Blog | Techniques

Obfuscating Malicious, Macro-Enabled Word Docs

Posted on September 13, 2021

Evil Clippy 1200X934

Overview I was working on my OSEP certification when I was inspired to stop studying for a bit to deep-dive into malicious word documents. The OSEP certification inspired a lot of the content you'll see here and gave me a base to work up from. If you're looking for your next cyber security knowledge binge, I'd highly recommend the OSEP....Continue reading 

Weaponization of Nessus Plugins

Posted on February 06, 2018

Des Pic

Overview During a recent internal penetration test, the need arose to exploit a Java two-stage deserialization vulnerability. This post will walk through how to twist a Nessus plugin, meant to test only for the existence of an RCE vulnerability, into a weaponized exploit that can be utilized to attain a reverse shell on your own attacking server. This was necessary...Continue reading 

Exploiting Custom Template Engines

Posted on January 25, 2018

Introduction When performing an application assessment one of the areas within an app I pay particular attention to is any ability to define custom templates. By this I mean functionality that extends the ability to generate custom, dynamic, report, email, and document structures to application users. This functionality can often be exploited because of how dynamic these functions are required...Continue reading 

Have Questions?
Get Answers