Home
m8sec.dev
Cancel

Pythonic Malware Part-2: Reversing Python Executables

In Pythonic Malware Part-1, I demonstrated how Python executables can be used to bypass Windows Defender and successfully launch Meterpreter shells on a fully patched system. However, this raised a...

Pythonic Malware: Evading Detection with Compiled Executables

Creating Python executables during an offensive security engagement used to be an effective method of evasion. However, this tactic has become increasingly difficult on modern Windows endpoints. I...

Guide to Bypassing MFA in 2020

As more applications and resources move to the cloud, organization’s are requiring multi-factor authentication (MFA) to better safeguard user accounts. This post outlines various methods used to by...

Information Disclosure in NTLM Authentication

During an offensive security engagement it may not be a major vulnerability that leads to your end-goal, but a combination of lower severity findings compounded to make a larger impact. This post d...

Uncovering XSS Conditions in Cacti Network Graphing Solution

A few weeks ago I ran into an older version of the Cacti network graphing solution, which led me down the path of researching the application. This revealed some interesting vulnerabilities that I ...