Real Name | emeric nasi |
---|---|
Email address | emeric.nasi at sevagas.com |
Website | blog.sevagas.com |
First Active | 2010-09-29 |
Last Active | 2020-11-28 |
Whitepaper called Weaponize GhostWriting Injection. This is part 5 of a 5 part series of papers.
3d099a69228585c470a148ebe081be2da6d34c0d0dfd0ebd47cfdcc1cef8b097
Whitepaper called Disable Dynamic Code Mitigation (ACG). This is part 4 of a 5 part series of papers.
d6f9a7c37019c5bda76e8bcb2576b76d7396ed3886e915eba4a11c4457397857
Whitepaper called Exploit WNF Callback. This is part 3 of a 5 part series of papers.
9664b39e787231b3245fe5981dad6081e60b1c547f615b949c49188c2fdc68ac
Whitepaper called Bypass Start Address Protection. This is part 2 of a 5 part series of papers.
7f1148363cdafe6c6302691edd3a5e745e18c1d0354d7e0941671b45c94136f8
Whitepaper called Process PE Injection Basics. This is part 1 of a 5 part series of papers.
e3f44c53dd19c10cacae6e12195ca0fa90ddcf9a48ae331f25cacf335673f889
macro_pack is a tool used to automate obfuscation and generation of MS Office documents for penetration testing, demo, and social engineering assessments. The goal of macro_pack is to simplify bypassing anti-malware solutions and automate the process from vba generation to final Office document generation.
c5edcba25cf4be512a120d75fc22584e2d4ff925ce78cd23d96e4c714d629695
swap_digger is a bash script used to automate Linux swap analysis for post-exploitation or forensics purpose. It automates swap extraction and searches for Linux user credentials, Web form credentials, Web form emails, HTTP basic authentication, WiFi SSID and keys, etc.
53147e0cf82da4bdc5ee73a8bc75667f3afd51f62351d8d4a1ef19fbcbf6f22f
Whitepaper called My VBA Bot - Writing Office Macro FUD encoder and other stuff.
cd3df45647920f0daf5fc401196c033c74794ce9607f20e3bb7bc0fa00433fdd
Whitepaper called Bluffing Network Scan Tools - What You See May Not Be What You Get. This is a little paper to remind people that results from automatic tools are always interpretations of incoming data. Tools expect a certain behaviour from systems, and will make some assumptions. If you do not know this, you may be fooled by false positives or worse loose your valuable time.
5d150e80887b974f0f88fa3e467f154bc6418ef8b8d2e211081dd93297989286
The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem. This is proof of concept code that triggers the kernel panic.
7020e5cb8eb79147f24ae47ba61603cfdfc59462bdfbc98295dfc6b21c5a9a40
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space. This is a POC to reproduce vulnerability. No exploitation here, just simple kernel panic.
4af67f178eb58a164b5111e77b240cd7ee040f47573670c05d5a9905efc16e21
The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. This is a POC to reproduce vulnerability. No exploitation here, just simple kernel panic.
a61882d75d8479cc731747b0d2682c513a28bb1ec35244e7dadceb22767f2277
The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via multiple "keyctl newring" operations followed by a "keyctl timeout" operation.
aa1298ddf2533503468e7415c2de8808d48b8fac52f00905dd6dbef860a455f8
In this paper the author describes AV methods and focuses on how to fool antivirus emulation systems. They set themselves a challenge to find half a dozen ways to bypass AV dynamic analysis by using a fully undetectable decryption stub.
ac72453c0063b45b72cc8060aab4c417bf781a5eebbe61cae50fb5c93dc9c3c7
Whitepaper called PE Injection Explained. Injecting code into other process memory is generally limited to shellcodes, either to hide the shellcode from Antivirus or to inject a DLL. The method described here is more powerful and enables you to inject and run a complete PE module inside another process' memory, including the possibility to call any system or runtime API with plain C++. It relies only on documented features and C++, no assembly knowledge required.
3f9c36022b09f6b3441e15b7fa94326ee950d204371a442571a58498d27b505c
Glyptodon is a little file-system analyzer for Linux systems. It is written in bash and it comes with an installer to make it run everyday automatically. This script writes some general information about file permissions, socket, ownership, etc. It also verifies the file-system for potential risks, such as set-uid files, world writable files, symlinks nouser files, etc.
0c9a68bfb2e52bdc81f2316f067d7f264897eb737ada4467537a3e3f11c576b8
Whitepaper called Exploiting Capabilities - Parcel Root Power, The Dark Side Of Capabilities. It dives into the dangers linked to POSIX file capabilities supported in Linux kernel versions greater than 2.6.26.
21d1099e6762feb810c2eaf486c7b8a5ecb81544dbea93148c03858a9d0eaf08