Skip to main content

Recently Updated Pages

Global Offset Table Overwrite

Red Team - Buffer Overflows Because life Sucks

Les vulnérabilités de type Global Offset Table (GOT) Overwrite se présentent comme des failles de...

Updated 3 months ago by Arthur Reppelin

x64 Canaries

Red Team - Buffer Overflows Because life Sucks

Dans cet exercice, nous allons comprendre ce que sont les protections "canary". [*] '/home/arthur...

Updated 3 months ago by Arthur Reppelin

Format String

Red Team - Buffer Overflows Because life Sucks

Les vulnérabilités format string sont causées par une erreur dans l'exécution de certaines foncti...

Updated 3 months ago by Arthur Reppelin

La pile

Red Team - Buffer Overflows Because life Sucks

Comprendre le schéma de la pile : PROCESSEUR (CPU) MÉMOIRE ...

Updated 3 months ago by Arthur Reppelin

ShellCode Injection

Red Team - Buffer Overflows Because life Sucks

Pour l'injection de shellcode, les étapes sont relativement similaires au détournement de fonctio...

Updated 3 months ago by Arthur Reppelin

Return to win (ret2win)

Red Team - Buffer Overflows Because life Sucks

Return to win is a buffer overflow technique relying on a return address overwrite to jump in ano...

Updated 3 months ago by Arthur Reppelin

Flammekueche

Recipes

[!IMPORTANT] Cette recette est basée sur la recette de Flam's (R) [!info] Prévoir environ 30 m...

Updated 3 months ago by Arthur Reppelin

L'overflow __scanf

Red Team - Buffer Overflows Because life Sucks

On peut commencer par voir les protections associées à notre binaire : ┌──(arthur㉿LAPTOP-KSNUF8N7...

Updated 3 months ago by Arthur Reppelin

FootHold

Red Team - Windows

Scan Initial Dans de nombreux cas, les machines Windows ne répondent pas aux requêtes ping. Un sc...

Updated 4 months ago by Arthur Reppelin

La méthode du trampoline (x86)

Red Team - Buffer Overflows Because life Sucks

Contrairement à la méthode du saut direct que nous avons vu précédemment dans BOF1 sur TryHackMe ...

Updated 4 months ago by Arthur Reppelin

Function HiJack

Red Team - Buffer Overflows Because life Sucks

Pour récupérer l'accès à une fonction, il nous faut : L'adresse de la fonction La taille du padd...

Updated 4 months ago by Arthur Reppelin

GDB

Red Team - Buffer Overflows Because life Sucks

Comme je n'étais pas hyper convaincu par le cours de TryHackMe, j'ai creusé ailleurs. Quoi qu'il ...

Updated 4 months ago by Arthur Reppelin

Other Attacks

Red Team - Windows Credentials Harvesting

In the previous tasks, the assumption is that we already had initial access to a system and were ...

Updated 4 months ago by Arthur Reppelin

Local Administrator Password Solution (LAPS)

Red Team - Windows Credentials Harvesting

This task discusses how to enumerate and obtain a local administrator password within the Active ...

Updated 4 months ago by Arthur Reppelin

Windows Credential Manager

Red Team - Windows Credentials Harvesting

This task introduces the Windows Credential Manager and discusses the technique used for dumping ...

Updated 4 months ago by Arthur Reppelin

Local Security Authority Subsystem Service (LSASS)

Red Team - Windows Credentials Harvesting

What is the LSASS? Local Security Authority Server Service (LSASS) is a Windows process that han...

Updated 4 months ago by Arthur Reppelin

Conclusion

Red Team - Windows Credentials Harvesting

Recap In this room, we discussed the various approaches to obtaining users' credentials, includi...

Updated 4 months ago by Arthur Reppelin

Domain Controller

Red Team - Windows Credentials Harvesting

This task discusses the required steps to dump Domain Controller Hashes locally and remotely. NT...

Updated 4 months ago by Arthur Reppelin

Local Windows Credentials

Red Team - Windows Credentials Harvesting

In general, Windows operating system provides two types of user accounts: Local and Domain. Local...

Updated 4 months ago by Arthur Reppelin

Credential Access

Red Team - Windows Credentials Harvesting

Credential Access Credential access is where adversaries may find credentials in compromised sys...

Updated 4 months ago by Arthur Reppelin