Mirrored from WKL Security Introduction In this article, we’ll look at a Python script that uses Windows Management Instrumentation (WMI) to remotely control a target computer. The script makes u...
Mirrored from WKL Security. This version is an update ahead. Introduction In this blog post, we will go through the importance of each profile’s option, and explore the differences between defaul...
Mirrored from WKL Security Introduction This article is a demonstration of memory-based detection and evasion techniques. Whenever you build a Command & Control or you perform threat hunting,...
Recently I was developing a simple Shellcode Loader which uses Callbacks as an alternative of Shellcode execution. While it bypasses every runtime scanning, it failed to bypass the signature detect...
The more predictable you are, the less you get detected Recently I publish a small PoC on Github about a way of hiding malicious shellcode in PE by lowering its entropy. Entropy is the measure of...
It’s been months since I have released ppmap and it didn’t take much for the tool to be popular because of how crazy and trending Prototype Pollution vulnerability actually is. On this article I’...
The traditional way using And 0 The ordinary usage of And 0 is easily detected by WAF and instantly triggers it, so it becomes impossible to use that query. The examples below describes the tradit...
Even though HTTP Request Smuggling is documented back on 2005, it is still one of the least known Webapp vulnerability out there. After a little break I decided to hunt a private company (which is...
Summary Recently, I performed a Cross Site Scripting vulnerability, however a normal XSS payload wasn’t being triggered because CSP was blocking external Javascript code (XSS) being executed. By f...
During penetration testing, I faced with a website which on this article I will name it as http://domain.com While browsing the website, I didn’t see any single Parameter, even though the website w...