Intelligence-led Red Teaming

When conducting Red Team attacks, I believe it is important to use an intelligence-led approach when doing scenario planning. This is sometimes also known as threat actor emulation. Such an approach involves doing prior background research on the threat actors targeting that specific industry, ...

Crash Windows Event Logging Service

While trying to write an undetectable event log cleaner, I delved into the NTAPIs to try to prevent Event ID 1102 from being created. In the process, I stumbled upon a way to crash the Windows Event Logging service. This is interesting because crashing the logging service would mean that ...

Interesting DLL exports

Found a couple of interesting DLL exports while hunting for LOLBAS. Most of these have not been documented as far as I know. There are potentially a lot more out there, the system was behaving strangely when enumerating the list of exports. Unfortunately, I do not know of a good way to ...

Expanding on Pyramid of Pain

I believe most threat hunters would already be familiar with the Pyramid of Pain. Most hunters aim to detect artefacts and tools, as they are higher up the pyramid. However, there is scarce information available to guide them in doing so. Using my red team knowledge, I would like to expand on ...

OSCE review

I have written an OSCP review and a SANS SEC660 review a few years ago. As time passes, I find these reviews harder and harder to write. Over the years, I have learnt on the job, through my own research and through such courses and CTFs. All this prior knowledge has made it very difficult for ...

Vulnserver - Order of difficulty

Most guides out there give a walkthrough on solving individual functions within vulnserver. However, when practising for OSCE, I do not want the solutions. Instead, I want to know the order of difficulty of the various functions so I can start from the easiest function and work my way towards ...

Free fresh notes for ang bao

I came up with this technique a few years ago and never had to queue for fresh notes for ang bao since. Hence, I believe it is worth sharing. When you receive your ang bao this year, do not spend or deposit the fresh notes. Keep it and pass it to your parents to fill their ang bao for Chinese ...

Phishing with actual bait

If you received an email like the one below, would you try out the voucher code and see if it works? I sure as heck would, there is literally zero risk from doing so. Assuming the voucher code works and your account is credited with $5 immediately, how far would you be willing to go to get an ...