APT69

Recently, it was necessary to write an RCE exploit for a remote UAF N-day vulnerability (ZDI-17-836). This post goes through root cause analysis and exploitation. Also, I present a tool / methodology to avoid heap sprays. primalcerebral.com/blog/egregious…

During a recent red team op against a high-net-worth executive, we discovered and exploited a zero-day vulnerability to establish long-term persistence and further infiltrate the home network. General overview + vuln writeup are discussed in this post. aon.com/cyber-solution…

Threat actors today utilize a myriad of techniques to accomplish their goals. This post goes over, in depth, the technique of "Process Hollowing", which we sometimes utilize during our red team operations. primalcerebral.com/blog/apt-x-pro…

During a recent long-term red team op, we bypassed CloudFlare to obtain a foothold on a subsidiary. AD forest exploitation followed, which allowed for compromising the parent company. This post focuses on bypassing CloudFlare WAF. aon.com/cyber-solution…

Thanks to @NCCGroupInfosec for releasing their write up on CVE-2019-1405 and CVE-2019-1322. I figured it is time for me to learn some COM stuff so I whip up a PoC. Source: github.com/apt69/COMahawk . Video: vimeo.com/373051209 Thanks to @leoloobeek and @TomahawkApt69

github.com/n1xbyte/donutCS .NET Core version of @TheRealWover's Donut. Rewrote for dynamic usage with C2 payload generation. Stable in .NET for Linux and Windows. Other cool stuff in store. Possible Nuget package in the futureeeeeezzzzz