BlogHide Resteemsptonewreckin (25)in security • 6 years agoRevenge of the Sticky Keys - An Exercise In Privilege Escalation and PersistenceA while back I was messing with the Pupy framework and decided to write a fun module for persistence/privilege escalation. The technique presented in this entry is nothing new, in fact there are far…ptonewreckin (25)in security • 6 years agoDirect Object References - What are they and how can we stop them!!?During an interview a few years back I was asked, "If you had the power to remove any application-related vulnerability from existence, what would it be?" My response was pretty generic, going after…ptonewreckin (25)in security • 6 years agoGymnastics with SSHLet's say you travel a lot or are on vacation in Greece. Is Greece awesome? You're goddamn right it is - Dining above Athens with a bottle of Domaine Romanée Conti overlooking the Parthenon is…ptonewreckin (25)in security • 6 years agoWindows + PythonA quick way to setup Python in Windows. Download Chocolatey - A package manager for Windows. choco install python2 PS C:\Windows\system32> which python /c/Python27/python PS…ptonewreckin (25)in security • 6 years agoGetting Jumpy With The Bash BunnyAfter weeks of waiting I've finally obtained my Bash Bunny. Essentially, the Bash Bunny serves as a small piece of hardware (USB stick) that can conduct several actions by selecting one of two…ptonewreckin (25)in security • 6 years agoSSH Tunneling In WindowsEver wanted to use SSH on Windows? There are several tools we can use to do so including Plink/Putty/Bitvise. While these solutions do work, they're a bit less natural than just firing up a terminal…ptonewreckin (25)in security • 6 years agoExploiting XXEXML External Entity (XXE) Injection: The vuln that keeps on giving... XXE Injection can occur when XML parsers are overly permissive in their configurations and allow for the processing of…
