HOME
BLOG
ABOUT
NEWSLETTER
October 7, 2023
DUALITY — Advanced Red Team Persistence through Self-Reinfecting DLL Backdoors for Unyielding Control

DUALITY was a malware project I wrote during my tenure at Aon. It is a methodology, a pipeline, and a toolset that allows for on-the-fly backdooring of DLLs. These DLLs are then able to keep each other alive after infections are lost due to program updates. They also keep an implant up at all times, acting as a low privilege DLL-only mechanism for long-term persistence on hosts. This blog post introduces the idea of DUALITY as well as its applications for persistence. In the next iteration, the DUALITY pipeline is re-used for initial access.

January 3, 2023
EGREGIOUS MAGE — N-Day RCE Exploit for ZDI-17-836 (CVE-2017-12561)

This blog post releases an N-day exploit for ZDI-17-836, which is a remote UAF vulnerability in HP IMC's dbman.exe. A "heap tumbling" technique is discussed as well as sharing a tool to find addresses of ROP gadget pointers-to-pointers in non-ASLR / non-rebase modules. This tool is called "EIP Meathook".

September 14, 2022
Full Disclosure — Netgear WNDR3400v2 Authenticated RCE

This blog post goes over the full disclosure of a Netgear WNDR3400v2 0-day vulnerability.

June 28, 2021
Cyber Secure Select: Protecting High-Net-Worth Individuals external link

This post was written under Aon's Cyber Solutions blog. During a red team operation against a high-net-worth executive, we discovered and exploited a zero-day vulnerability to establish long-term persistence and further infiltrate the home network. General overview + vulnerability writeup are discussed in this post.

January 27, 2021
APT X — Process Hollowing

This post goes over the technique of "Process Hollowing" in high detail. It was written under Aon's Cyber Labs blog. The link to the code can be found here as well.

January 13, 2021
The Tech Mountain

This post discusses the idea of "The Tech Mountain". While not necessarily a novel idea, it may help people early in their hacking careers to progress faster as they internalize this concept.

April 14, 2020
Red Team Case Study: Bypassing CloudFlare WAF For Successful OGNL Injection external link

This post was written under Aon's Cyber Solutions blog. It focuses on the methodology utilized to bypass the CloudFlare Web Application Firewall (WAF), as part of the bigger picture of a red team operation that involved infiltrating a large organization.

February 14, 2019
Medical Exploitation: You Are Now Diabetic

This post was written under Depth Security's blog. 5 low and medium severity vulnerabilities were converted into an attack chain to exploit over 2.5 million user accounts.

February 6, 2018
Weaponization of Nessus Plugins external link

This post was written under Depth Security's blog. It goes over extracting functionality from a Nessus plugin and converting it into a functional exploit.

November 9, 2016
Exploitation: XML External Entity (XXE) Injection external link

This post was written under Depth Security's blog. It goes over a detailed scenario and methodology for how to exploit XML External Entity injection attacks.