SkullKanary

Latest — May 31, 2024

Insights - Cobalt Strike (data_jitter)

The following outlines observations when analyzing cobalt strike traffic. The method of decrypting and analyzing cobalt strike c2 traffic is left as an exercise for the reader (however, I will dive into different topics here :)) According to the cobalt strike documentation, data_jitter is defined as "Append random-length string

More issues

Abusing Windows Token

References * https://sensepost.com/blog/2022/abusing-windows-tokens-to-compromise-active-directory-without-touching-lsass/ * https://www.ired.team/miscellaneous-reversing-forensics/windows-kernel-internals/get-all-open-handles-and-kernel-object-address-from-userland I came across this reference while browsing my twitter feed and thought it was pretty interesting. This blog post just captures some of the highlights from the article. The gist of the article is explaining how

Understanding structs and pointers

Table of contents 0x00 - Summary You have have noticed something like the following image when browsing example code snippets or Github repositories: This inevitably leads to the use of pointers and deferences later in the code. All of this can look quite intimating to newcomers. If you find yourself

Hide your PowerShell commands via PSReadLine

Overview Powershell PSReadLine provides several cmdlets that enhances productivity. One of its interesting features is the ability to quickly retrieve the history of commands executed. Starting with PSReadLine v.2.0.4+, sensitive "keywords" included in commands will be not logged. From an offensive perspective, this provides an

The canaries have not awaken

Hello! This blog is just getting started. I plan on using this platform to document knowledge gained through my job and side projects. I'm a cybersecurity engineer with a primary emphasis on offensive security. Why the blog ? - I've always wanted a medium to document my

More issues

Subscribe to SkullKanary