/Recent content on MakoSec - Security BlogHugo -- gohugo.ioFri, 12 Nov 2021 02:13:50 +0000/malware-dev/bypassing-enterprise-edr-process-injection/Fri, 12 Nov 2021 02:13:50 +0000/malware-dev/bypassing-enterprise-edr-process-injection/Socials Twitter: https://twitter.com/Mako_Sec GitHub: https://github.com/MakoSec Acknowledgements This post utilizes and discusses multiple pre-existing techniques / tools. Donut Github: https://github.com/TheWover/donut Blog Post: https://thewover.github.io/Introducing-Donut/ CLRVoyance Github: https://github.com/Accenture/CLRvoyance Blog Post: https://www.accenture.com/us-en/blogs/cyber-defense/clrvoyance-loading-managed-code-into-unmanaged-processes Decompress Code: StackOverflow: https://stackoverflow.com/questions/39191950/how-to-compress-a-byte-array-without-stream-or-system-io DInvoke Github: https://github.com/TheWover/DInvoke Blog Post: https://thewover.github.io/Dynamic-Invoke/ How to use DInvoke Blog Post: https://offensivedefence.co.uk/posts/dinvoke-syscalls/ Where I Learned Process Injection Techniques Used./aws-pentest/aws-managed-polcies-that-allow-privesc/Fri, 27 Nov 2020 02:13:50 +0000/aws-pentest/aws-managed-polcies-that-allow-privesc/Socials Twitter: https://twitter.com/Mako_Sec GitHub: https://github.com/MakoSec Materials Used Pacu https://github.com/RhinoSecurityLabs/pacu List of AWS privilege escalation methods https://github.com/RhinoSecurityLabs/AWS-IAM-Privilege-Escalation Introduction Recently, I wrote a blog post on a simple method of privilege escalation in AWS. While writing that blog post I became curious of AWS managed policies and wanted to know which of them can be leveraged for privilege escalation. The reason I wanted to look into AWS managed policies in particular, is because customers have no control over managed policies./malware-dev/detecting-dll-unhooking/Fri, 27 Nov 2020 02:13:50 +0000/malware-dev/detecting-dll-unhooking/Socials Twitter: https://twitter.com/Mako_Sec GitHub: https://github.com/MakoSec Materials Used x64 Debugger https://x64dbg.com/#start Frida https://frida.re/ Sysinternals https://docs.microsoft.com/en-us/sysinternals/downloads/ Unhooking DLL source code https://www.ired.team/offensive-security/defense-evasion/how-to-unhook-a-dll-using-c++ References The DLL unhooking code used in this blog post came from here. Ired.team is a great resource for offensive security techniques and I reference the material on there quiet frequently. I do not claim ownership or credit for this code, all of that goes to @spotheplanet./malware-dev/dll-unhooking-csharp/Fri, 27 Nov 2020 02:13:50 +0000/malware-dev/dll-unhooking-csharp/Socials Twitter: https://twitter.com/Mako_Sec GitHub: https://github.com/MakoSec Environment Debugging machine with BitDefender installed C++ Source Code https://www.ired.team/offensive-security/defense-evasion/how-to-unhook-a-dll-using-c++ Credits / References This post was originally posted a short while ago. In the original post, I used template code from the RTO Windows Evasion course offered by Sektor7. Since I failed to properly credit them for the code, I deleted the post until I had time to properly redo it./malware-dev/malware-development-intro/Fri, 27 Nov 2020 02:13:50 +0000/malware-dev/malware-development-intro/Socials Twitter: https://twitter.com/Mako_Sec GitHub: https://github.com/MakoSec Disclaimer This post talks about Malware Development in a strictly red teaming manner and is intended for people who are infecting systems with the consent of those who own them. Introduction As I continue to work on stuff for work / learning purposes I found myself focusing more and more on the malware development space of Information Security. As I continue to grow this blog that is likely the space I’m going to focus on for a majority of the content./malware-dev/x64-shellcode-stager-in-cpp/Fri, 27 Nov 2020 02:13:50 +0000/malware-dev/x64-shellcode-stager-in-cpp//page/about/Fri, 03 Apr 2015 02:13:50 +0000/page/about/About Penetration Tester at a fortune 500 company OSCP Blog Contents My blog will be about all the things I find interesting about security. Since I work in the offensive security space that will be the main content seen here. I will cover everything from exploit development to malware development to AWS pen testing./page/contact/Fri, 03 Apr 2015 02:13:50 +0000/page/contact/Contact twitter and githubs linked above/aws-pentest/lambda-privesc/Sun, 28 Sep 2014 02:13:50 +0000/aws-pentest/lambda-privesc/Socials Twitter: https://twitter.com/Mako_Sec GitHub: https://github.com/MakoSec Materials Used Python3 Terraform Terraform: https://www.terraform.io/downloads.html An AWS account Cloudgoat Cloudgoat: https://github.com/RhinoSecurityLabs/cloudgoat Introduction In a previous post I described how to complete the iam privesc by rollback scenario in Cloudgoat manually, as well as showing how Pacu can be used to automate the process. In this post I will going over another Cloudgoat scenario, lambda privesc./aws-pentest/privesc-by-rollback/Sun, 28 Sep 2014 02:13:50 +0000/aws-pentest/privesc-by-rollback/Socials Twitter: https://twitter.com/Mako_Sec GitHub: https://github.com/MakoSec Materials Used Python3 Terraform Terraform: https://www.terraform.io/downloads.html An AWS account Cloudgoat Cloudgoat: https://github.com/RhinoSecurityLabs/cloudgoat Introduction As organizations migrate more resources to the cloud, security in those environments are becoming a major concern. Many aspects of attacking and securing cloud environments remain unknown to those using it, including TTPS for offensive security in cloud environments. Previously, pen testers and those interested in offensive security have been able to hone their skills with platform such as HackTheBox and Vulnhub./miscellaneous/osep-course-review/Sun, 28 Sep 2014 02:13:50 +0000/miscellaneous/osep-course-review/Introduction Recently I completed the Pen-300 or Evasion Techniques and Breaching Defenses course offered by Offensive Security found here. Today, I received the email that I successfully passed the test and received the OSEP (Offsensive Security Experienced Penetration Tester) certification. So, I figured I would provide my thoughts on the course since it is still relatively new. This course was introduced in late 2020 / early 2021 and covers a ton of real-world applicable, advanced techniques.