The Lazy Phishermen

Recently friends of mine were victims of a phishing attack which had begun to spread to their clients via a compromised email account. Panic had sunk in and an email went out: As they explained the situation I quickly found out that no one was looking into it, so I…

CTF: billu: b0x

I had a quiet moment last week while the Overwatch servers were undergoing maintenance and figured I’d tackle a capture the flag challenge from vulnhub.com to pass the time. Random selection led me to this one: As I’m running a libvirt hypervisor I downloaded and converted with…

Backdooring Windows Executable Files

During the conduct of a recent penetration test, I needed to share a legitimate looking, yet decidedly malicious, executable with the client. There were multiple restrictions in place to create an authentic attack and as such, I was required to perform most of the work manually. After performing a quick…