Real Name | emeric nasi |
---|---|
Email address | emeric.nasi at sevagas.com |
Website | blog.sevagas.com |
First Active | 2010-09-29 |
Last Active | 2020-11-28 |
Whitepaper called Weaponize GhostWriting Injection. This is part 5 of a 5 part series of papers.
791ee7b58343b261e98e514c5986c656
Whitepaper called Disable Dynamic Code Mitigation (ACG). This is part 4 of a 5 part series of papers.
0e3e2706f39d2d7d4d94ea738b8ad433
Whitepaper called Exploit WNF Callback. This is part 3 of a 5 part series of papers.
de2d2611ba5a65fae0e9b4d906265a18
Whitepaper called Bypass Start Address Protection. This is part 2 of a 5 part series of papers.
568ae61a93a997dbd2cec3b699088933
Whitepaper called Process PE Injection Basics. This is part 1 of a 5 part series of papers.
d6c3819eba87765c193f47df3826d9c2
macro_pack is a tool used to automate obfuscation and generation of MS Office documents for penetration testing, demo, and social engineering assessments. The goal of macro_pack is to simplify bypassing anti-malware solutions and automate the process from vba generation to final Office document generation.
e03b77c16a16ab4c892b08e64966c673
swap_digger is a bash script used to automate Linux swap analysis for post-exploitation or forensics purpose. It automates swap extraction and searches for Linux user credentials, Web form credentials, Web form emails, HTTP basic authentication, WiFi SSID and keys, etc.
ce88e554ecf00a5e8c7c68abb1bdacb4
Whitepaper called My VBA Bot - Writing Office Macro FUD encoder and other stuff.
87032531ac567151790aca40969a34bb
Whitepaper called Bluffing Network Scan Tools - What You See May Not Be What You Get. This is a little paper to remind people that results from automatic tools are always interpretations of incoming data. Tools expect a certain behaviour from systems, and will make some assumptions. If you do not know this, you may be fooled by false positives or worse loose your valuable time.
b82799647cb16e7cad600b1825f872e7
The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem. This is proof of concept code that triggers the kernel panic.
7e8e99890f49c55f40e1c97712bd2500
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space. This is a POC to reproduce vulnerability. No exploitation here, just simple kernel panic.
41892d8c9ea011f2b0ebf36fcbb44cc6
The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. This is a POC to reproduce vulnerability. No exploitation here, just simple kernel panic.
73974e06417810bd1b77ad02b89add32
The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via multiple "keyctl newring" operations followed by a "keyctl timeout" operation.
dbc6af722de90a09a66b16637ebdc4a5
In this paper the author describes AV methods and focuses on how to fool antivirus emulation systems. They set themselves a challenge to find half a dozen ways to bypass AV dynamic analysis by using a fully undetectable decryption stub.
c4de1d2cdfde42f5957a9af64bb2de38
Whitepaper called PE Injection Explained. Injecting code into other process memory is generally limited to shellcodes, either to hide the shellcode from Antivirus or to inject a DLL. The method described here is more powerful and enables you to inject and run a complete PE module inside another process' memory, including the possibility to call any system or runtime API with plain C++. It relies only on documented features and C++, no assembly knowledge required.
cedbc89dcac3988de4c0f477137c827b
Glyptodon is a little file-system analyzer for Linux systems. It is written in bash and it comes with an installer to make it run everyday automatically. This script writes some general information about file permissions, socket, ownership, etc. It also verifies the file-system for potential risks, such as set-uid files, world writable files, symlinks nouser files, etc.
372fb22f87171701b95c76e160f6f758
Whitepaper called Exploiting Capabilities - Parcel Root Power, The Dark Side Of Capabilities. It dives into the dangers linked to POSIX file capabilities supported in Linux kernel versions greater than 2.6.26.
66279230d3dc3b92d8fde2be0d607b9b