Duckbill

Exploring NimPlant: Installation on Kali Linux and Detection Evasion Introduction In Episode 63 of one of my favourite podcasts, Critical Thinking – Bug Bounty Podcast, guest Jason Haddix mentioned his preference for using NimPlant as a first-stage C2 implant. This short blog article will cover installation of NimPlant – a light first-stage C2 implant written …

Exploring NimPlant: Installation and Detection Evasion on Kali Linux Read More »

Casting into the Current Microsoft OAuth Device Flow Phishing Overview As an educational exercise aimed at exploring some of the nuances of automating and understanding Azure/M365 OAuth-related attacks, particularly device code phishing and illicit consent grant attacks, a custom lab was built. This simulated environment consisted of a Flask application, an Azure Registered Web application, …

Microsoft OAuth Device Flow Phishing Read More »

AI-Driven JavaScript Obfuscation of a HTML redirector Introduction This article details utilizing an AI model, specifically OpenAI’s ChatGPT, to create a Python script to generate an HTML document capable of redirecting to a specified URL with a designated title, incorporating simple but effective JavaScript obfuscation. What is a HTML redirector? In this post, we refer …

AI-Driven JavaScript Obfuscation of a HTML redirector Read More »

FIDO2 vs Evilginx Introduction This blog is about keeping Microsoft 365 user accounts safer from phishing attacks, specifically from those sneaky reverse proxy moves that bad actors use to get around multi-factor authentication (MFA). We’re going to tackle this by setting up FIDO2. First off, we’ll walk through the reverse proxy phishing lab environment which …

FIDO2 vs Evilginx Read More »

Harvesting and exfiltrating data with Discord webhooks Introduction The rich functionality available in Discord unfortunately can be abused by malicious actors. This brief blog post provides some simple but practical examples of how webhooks can be easily misused and helps demonstrate why it is one of the most commonly abused features of the platform. Discord …

Discord webhook Read More »

XOR shellcode loader in Rust I asked chatGPT to provide a brief introduction to this post and found the suggested title interesting and a useful segue: ‘Rust – Powering Shellcode Loaders with Safety and Performance’. So ‘what is Rust’ and ‘why am I hearing about it more’? Microsoft has some very helpful free online learning …

XOR shellcode loader in Rust Read More »

PDF smuggling Using HTML smuggling to create malicious PDFs PDF documents can be weaponised by attackers in many different ways to perform malicious actions, such as delivering malware or harvest user credentials. PDF viewers implement various measures to prevent and mitigate risks associated with malicious PDFs including security warnings, sandboxing, patching vulnerabilities, restricting JavaScript, and …

PDF Smuggling Read More »