CyberSecurity

A deep-dive into advanced process injection techniques, demonstrating how to bypass Windows’ Protected Process Light (PPL) security mechanism. The post covers the journey from classic DLL injection to exploiting the KnownDlls TOCTOU vulnerability in CSRSS, and finally using Shellcode Reflective DLL Injection (sRDI) to achieve code execution in a PPL process. [Read More]

This blog is a detailed technical guide on how to perform session hijacking by extracting, decrypting, and transferring encrypted Google Chrome cookies from one computer to another. It delves into Chrome’s security mechanisms, explaining how cookies are encrypted using the AES-256-GCM algorithm and how the encryption key is protected by Windows’ Data Protection API (DPAPI). The blog specifically highlights the complexities involved in handling the newer version 20 (v20) cookies, which are protected by App-Bound Encryption and require SYSTEM-level privileges to decrypt. By following the instructions provided, readers will be able to clone a login session and potentially bypass even two-factor authentication (2FA) mechanisms. [Read More]

This blog post explores the concept of Perfect Security in cryptography, which guarantees that observing a ciphertext provides no additional information about the original message. We establish a fundamental theorem stating that Perfect Security is equivalent to the statistical independence of ciphertexts and plaintexts. However, Shannon’s Theorem proves that achieving Perfect Security requires the secret key to be at least as long as the message, making practical implementations infeasible beyond small-scale use cases like the One-Time Pad. [Read More]

This blog delves into the vulnerabilities associated with the MicroLogix 1400 PLC, particularly focusing on CVE-2021-22659. Through a detailed analysis, I outline the phases of potential attacks, the underlying Modbus protocol, and the steps necessary for effective remediation. By understanding the intricacies of this vulnerability and employing robust security measures, organizations can better protect their operational technology environments. With the insights gained from the OPSWAT Fellowship Program, this work serves as a crucial resource for enhancing cybersecurity in industrial settings. [Read More]

In this detailed blog post, we explore the insidious world of phishing attacks carried out via Zalo chat. Through a step-by-step demonstration, we reveal how attackers craft convincing disguised files, use social engineering to lure victims, and employ Canarytokens to track unauthorized access and gather critical data like public IP addresses. Discover the techniques behind this sophisticated form of cyber deception and learn how to protect yourself from falling victim to such attacks. [Read More]

In this blog post, I explore how cybercriminals exploit chat applications like Zalo and Telegram to extract users’ IP addresses through methods like URL spoofing and phishing. By creating and distributing spoofed URLs, attackers can deceive users into revealing sensitive information. I also highlight a specific vulnerability in Telegram that exposes user IP addresses during calls. Learn the mechanics of these attacks, see a detailed proof of concept, and discover essential tips to protect your privacy online. [Read More]