Deceptive Windows Security Dialog for Harvesting Credentials
Implementing ATT&CK MITRE's T1056.002 for credential harvesting via CredUIPromptForWindowsCredentialsW
[ Read ]Offensive Security Engineer · Red Teamer · Researcher
Recent Articles
Bypassing Microsoft KB5014754 and KDC_ERR_PADATA_TYPE_NOSUPP in Certipy
Exploiting ESC1, bypassing KB5014754 and KDC_ERR_PADATA_TYPE_NOSUPP errors.
[ Read ]Exploiting wsftprm.sys driver for disabling AV/EDR
Reverse engineering and exploitation of Topaz's wsftprm.sys driver for disabling Windows Defender and other PPL protected processes.
[ Read ]Accessing the Realme Customer Support Platform
Gaining access to Realme's customer support by exploiting an API and Blind XSS flaw.
[ Read ]CVE-2024-42008 and CVE-2024-42010 POC
Proof of concept for the exploitation of two vulnerabilities in Roundcube Webmail version 1.6.7 and below, and in version 1.5.7 and below.
[ Read ]