برچسب: Pentest

The training is divided in five sections: Initial foothold, Gaining access, Offensive Coding, internal reconnaissance and lateral movement. The training will cover each section in depth by providing technical evidence of how each technique works. Red team exercises are performed to assess responsiveness and detection capability. As a red teamer, it is important to understand what each tool and commands we use is doing behind the curtain to be able to provide proper guidance. The training will help you understand the tool and technique being used during a red team, develop your own toolset, adapt existing tools when needed, provide guidance on where to look for new techniques or potential evasion tricks and finally an overview of the popular technique used to perform red team exercise.

Expect to perform code review, network analysis, code behavior analysis and write code to improve your red team capabilities.

Syllabus

Initial foothold

Payload Crafting

Gaining access

Internal reconnaissance

Lateral Movement

Mr.Un1k0d3r – Red Team Training

ادامه مطلب

The Mr.Un1k0d3r – Offensive Coding is a comprehensive program designed for those interested in the field of cybersecurity, particularly in offensive security and penetration testing. The course is led by Mr.Un1k0d3r, who is known for developing Red Team tools.

One of the key aspects of this course is its focus on AV/EDR Evasion: Packer Style. This involves learning about various techniques to evade antivirus and endpoint detection and response systems, which are crucial skills for any offensive security professional.

The course also includes a detailed walkthrough of the Prelude Operator 1.5 platform. This platform is used extensively in the course to demonstrate and practice various offensive coding techniques.

Mr.Un1k0d3r – Offensive Coding

ادامه مطلب

This course covers key aspects of cybersecurity, including understanding threats, vulnerabilities, and the necessary countermeasures. It may also delve into specialized areas such as zero-day vulnerability research.

ZeroDayEngineering – Cybersecurity vs. Zero Day Engineering

ادامه مطلب

At Pwn2Own Vancouver 2021 I have demonstrated an 0day VM escape exploit for Parallels Desktop hypervisor. The exploit chain that I developed was based on logic issues. In this deep technical presentation I will share the technical details of the exploit, as well as various preliminary and contextual knowledge related to it.
Logic security vulnerabilities (i.e. those that can be exploited without any memory corruptions) are becoming increasingly important in offensive security research right now, as Rust and other memory-safe programming languages are rapidly taking over popular code bases. When evaluating the attack surface of Parallels Desktop, as an expert in both hypervisors and memory corruption bugs, I saw many opportunities for classical buffer overflows, but chose to try and find a logic bug instead. As hypervisors are ultra-complex low level software, exploitable logic bugs in them are extremely rare. I was lucky to find such a “one of a kind” bug.
Despite the bug was quite simple, the exploit turned out to be not so easy. Exploitation of the bug required me to develop a kernel module for the guest OS from which I was escaping, reverse-engineer some internal RPC protocol of the hypervisor, and emulate it in the exploit code. Eventually the exploit was reliable 100% by design, and executed arbitrary code on the host Mac. During the Pwn2Own competitions it came as a surprize that my exploit did not meet any collisions with other competition entries. Because the bug itself was quite easy, I expected that at least one participant would find and utilize it independently in their own Pwn2Own exploit. But it didn’t happen. That made me aware of the fact that a bug that looks easy does not necessarily imply an easy discovery or an easy exploitation process, an estimation which is very important for strategic aspects of offensive security research.

ادامه مطلب

We will look into how we can bypass kASLR, kLFH, and do hands-on exploitation using data-only attack, which effectively bypasses SMEP and other exploit mitigations.

Upon completion of this training, participants will be able to learn:

  • Exploit development process in kernel mode
  • Mitigation bypasses
  • Pool internals & Feng-Shui
  • Arbitrary Read/Write primitive
ادامه مطلب

Burp Suite Pro is the leading tool for auditing Web applications at large, but also a complex beast where new features get added every few weeks. Mastering Burp Suite Pro, including its newest features, allows testers to get the most out of the tool, optimizing time spent auditing and testing. Work will be faster (hotkeys!) and much more efficient (more tools, more possibilities!). Attendees will also learn to measure and assess the quality of their attacks, a crucial skill in real-life engagements that can make the difference between a false-negative and a critical finding.

Agarri.fr – Mastering Burp Suite Pro

ادامه مطلب