ETWHash is a small C# tool used during Red Team engagements, that can consume ETW SMB events and extract NetNTLMv2 hashes for cracking offline, unlike currently documented methods.

In this blog post an overview of the different components of a red team infrastructure is given. This includes explanations how these work, as well as the comparison of different solutions and their characteristics.

Thanks @rbran for the contributions!
backhand

Kind has been extended to take an CompressionAction to have a custom compression and decompression
algorithm. This defaults to the DefaultCompressor i...

A few weeks ago I ran into a conversation on Twitter about the weaknesses of applied cryptography textbooks, and how they tend to spend way too much time lecturing people about Feistel networks and…

A small utility to translate NTDS.dit files to SQLite format. - almandin/ntdsdotsqlite

As some of you may have seen, I posted a challenge to use Ghidra to identify a vulnerability in a WarGames themed game. There has been a…

In today's increasingly digital world, the need for robust cybersecurity measures has never been gre

Recently, we discussed various methods of persistence on corporate devices and a colleague of mine mentioned a tool he had written. We we...

The cybercriminals who breached MSI last month have apparently leaked the company's private code signing keys on their dark web site.

TL;DR ¶ A few months ago, while hunting on a public bug-bounty programme, I found a nice little bug chain that involved
an insecure message event listener, a shoddy JSONP endpoint, a WAF bypass, DOM-based XSS on an out-of-scope subdomain, a permissive CORS…

Compromising a host in a company’s perimeter often creates the opportunity to pivot into an internal network. From there on, each additional compromised system may grant us access into further subnets. Pivoting like this is second nature to …

Note : This work took place in May-Aug of 2022. It just took me this long to finally finish writing this (Too busy playing with my SRD 😅) L...

Recently, a new trend has emerged in the world of ransomware: intermittent encryption, the partial encryption of targeted files. Many ransomware groups, such as BlackCat and Play, have adopted...

A wishlist of AWS IAM feature requests

This post details two bugs I found, a plist injection (CVE-2023-27328) and a race condition (CVE-2023-27327), which could be used to escape from a guest Parallels Desktop virtual machine. In this post I’ll break down the findings.

elttam is an independent security company providing research-driven security assessment services. We combine pragmatism and deep technical insight to help our customers secure their most important assets.

Revolutionize firmware extraction with UNBLOB! Discover the latest developments & advancements in this cutting-edge project. Don't miss latest blog post!

SF's move buffer ExtMove moveList[MAX_MOVES] assumes a maximum move count of 256, but there are many "impossible" positions in which more than 256 moves are generated.
When running on...

This is a rambling post series, as an introduction to some other, forthcoming posts on the same topic. It is mostly a braindump of sorts as I go through the design process and try get GPT to do some element of my job for me.

So recently I have been

We take security and open-source data privacy seriously at Mithril Security. So we're very proud that our historical confidential computing solution, BlindAI, was successfully audited by Quarkslab!