing to go. It comes with C Bindings for libpcap, C Bindings for pfring, afpacket C Bindings and tcpassembly.
Today we are going to learn how to Elevate our Privileges in a Linux system using Docker.
Docker What is Docker? Docker is a set of platform as a service products that uses OS-level virtualization to deliver software in packages called containers. Containers are isolated from one another and bundle their own software, libraries and configuration files; they can communicate with each other through well-defined channels.
How does docker lead to privesc When an admin allows an un-privileged user access to the ‘docker’ group it allows us to make use of the docker CLI to create containers.
There comes a point in every developer’s life where XML data is painfully unavoidable to work with. RSS Feeds try to make this easier but everyone prefers good ol’ JSON, unless you are a sadist.
In Golang we can attack this in a number of ways like using an XML to JSON Library, but why not use the Go standard libraries and save some vendoring issues.
Building our own XML to JSON function I was recently working on something that required a Medium RSS feed published to a website and thought why not use a GoLang function running on OpenFaaS to accomplish this.