0xInfection's Blog — Ramblings of an Infected Geek.

<!DOCTYPE html> <html lang="en"> <head> <meta name="generator" content="Hugo 0.109.0"> <title> 0xInfection's Blog — Ramblings of an Infected Geek. </title> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta name="description" content="Ramblings of an Infected Geek." /> <meta name="keywords" content="security" /> <meta name="robots" content="noodp" /> <link rel="canonical" href="https://0xinfection.github.io/" /> <link rel="stylesheet" href="/css/style.css" /> <link rel="stylesheet" href="https://0xinfection.github.io/style.css" /> <link rel="apple-touch-icon-precomposed" sizes="144x144" href="https://0xinfection.github.io/img/apple-touch-icon-144-precomposed.png" /> <link rel="shortcut icon" href="https://0xinfection.github.io/img/favicon.png" /> <link href="/fonts/Inter-Italic.woff2" rel="preload" type="font/woff2" as="font" crossorigin=""> <link href="/fonts/Inter-Regular.woff2" rel="preload" type="font/woff2" as="font" crossorigin=""> <link href="/fonts/Inter-Medium.woff2" rel="preload" type="font/woff2" as="font" crossorigin=""> <link href="/fonts/Inter-MediumItalic.woff2" rel="preload" type="font/woff2" as="font" crossorigin=""> <link href="/fonts/Inter-Bold.woff2" rel="preload" type="font/woff2" as="font" crossorigin=""> <link href="/fonts/Inter-BoldItalic.woff2" rel="preload" type="font/woff2" as="font" crossorigin=""> <meta name="twitter:card" content="summary"/> <meta name="twitter:title" content="0xInfection's Blog"/> <meta name="twitter:description" content=""/> <meta property="og:title" content="0xInfection's Blog" /> <meta property="og:description" content="" /> <meta property="og:type" content="website" /> <meta property="og:url" content="https://0xinfection.github.io/" /><meta property="og:site_name" content="0xInfection's Blog" /> <link rel="alternate" type="application/rss+xml" href="/index.xml" title="0xInfection's Blog" /> </head> <body class="dark-theme"> <div class="container"> <header class="header"> <span class="header__inner"> <a href="/" class="logo" style="text-decoration: none;" > <span class="logo__mark"><svg xmlns="http://www.w3.org/2000/svg" class="greater-icon" viewBox="0 0 44 44"> <path fill="none" d="M15 8l14.729 14.382L15 35.367" /> </svg> </span> <span class="logo__text" >0xinfection's security stuff</span > <span class="logo__cursor"></span> </a> <span class="header__right"> <nav class="menu"> <ul class="menu__inner menu__inner--desktop"> <li><a href="/about">About</a></li> <li><a href="/posts">Blog</a></li> </ul> <ul class="menu__inner menu__inner--mobile"> <li><a href="/about">About</a></li> <li><a href="/posts">Blog</a></li> </ul> </nav> <span class="menu-trigger"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"> <path d="M0 0h24v24H0z" fill="none" /> <path d="M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z" /> </svg> </span> <span class="theme-toggle"> <svg class="theme-toggler" width="24" height="24" viewBox="0 0 48 48" fill="none" xmlns="http://www.w3.org/2000/svg" > <path d="M22 41C32.4934 41 41 32.4934 41 22C41 11.5066 32.4934 3 22 3C11.5066 3 3 11.5066 3 22C3 32.4934 11.5066 41 22 41ZM7 22C7 13.7157 13.7157 7 22 7V37C13.7157 37 7 30.2843 7 22Z" /> </svg> </span> </span> </span> </header> <div class="content"> <div class="posts"> <article class="post on-list"> <h1 class="post-title"><a href="https://0xinfection.github.io/posts/analyzing-freeswitch-vulns/">Analyzing two FreeSWITCH vulnerabilities – CVE-2021-41157 & CVE-2021-37624</a></h1> <div class="post-meta"> <time class="post-date"> 2021-10-31 </time> </div> <figure class="post-cover"> <img src="https://0xinfection.github.io/posts/analyzing-freeswitch-vulns/cover.gif" alt="Analyzing two FreeSWITCH vulnerabilities -- CVE-2021-41157 & CVE-2021-37624"/> </figure> <div class="post-content"> This post is about two vulnerabilities that I researched on a year back in the FreeSWITCH VoIP server that were fixed and disclosed publicly a few weeks ago. Both of the vulnerabilities were issues that affected the SIP functionality in all versions below v1.10.7 and were categorized under CWE-287. Background # The story dates to a year ago, back when I was still learning about RTC (real-time communications) security and working under Sandro – where we used to do a lot of research on real-time communication infra. </div> <div><a class="read-more button" href="/posts/analyzing-freeswitch-vulns/">Continue reading →</a></div> </article> <article class="post on-list"> <h1 class="post-title"><a href="https://0xinfection.github.io/posts/wmi-ad-enum/">Offensive WMI - Active Directory Enumeration (Part 5)</a></h1> <div class="post-meta"> <time class="post-date"> 2021-10-17 </time> </div> <figure class="post-cover"> <img src="https://0xinfection.github.io/posts/wmi-ad-enum/cover.png" alt="Offensive WMI - Active Directory Enumeration (Part 5)"/> </figure> <div class="post-content"> This blog is the fifth installation of the “Offensive WMI” series that I’ve been writing on, and this post will cover Active Directory enumeration. Active Directory (AD) is Microsoft’s implementation of a directory and IAM service for Windows domain networks – which enables admins to manage permissions and access to resources. Anything used for managing multiple resources is handy for administrators, however, the same is also useful for evil-doers in gathering information and lateral movement. </div> <div><a class="read-more button" href="/posts/wmi-ad-enum/">Continue reading →</a></div> </article> <article class="post on-list"> <h1 class="post-title"><a href="https://0xinfection.github.io/posts/wmi-recon-enum/">Offensive WMI - Reconnaissance & Enumeration (Part 4)</a></h1> <div class="post-meta"> <time class="post-date"> 2021-10-02 </time> </div> <figure class="post-cover"> <img src="https://0xinfection.github.io/posts/wmi-recon-enum/cover.png" alt="Offensive WMI - Reconnaissance & Enumeration (Part 4)"/> </figure> <div class="post-content"> This is the fourth part of the “Offensive WMI” series which will focus a bit more on information gathering and enumeration. WMI provides a plethora of classes from which we can enumerate a lot of stuff. So let’s dive in without wasting any more time. Gathering basic information # In our previous blogs, we have already seen a lot of classes that provide us with valuable information about a system, e. </div> <div><a class="read-more button" href="/posts/wmi-recon-enum/">Continue reading →</a></div> </article> <article class="post on-list"> <h1 class="post-title"><a href="https://0xinfection.github.io/posts/wmi-registry-part-3/">Offensive WMI - Interacting with Windows Registry (Part 3)</a></h1> <div class="post-meta"> <time class="post-date"> 2021-09-12 </time> </div> <figure class="post-cover"> <img src="https://0xinfection.github.io/posts/wmi-registry-part-3/cover.png" alt="Offensive WMI - Interacting with Windows Registry (Part 3)"/> </figure> <div class="post-content"> This is the third instalment of the “Offensive WMI” series (the 2nd is here), and this blog will focus on interacting with the Windows Registry. A useful thing to know before we start, MITRE ATT&CK classifies querying of registry values under T1012 and its modification under T1112. Let’s dive in. What is Windows Registry? # In simple terms, the registry is a database that stores configuration settings and options of the operating system: the kernel, device drivers, services, SAM, user interface and third party applications all make use of the registry. </div> <div><a class="read-more button" href="/posts/wmi-registry-part-3/">Continue reading →</a></div> </article> <article class="post on-list"> <h1 class="post-title"><a href="https://0xinfection.github.io/posts/wmi-classes-methods-part-2/">Offensive WMI - Exploring Namespaces, Classes & Methods (Part 2)</a></h1> <div class="post-meta"> <time class="post-date"> 2021-09-05 </time> </div> <figure class="post-cover"> <img src="https://0xinfection.github.io/posts/wmi-classes-methods-part-2/cover.png" alt="Offensive WMI - Exploring Namespaces, Classes & Methods (Part 2)"/> </figure> <div class="post-content"> This blog post is the second part of the “Offensive WMI” series (the first is here), and this article will be focusing on the 3 major components in WMI that we’d be majorly dealing with. Throughout the article, we’ll be using both WMI and CIM cmdlets interchangeably so that we’re well-versed with both cmdlet types. Namespaces # Let’s recall what namespaces are in simple terms: A namespace organizes information similar to folders in a filesystem. </div> <div><a class="read-more button" href="/posts/wmi-classes-methods-part-2/">Continue reading →</a></div> </article> <div class="pagination"> <div class="pagination__buttons"> <span class="button next"> <a href="/page/2/"> <span class="button__text">Older posts</span> <span class="button__icon">→</span> </a> </span> </div> </div> </div> </div> <footer class="footer"> <div class="footer__inner"> <div class="copyright copyright--user">© 0xInfection</div> </div> </footer> <script type="text/javascript" src="/bundle.min.js"></script> </div> </body> </html>

CINXE.COM

0xInfection's Blog — Ramblings of an Infected Geek.