-
Notifications
You must be signed in to change notification settings - Fork 0
/
rss.xml
234 lines (234 loc) · 15.7 KB
/
rss.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
<?xml version="1.0" encoding="UTF-8"?>
<rss
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:content="http://purl.org/rss/1.0/modules/content/"
xmlns:atom="http://www.w3.org/2005/Atom" version="2.0"
xmlns:media="http://search.yahoo.com/mrss/">
<channel>
<title>
<![CDATA[splinter_code blog]]>
</title>
<description>
<![CDATA[splinter_code blog]]>
</description>
<link>https://splintercod3.blogspot.com/</link>
<image>
<url>https://splintercod3.blogspot.com/favicon.ico</url>
<title>splinter_code blog</title>
<link>https://splintercod3.blogspot.com/</link>
</image>
<language>
<![CDATA[en]]>
</language>
<item>
<title>
<![CDATA[ Bypassing UAC with SSPI Datagram Contexts ]]>
</title>
<description>
<![CDATA[<div><img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHatC0V08ZrzJ89M8WsX2LRa6VB8h63QM9_2Nv_YEUthJjL1B2FUMMRjSJLUDfIJnvvlG3htwHNXGYrD4_id9CXc0vCYiknSl_mNjAwDTHCAtL1fbbGGQNjyonPDrpLgr8Cd8hMRZC9b5s4vimx0b2mLTLm8w63lHIoVOm9EWpeTaSuscXgfODPuikkVw/s544/spiderman.jpg"></div>]]>
</description>
<link>https://splintercod3.blogspot.com/p/bypassing-uac-with-sspi-datagram.html</link>
<media:content medium="image" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHatC0V08ZrzJ89M8WsX2LRa6VB8h63QM9_2Nv_YEUthJjL1B2FUMMRjSJLUDfIJnvvlG3htwHNXGYrD4_id9CXc0vCYiknSl_mNjAwDTHCAtL1fbbGGQNjyonPDrpLgr8Cd8hMRZC9b5s4vimx0b2mLTLm8w63lHIoVOm9EWpeTaSuscXgfODPuikkVw/s544/spiderman.jpg"/>
</item>
<item>
<title>
<![CDATA[ LocalPotato - When Swapping The Context Leads You To SYSTEM ]]>
</title>
<description>
<![CDATA[<div><img src="https://www.localpotato.com/localpotato_html/images/image7.png"></div>]]>
</description>
<link>https://splintercod3.blogspot.com/p/localpotato-when-swapping-context-leads.html</link>
<media:content medium="image" url="https://www.localpotato.com/localpotato_html/images/image7.png"/>
</item>
<item>
<title>
<![CDATA[Custom-Branded Ransomware: The Vice Society Group and the Threat of Outsourced Development]]>
</title>
<description>
<![CDATA[<div><img src="https://it.sentinelone.com/wp-content/uploads/2022/12/Custom-Branded-Ransomware-The-Vice-Society-Group-and-the-Threat-of-Outsourced-Development-3.jpg"></div>]]>
</description>
<link>https://splintercod3.blogspot.com/p/custom-branded-ransomware-vice-society.html</link>
<media:content medium="image" url="https://it.sentinelone.com/wp-content/uploads/2022/12/Custom-Branded-Ransomware-The-Vice-Society-Group-and-the-Threat-of-Outsourced-Development-3.jpg"/>
</item>
<item>
<title>
<![CDATA[Black Basta Ransomware | Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor]]>
</title>
<description>
<![CDATA[<div><img src="https://it.sentinelone.com/wp-content/uploads/2022/11/Black-Basta-Feature.jpg"></div>]]>
</description>
<link>https://splintercod3.blogspot.com/p/black-basta-ransomware-attacks-deploy.html</link>
<media:content medium="image" url="https://it.sentinelone.com/wp-content/uploads/2022/11/Black-Basta-Feature.jpg"/>
</item>
<item>
<title>
<![CDATA[Giving JuicyPotato a second chance: JuicyPotatoNG]]>
</title>
<description>
<![CDATA[<div><img src="https://decoderblogblog.files.wordpress.com/2022/09/sh_patate_dolci_al_forno.jpg"></div>]]>
</description>
<link>https://splintercod3.blogspot.com/p/giving-juicypotato-second.html</link>
<media:content medium="image" url="https://decoderblogblog.files.wordpress.com/2022/09/sh_patate_dolci_al_forno.jpg"/>
</item>
<item>
<title>
<![CDATA[The hidden side of Seclogon part 3: Racing for LSASS dumps]]>
</title>
<description>
<![CDATA[<div><img src="https://blogger.googleusercontent.com/img/a/AVvXsEg1EDy9Uy7-DOXclChWndDksL3NFfapBe0EuSm9qRZeWVU12s_hJB0CXqRXc7uHTovvQsf9EB2oI4Y53q1t1gOepSF9B2nBiyMySHAxhV_OhK_qIHh0ip-Rg3PgfdoSz6GSrNNtOcqDByhKoWhS1sFXnMWN9iHy45mG1lSRQeVZqusrj4s1W4TxXxE8=w1200-h630-p-k-no-nu"></div>]]>
</description>
<link>https://splintercod3.blogspot.com/p/the-hidden-side-of-seclogon-part-3.html</link>
<media:content medium="image" url="https://blogger.googleusercontent.com/img/a/AVvXsEg1EDy9Uy7-DOXclChWndDksL3NFfapBe0EuSm9qRZeWVU12s_hJB0CXqRXc7uHTovvQsf9EB2oI4Y53q1t1gOepSF9B2nBiyMySHAxhV_OhK_qIHh0ip-Rg3PgfdoSz6GSrNNtOcqDByhKoWhS1sFXnMWN9iHy45mG1lSRQeVZqusrj4s1W4TxXxE8=w1200-h630-p-k-no-nu"/>
</item>
<item>
<title>
<![CDATA[A very simple and alternative PID finder]]>
</title>
<description>
<![CDATA[<div><img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpa2aKeO1e_0uhSv0_CiTVO4uf6kOanCoFnz0Ddp9uw_EDJI-Z_eW4GOt_BVWuk0aJ4X-gwdtjlQ9zV5uJCv_kJ2Zx6Neaz1um9HX-MoZhC1_0FCO6HylzphnHG8lTjGJRD68emjbZQMjySMxi9-_Oi-ZIEx89ODMS9YmNxq1b1lbjwkPZMcjDSV3_/w1200-h630-p-k-no-nu/index.png"></div>]]>
</description>
<link>https://splintercod3.blogspot.com/p/a-very-simple-and-alternative-pid-finder.html</link>
<media:content medium="image" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpa2aKeO1e_0uhSv0_CiTVO4uf6kOanCoFnz0Ddp9uw_EDJI-Z_eW4GOt_BVWuk0aJ4X-gwdtjlQ9zV5uJCv_kJ2Zx6Neaz1um9HX-MoZhC1_0FCO6HylzphnHG8lTjGJRD68emjbZQMjySMxi9-_Oi-ZIEx89ODMS9YmNxq1b1lbjwkPZMcjDSV3_/w1200-h630-p-k-no-nu/index.png"/>
</item>
<item>
<title>
<![CDATA[Insomni'Hack 2022 - Ransomware Encryption Internals: A Behavioral Characterization]]>
</title>
<description>
<![CDATA[<div><img src="https://i.ytimg.com/vi_webp/7oXUIRCt8s8/maxresdefault.webp"></div>]]>
</description>
<link>https://splintercod3.blogspot.com/p/insomnihack-2022-ransomware-encryption.html</link>
<media:content medium="image" url="https://i.ytimg.com/vi_webp/7oXUIRCt8s8/maxresdefault.webp"/>
</item>
<item>
<title>
<![CDATA[BlueHat IL 2022 - Relaying to Greatness: Windows Privilege Escalation by abusing the RPC/DCOM protocols]]>
</title>
<description>
<![CDATA[<div><img src="https://i.ytimg.com/vi_webp/vfb-bH_HaW4/maxresdefault.webp"></div>]]>
</description>
<link>https://splintercod3.blogspot.com/p/bluehat-il-2022-relaying-to-greatness.html</link>
<media:content medium="image" url="https://i.ytimg.com/vi_webp/vfb-bH_HaW4/maxresdefault.webp"/>
</item>
<item>
<title>
<![CDATA[ The hidden side of Seclogon part 2: Abusing leaked handles to dump LSASS memory ]]>
</title>
<description>
<![CDATA[<div><img src="https://blogger.googleusercontent.com/img/a/AVvXsEg1EDy9Uy7-DOXclChWndDksL3NFfapBe0EuSm9qRZeWVU12s_hJB0CXqRXc7uHTovvQsf9EB2oI4Y53q1t1gOepSF9B2nBiyMySHAxhV_OhK_qIHh0ip-Rg3PgfdoSz6GSrNNtOcqDByhKoWhS1sFXnMWN9iHy45mG1lSRQeVZqusrj4s1W4TxXxE8=w1200-h630-p-k-no-nu"></div>]]>
</description>
<link>https://splintercod3.blogspot.com/p/the-hidden-side-of-seclogon-part-2.html</link>
<media:content medium="image" url="https://blogger.googleusercontent.com/img/a/AVvXsEg1EDy9Uy7-DOXclChWndDksL3NFfapBe0EuSm9qRZeWVU12s_hJB0CXqRXc7uHTovvQsf9EB2oI4Y53q1t1gOepSF9B2nBiyMySHAxhV_OhK_qIHh0ip-Rg3PgfdoSz6GSrNNtOcqDByhKoWhS1sFXnMWN9iHy45mG1lSRQeVZqusrj4s1W4TxXxE8=w1200-h630-p-k-no-nu"/>
</item>
<item>
<title>
<![CDATA[ Hide and Seek | New Zloader Infection Chain Comes With Improved Stealth and Evasion Mechanisms]]>
</title>
<description>
<![CDATA[<div><img src="https://lh3.googleusercontent.com/proxy/cZzX9zM2so0ZyU7dVwoMOetrKiIZJU3aUr2N2e3E4j0DTCvUi4RCDBeym7cj2xx-MFr6PWFCSeOAebYbuqZvA2XYlh2YiNwyyv1t8JuKCKaymYRtLriz4789XTN3FTHRjXYZVgTGBS0jHn4Tui9UUQzhL7omD2vKpSJdd8zv_ftRQkCRcpyx-gorYR5iHwxnGsXs4DxgumcAqCL6i6S6AhWp1fGH9lSZM6C2pHMCDjopfAeqcild3WuESZV-5XlOJJG0B48c3uXOgMc7Fw=w1200-h630-p-k-no-nu"></div>]]>
</description>
<link>https://splintercod3.blogspot.com/p/hide-and-seek-new-zloader-infection.html</link>
<media:content medium="image" url="https://lh3.googleusercontent.com/proxy/cZzX9zM2so0ZyU7dVwoMOetrKiIZJU3aUr2N2e3E4j0DTCvUi4RCDBeym7cj2xx-MFr6PWFCSeOAebYbuqZvA2XYlh2YiNwyyv1t8JuKCKaymYRtLriz4789XTN3FTHRjXYZVgTGBS0jHn4Tui9UUQzhL7omD2vKpSJdd8zv_ftRQkCRcpyx-gorYR5iHwxnGsXs4DxgumcAqCL6i6S6AhWp1fGH9lSZM6C2pHMCDjopfAeqcild3WuESZV-5XlOJJG0B48c3uXOgMc7Fw=w1200-h630-p-k-no-nu"/>
</item>
<item>
<title>
<![CDATA[HITB 2021 AMS - The Rise of Potatoes: Privilege Escalation in Windows Services]]>
</title>
<description>
<![CDATA[<div><img src="https://lh3.googleusercontent.com/proxy/o4pA9eGftWGHkNH3Hq1lNIpli0v2X8UmwPHLpX0pTgRIcIA_gFYyDoCRhwCt8TjuBeUjgW5xqFuKh0ydXFox2-l8dX0=w1200-h630-n-k-no-nu"></div>]]>
</description>
<link>https://splintercod3.blogspot.com/p/hitb-2021-ams-rise-of-potatoes.html</link>
<media:content medium="image" url="https://lh3.googleusercontent.com/proxy/o4pA9eGftWGHkNH3Hq1lNIpli0v2X8UmwPHLpX0pTgRIcIA_gFYyDoCRhwCt8TjuBeUjgW5xqFuKh0ydXFox2-l8dX0=w1200-h630-n-k-no-nu"/>
</item>
<item>
<title>
<![CDATA[Black Hat Asia 2021 - The Rise of Potatoes: Privilege Escalations in Windows Services]]>
</title>
<description>
<![CDATA[<div><img src="https://lh3.googleusercontent.com/proxy/qoI0llzkaHQIUZkOzzRCBI-adcNJzOj5xt-kPsd_0CtjskcAOswoghd_chKDXtOPH6Byv2Vgs3juM7l4w4eHBeeqiZ4=w1200-h630-n-k-no-nu"></div>]]>
</description>
<link>https://splintercod3.blogspot.com/p/black-hat-asia-2021-rise-of-potatoes.html</link>
<media:content medium="image" url="https://lh3.googleusercontent.com/proxy/qoI0llzkaHQIUZkOzzRCBI-adcNJzOj5xt-kPsd_0CtjskcAOswoghd_chKDXtOPH6Byv2Vgs3juM7l4w4eHBeeqiZ4=w1200-h630-n-k-no-nu"/>
</item>
<item>
<title>
<![CDATA[Relaying Potatoes: Another Unexpected Privilege Escalation Vulnerability in Windows RPC Protocol]]>
</title>
<description>
<![CDATA[<div><img src="https://it.sentinelone.com/wp-content/uploads/labs/2021/04/Copy-of-Relaying-Potatoes_-DCE_RPC-NTLM-Relay-EOP-2.jpg" style="width: 100%;"><div>by splinter_code & decoder_it - 26 April 2021 Executive Summary Every Windows system is vulnerable to a particular NTLM relay attack...</div></div>]]>
</description>
<link>https://splintercod3.blogspot.com/p/relaying-potatoes-another-unexpected.html</link>
<media:content medium="image" url="https://it.sentinelone.com/wp-content/uploads/labs/2021/04/Copy-of-Relaying-Potatoes_-DCE_RPC-NTLM-Relay-EOP-2.jpg"/>
</item>
<item>
<title>
<![CDATA[RomHack2020 - Windows Privilege Escalations: Still abusing local service accounts to get SYSTEM privileges]]>
</title>
<description>
<![CDATA[<div><img src="https://lh5.googleusercontent.com/proxy/ZTqwr6i8Zdb-wNlDCsTQgHhZCNNeIN9mlNPDUNSp2uUjnQG-q844M3Pv-iC8luJ-l_fHZXL8dZGRMSDGXXrmQdNXEGQ=w1200-h630-n-k-no-nu" style="width: 100%;"><div>Slides here: https://github.com/antonioCoco/infosec-talks/blob/main/RomHack2020_Windows_Privilege_Escalations_Still_abusing_Service_Acco...</div></div>]]>
</description>
<link>https://splintercod3.blogspot.com/p/romhack2020-windows-privilege.html</link>
<media:content medium="image" url="https://lh5.googleusercontent.com/proxy/ZTqwr6i8Zdb-wNlDCsTQgHhZCNNeIN9mlNPDUNSp2uUjnQG-q844M3Pv-iC8luJ-l_fHZXL8dZGRMSDGXXrmQdNXEGQ=w1200-h630-n-k-no-nu"/>
</item>
<item>
<title>
<![CDATA[Weaponizing Mapping Injection with Instrumentation Callback for stealthier process injection]]>
</title>
<description>
<![CDATA[<div><img src="https://1.bp.blogspot.com/-kIdCJN2OcQ8/XwHFoMR7X7I/AAAAAAAAAC8/THZ-0pbB-ZgrWCeNfl1Wt5J0NkHaELnQACLcBGAsYHQ/w1200-h630-p-k-no-nu/KiSetupForInstrumentationReturn.png" style="width: 100%;"><div>by splinter_code - 16 July 2020 Process Injection is a technique to hide code behind benign and/or system processes. This technique is u...</div></div>]]>
</description>
<link>https://splintercod3.blogspot.com/p/weaponizing-mapping-injection-with.html</link>
<media:content medium="image" url="https://1.bp.blogspot.com/-kIdCJN2OcQ8/XwHFoMR7X7I/AAAAAAAAAC8/THZ-0pbB-ZgrWCeNfl1Wt5J0NkHaELnQACLcBGAsYHQ/w1200-h630-p-k-no-nu/KiSetupForInstrumentationReturn.png"/>
</item>
<item>
<title>
<![CDATA[No more JuicyPotato? Old story, welcome RoguePotato!]]>
</title>
<description>
<![CDATA[<div><img src="https://1.bp.blogspot.com/-74LvlyHwtuM/Xw4bETWO70I/AAAAAAAAAFU/_pS6GwnD1s4mu4jQp_p2ptKvUrNnXMR3ACLcBGAsYHQ/w1200-h630-p-k-no-nu/img6.png" style="width: 100%;"><div>by splinter_code & decoder_it - 11 May 2020 After the hype we ( @splinter_code and me) created with our recent tweet , it’s time t...</div></div>]]>
</description>
<link>https://splintercod3.blogspot.com/p/no-more-juicypotato-old-story-welcome.html</link>
<media:content medium="image" url="https://1.bp.blogspot.com/-74LvlyHwtuM/Xw4bETWO70I/AAAAAAAAAFU/_pS6GwnD1s4mu4jQp_p2ptKvUrNnXMR3ACLcBGAsYHQ/w1200-h630-p-k-no-nu/img6.png"/>
</item>
<item>
<title>
<![CDATA[We thought they were potatoes but they were beans (from Service Account to SYSTEM again)]]>
</title>
<description>
<![CDATA[<div><img src="https://lh5.googleusercontent.com/proxy/bPmnxk3ffWSFmhG_ndfr8Wf3lcxGsbplzSytd8Pa_Jrz7Lo5RH55J8EkeuZ39niap4VRpPR0TQnJLCsivnALoJ9_HAjcPX4o3ktDGTnH9Dw=w1200-h630-p-k-no-nu" style="width: 100%;"><div>by splinter_code - 6 December 2019 This post has been written by me and two friends: @splinter_code and 0xea31 This is the “unintended...</div></div>]]>
</description>
<link>https://splintercod3.blogspot.com/p/we-thought-they-were-potatoes-but-they.html</link>
<media:content medium="image" url="https://lh5.googleusercontent.com/proxy/bPmnxk3ffWSFmhG_ndfr8Wf3lcxGsbplzSytd8Pa_Jrz7Lo5RH55J8EkeuZ39niap4VRpPR0TQnJLCsivnALoJ9_HAjcPX4o3ktDGTnH9Dw=w1200-h630-p-k-no-nu"/>
</item>
<item>
<title>
<![CDATA[Reverse Engineering a JavaScript Obfuscated Dropper]]>
</title>
<description>
<![CDATA[<div><img src="https://1.bp.blogspot.com/-KmKpKN4xoK4/Xw4UARHHVOI/AAAAAAAAAEg/MOKGQemsNAkOFFOyJXgwKW5zKC5LgLmYACLcBGAsYHQ/w1200-h630-p-k-no-nu/main.jpg" style="width: 100%;"><div>by splinter_code - 31 July 2017 1. Introduction Nowadays one of the techniques most used to spread malware on windows systems is...</div></div>]]>
</description>
<link>https://splintercod3.blogspot.com/p/reverse-engineering-javascript.html</link>
<media:content medium="image" url="https://1.bp.blogspot.com/-KmKpKN4xoK4/Xw4UARHHVOI/AAAAAAAAAEg/MOKGQemsNAkOFFOyJXgwKW5zKC5LgLmYACLcBGAsYHQ/w1200-h630-p-k-no-nu/main.jpg"/>
</item>
<item>
<title>
<![CDATA[New Locky variant – Zepto Ransomware Appears On The Scene]]>
</title>
<description>
<![CDATA[<div><img src="https://lh5.googleusercontent.com/proxy/9dfDWQMLmTl_BoloiMxeCRoF8iVb7TgxyClqVLAzJp0pOuOA--7p1Cw3buooQPbYJIlHAoigtXKjvI60uscuNKU7e2R6ICjt96-XmpPv0Itb2o49QynC7_aou4EuWoYP5SfMQ_Aqj5wAm8nnGpx0tI4I5AFm3tju--Avbb4hxRdsmUi_XEG0sBgo=w1200-h630-p-k-no-nu" style="width: 100%;"><div>by splinter_code - 7 July 2016 New threat dubbed Zepto Ransomware is spreading out with a new email spam campaign. It is a variant of the...</div></div>]]>
</description>
<link>https://splintercod3.blogspot.com/p/new-threat-dubbed-zepto-ransomware-is.html</link>
<media:content medium="image" url="https://lh5.googleusercontent.com/proxy/9dfDWQMLmTl_BoloiMxeCRoF8iVb7TgxyClqVLAzJp0pOuOA--7p1Cw3buooQPbYJIlHAoigtXKjvI60uscuNKU7e2R6ICjt96-XmpPv0Itb2o49QynC7_aou4EuWoYP5SfMQ_Aqj5wAm8nnGpx0tI4I5AFm3tju--Avbb4hxRdsmUi_XEG0sBgo=w1200-h630-p-k-no-nu"/>
</item>
<item>
<title>
<![CDATA[Locky Ransomware is back! 49 domains compromised!]]>
</title>
<description>
<![CDATA[<div><img src="https://i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2016/06/locky-ransomware-1.png" style="width: 100%;"><div>by splinter_code - 26 June 2016 Locky ransomware starts up again its illegal activity of stealing money from their victims after a temporary inactivity since the end of May. This time, it comes with hard-coded javascript...</div></div>]]>
</description>
<link>https://splintercod3.blogspot.com/p/blog-page_14.html</link>
<media:content medium="image" url="https://i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2016/06/locky-ransomware-1.png"/>
</item>
</channel>
</rss>