Presentation on Windows Privilege Escalation at Null Delhi

Recently I gave a presentation on Windows Privilege Escalation Tips and Tricks. Here is a slideshare . Click here Cheers.

Mind Map for Web Application audit

After a talk with a friend Aman Hardikar . He has allowed me to share his work and i am pleased to share it with you all . He has created many mind maps , web application , wireless audits… Continue Reading

SSL Audit Understanding and Tools

Overview Over time now i’ve been reading articles of different encryption mechanisms SSL/TLS etc. I am going to cut short the chase since there are many articles available online to make u understand the basics . I was browsing over… Continue Reading

TugZip 3.5 Zip File Parsing Buffer Overflow Vulnerability

This module exploits a stack-based buffer overflow vulnerability in the latest version 3.5 of TugZip archiving utility. In order to trigger the vulnerability, an attacker must convince someone to load a specially crafted zip file with TugZip by double click… Continue Reading

Adobe PDF Embedded EXE Social Engineering

This module embeds a Metasploit payload into an existing PDF file. The resulting PDF can be sent to a target as part of a social engineering attack.

Internet Explorer CSS Recursive Import Use

This module exploits a memory corruption vulnerability within Microsoft’s HTML engine (mshtml). When parsing an HTML page containing a recursive CSS import, a C++ object is deleted and later reused. This leads to arbitrary code execution. This exploit utilizes a… Continue Reading

Microsoft Office 2007 Excel exploit

This module exploits a vulnerability found in Excel of Microsoft Office 2007. By supplying a malformed .xlb file, an attacker can control the content (source) of a memcpy routine, and the number of bytes to copy, therefore causing a stack-… Continue Reading