Recently, I wanted to understand what a Windows program built with Qt 4.7 is doing under the hood, in particular I investigated the use of the QString class. For that I used Frida to hook some of the classes methods. Read more

The scenario is described as follows: In this lab environment, the user will access a Kali GUI instance. A vulnerable application can be accessed using the tools installed on Kali on: http://demo.ine.local http://demo2.ine.local http://demo3.ine.local http://demo4.ine.local Dictionaries to use: /usr/share/metasploit-framework/data/wordlists/common_users.txt /usr/share/metasploit-framework/data/wordlists/unix_users.txt Read more

This lab starts by exploiting a stored XSS vulnerability and a vulnerable Java browser plugin to get a (unprivileged) remote shell on one of the company’s internal network machines. In a next step, using the socalled Group Policy Preferences (GPP) vulnerability, it’s possible to get local administrator credentials. Bypassing UAC allows to further escalate the privileges to SYSTEM and force a domain administrator to login to the machine, by preventing an importing application to work,so that the user will contact IT support. Read more

Preparation # Set lab DNS $ sudo sed -i 's/nameserver.*/nameserver 10.100.13.37/' /etc/resolv.conf Cookies These are labs to understand how cookies work. Lab 1 Test cookie with domain set by default $ curl -i -s -k -X $'POST' \ -H $'Host: a.correctcookie1.site' \ --data-binary $'username=admin&password=adminpassword' \ $'http://a.correctcookie1.site/login.php' \ | grep "TestCookie" Set-Cookie: TestCookie=Cookie+set+by+default The cookie is set without a domain value and without a path. It is only valid for the same domain, but all paths: Read more

Here I’m describing the process, how this blog is built and deployed using Hugo, Docker and GitLab CI. In essence, every time I push code (or in my case content for my Hugo blog) to a GitLab repository, the GitLab CI runner will create a Docker container and provide it in it’s own private Docker registry. Watchdog will notice the change and pull the image. Read more