MSDT DLL Hijack UAC bypass
UAC Bypass via DLL hijacking of Microsoft Support Diagnostic Tool (MSDT). The UAC bypass method described here is (...)
Wednesday 2 February 2022, by Emeric Nasi
Hide HTA window for RedTeam
Short post to explain how to create a stealthy HTA file running without any window or taskbar mention. This can be (...)
Thursday 15 July 2021, by Emeric Nasi
Bypass Windows Defender Attack Surface Reduction
A redteam oriented study of Windows Defender Exploit Guard Attack Surface Reduction. Analysis of several rules, (...)
Sunday 24 February 2019, by Emeric Nasi
Yet another sdclt UAC bypass
Fileless UAC bypass via COM hijack using sdtlc.exe auto-elevated process.
Wednesday 23 January 2019, by Emeric Nasi
Advanced USB key phishing
How to create "trojanized" USB key for redteam/social engineering using ADS, shortcuts, HTA, macro_pack, etc. Drop (...)
Saturday 23 June 2018, by Emeric Nasi
Hacking around HTA files
How to hide Visual Basic Scripts HTA in other files and generate self playing HTA files without the .hta (...)
Wednesday 7 February 2018, by Emeric Nasi
String encryption using macro and cryptor
I’ve found out a lot of people want to be able to encrypt string in a C or C++ software. There are a lot of methods (...)
Sunday 29 June 2014, by Emeric Nasi
Fun combining anti-debugging and anti-disassembly tricks
Short article presenting basic anti-debug and anti-disassembly techniques and a way to combine them to make (...)
Saturday 17 May 2014, by Emeric Nasi
PE injection explained
Injecting code into other process memory is generally limited to shellcode, either to hide the shellcode from (...)
Sunday 13 April 2014, by Emeric Nasi
Hide meterpreter shellcode in executable
Have you ever wanted to put meterpreter in an exe file but were annoyed by antivirus detecting it? Here is a way to (...)
Tuesday 11 March 2014, by Emeric Nasi