CINXE.COM

0xInfection's Blog — Ramblings of an Infected Geek.

<!DOCTYPE html> <html lang="en"> <head> <meta name="generator" content="Hugo 0.109.0"> <title> 0xInfection&#39;s Blog — Ramblings of an Infected Geek. </title> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta name="description" content="Ramblings of an Infected Geek." /> <meta name="keywords" content="security" /> <meta name="robots" content="noodp" /> <link rel="canonical" href="https://0xinfection.github.io/" /> <link rel="stylesheet" href="/css/style.css" /> <link rel="stylesheet" href="https://0xinfection.github.io/style.css" /> <link rel="apple-touch-icon-precomposed" sizes="144x144" href="https://0xinfection.github.io/img/apple-touch-icon-144-precomposed.png" /> <link rel="shortcut icon" href="https://0xinfection.github.io/img/favicon.png" /> <link href="/fonts/Inter-Italic.woff2" rel="preload" type="font/woff2" as="font" crossorigin=""> <link href="/fonts/Inter-Regular.woff2" rel="preload" type="font/woff2" as="font" crossorigin=""> <link href="/fonts/Inter-Medium.woff2" rel="preload" type="font/woff2" as="font" crossorigin=""> <link href="/fonts/Inter-MediumItalic.woff2" rel="preload" type="font/woff2" as="font" crossorigin=""> <link href="/fonts/Inter-Bold.woff2" rel="preload" type="font/woff2" as="font" crossorigin=""> <link href="/fonts/Inter-BoldItalic.woff2" rel="preload" type="font/woff2" as="font" crossorigin=""> <meta name="twitter:card" content="summary"/> <meta name="twitter:title" content="0xInfection&#39;s Blog"/> <meta name="twitter:description" content=""/> <meta property="og:title" content="0xInfection&#39;s Blog" /> <meta property="og:description" content="" /> <meta property="og:type" content="website" /> <meta property="og:url" content="https://0xinfection.github.io/" /><meta property="og:site_name" content="0xInfection&#39;s Blog" /> <link rel="alternate" type="application/rss+xml" href="/index.xml" title="0xInfection's Blog" /> </head> <body class="dark-theme"> <div class="container"> <header class="header"> <span class="header__inner"> <a href="/" class="logo" style="text-decoration: none;" > <span class="logo__mark"><svg xmlns="http://www.w3.org/2000/svg" class="greater-icon" viewBox="0 0 44 44"> <path fill="none" d="M15 8l14.729 14.382L15 35.367" /> </svg> </span> <span class="logo__text" >0xinfection&#39;s security stuff</span > <span class="logo__cursor"></span> </a> <span class="header__right"> <nav class="menu"> <ul class="menu__inner menu__inner--desktop"> <li><a href="/about">About</a></li> <li><a href="/posts">Blog</a></li> </ul> <ul class="menu__inner menu__inner--mobile"> <li><a href="/about">About</a></li> <li><a href="/posts">Blog</a></li> </ul> </nav> <span class="menu-trigger"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"> <path d="M0 0h24v24H0z" fill="none" /> <path d="M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z" /> </svg> </span> <span class="theme-toggle"> <svg class="theme-toggler" width="24" height="24" viewBox="0 0 48 48" fill="none" xmlns="http://www.w3.org/2000/svg" > <path d="M22 41C32.4934 41 41 32.4934 41 22C41 11.5066 32.4934 3 22 3C11.5066 3 3 11.5066 3 22C3 32.4934 11.5066 41 22 41ZM7 22C7 13.7157 13.7157 7 22 7V37C13.7157 37 7 30.2843 7 22Z" /> </svg> </span> </span> </span> </header> <div class="content"> <div class="posts"> <article class="post on-list"> <h1 class="post-title"><a href="https://0xinfection.github.io/posts/analyzing-freeswitch-vulns/">Analyzing two FreeSWITCH vulnerabilities &ndash; CVE-2021-41157 &amp; CVE-2021-37624</a></h1> <div class="post-meta"> <time class="post-date"> 2021-10-31 </time> </div> <figure class="post-cover"> <img src="https://0xinfection.github.io/posts/analyzing-freeswitch-vulns/cover.gif" alt="Analyzing two FreeSWITCH vulnerabilities -- CVE-2021-41157 &amp; CVE-2021-37624"/> </figure> <div class="post-content"> This post is about two vulnerabilities that I researched on a year back in the FreeSWITCH VoIP server that were fixed and disclosed publicly a few weeks ago. Both of the vulnerabilities were issues that affected the SIP functionality in all versions below v1.10.7 and were categorized under CWE-287. Background # The story dates to a year ago, back when I was still learning about RTC (real-time communications) security and working under Sandro &ndash; where we used to do a lot of research on real-time communication infra. </div> <div><a class="read-more button" href="/posts/analyzing-freeswitch-vulns/">Continue reading →</a></div> </article> <article class="post on-list"> <h1 class="post-title"><a href="https://0xinfection.github.io/posts/wmi-ad-enum/">Offensive WMI - Active Directory Enumeration (Part 5)</a></h1> <div class="post-meta"> <time class="post-date"> 2021-10-17 </time> </div> <figure class="post-cover"> <img src="https://0xinfection.github.io/posts/wmi-ad-enum/cover.png" alt="Offensive WMI - Active Directory Enumeration (Part 5)"/> </figure> <div class="post-content"> This blog is the fifth installation of the &ldquo;Offensive WMI&rdquo; series that I&rsquo;ve been writing on, and this post will cover Active Directory enumeration. Active Directory (AD) is Microsoft&rsquo;s implementation of a directory and IAM service for Windows domain networks &ndash; which enables admins to manage permissions and access to resources. Anything used for managing multiple resources is handy for administrators, however, the same is also useful for evil-doers in gathering information and lateral movement. </div> <div><a class="read-more button" href="/posts/wmi-ad-enum/">Continue reading →</a></div> </article> <article class="post on-list"> <h1 class="post-title"><a href="https://0xinfection.github.io/posts/wmi-recon-enum/">Offensive WMI - Reconnaissance &amp; Enumeration (Part 4)</a></h1> <div class="post-meta"> <time class="post-date"> 2021-10-02 </time> </div> <figure class="post-cover"> <img src="https://0xinfection.github.io/posts/wmi-recon-enum/cover.png" alt="Offensive WMI - Reconnaissance &amp; Enumeration (Part 4)"/> </figure> <div class="post-content"> This is the fourth part of the &ldquo;Offensive WMI&rdquo; series which will focus a bit more on information gathering and enumeration. WMI provides a plethora of classes from which we can enumerate a lot of stuff. So let&rsquo;s dive in without wasting any more time. Gathering basic information # In our previous blogs, we have already seen a lot of classes that provide us with valuable information about a system, e. </div> <div><a class="read-more button" href="/posts/wmi-recon-enum/">Continue reading →</a></div> </article> <article class="post on-list"> <h1 class="post-title"><a href="https://0xinfection.github.io/posts/wmi-registry-part-3/">Offensive WMI - Interacting with Windows Registry (Part 3)</a></h1> <div class="post-meta"> <time class="post-date"> 2021-09-12 </time> </div> <figure class="post-cover"> <img src="https://0xinfection.github.io/posts/wmi-registry-part-3/cover.png" alt="Offensive WMI - Interacting with Windows Registry (Part 3)"/> </figure> <div class="post-content"> This is the third instalment of the &ldquo;Offensive WMI&rdquo; series (the 2nd is here), and this blog will focus on interacting with the Windows Registry. A useful thing to know before we start, MITRE ATT&amp;CK classifies querying of registry values under T1012 and its modification under T1112. Let&rsquo;s dive in. What is Windows Registry? # In simple terms, the registry is a database that stores configuration settings and options of the operating system: the kernel, device drivers, services, SAM, user interface and third party applications all make use of the registry. </div> <div><a class="read-more button" href="/posts/wmi-registry-part-3/">Continue reading →</a></div> </article> <article class="post on-list"> <h1 class="post-title"><a href="https://0xinfection.github.io/posts/wmi-classes-methods-part-2/">Offensive WMI - Exploring Namespaces, Classes &amp; Methods (Part 2)</a></h1> <div class="post-meta"> <time class="post-date"> 2021-09-05 </time> </div> <figure class="post-cover"> <img src="https://0xinfection.github.io/posts/wmi-classes-methods-part-2/cover.png" alt="Offensive WMI - Exploring Namespaces, Classes &amp; Methods (Part 2)"/> </figure> <div class="post-content"> This blog post is the second part of the &ldquo;Offensive WMI&rdquo; series (the first is here), and this article will be focusing on the 3 major components in WMI that we&rsquo;d be majorly dealing with. Throughout the article, we&rsquo;ll be using both WMI and CIM cmdlets interchangeably so that we&rsquo;re well-versed with both cmdlet types. Namespaces # Let&rsquo;s recall what namespaces are in simple terms: A namespace organizes information similar to folders in a filesystem. </div> <div><a class="read-more button" href="/posts/wmi-classes-methods-part-2/">Continue reading →</a></div> </article> <div class="pagination"> <div class="pagination__buttons"> <span class="button next"> <a href="/page/2/"> <span class="button__text">Older posts</span> <span class="button__icon">→</span> </a> </span> </div> </div> </div> </div> <footer class="footer"> <div class="footer__inner"> <div class="copyright copyright--user">© 0xInfection</div> </div> </footer> <script type="text/javascript" src="/bundle.min.js"></script> </div> </body> </html>

Pages: 1 2 3 4 5 6 7 8 9 10