Enhancing Host File with PortProxy
The host file on Windows can be used to provide a simple name resolution mechanism but with a limited option. For example, it’s impossible to specify a destination port if you want to access the destination service with a custom port. Only an IP address and a name can be specified in the host file.
SHA-1 is a Shambles
ยังไม่ได้อ่านเปเปอร์ SHA-1 is a Shambles จนเข้าใจแต่ก็พอได้ fact บางอย่างซึ่งคิดว่าน่าจะเอาไปใช้เพื่อเป็นเหตุผลหรือคำอธิบายว่ามันเกิดอะไรขึ้นและเราควรทำยังไงต่อได้ ดังนั้นจึงขอเอามาทดไว้เป็นอีกซีรีส์หนึ่งของบล็อกชุดกระดาษทดด้านล่างครับ
Arbitrary File Write and DiagHub Exploit
เนื้อหาโดยส่วนใหญ่ของบล็อกนี้สรุปและแปลมาจากบล็อก Windows Exploitation Tricks: Exploting Arbitrary File Writes for Local Elevation of Privilege โดย James Forshaw จาก Google Project Zero
Quick Note on Nanocore Tradecraft - A Double ZIP File
Trustwave SpiderLabs published a new technique used by Nanocore to bypass an email security gateway solution that inspects file attachment content. I found this technique simple but effective with the fact that there are many file parser implemented in a current security solution and many of it interprets content differently.
How to Prepare Before the Compromise - A Summary From BHIS Talk
If you have enrolled in SEC540 and/or have experience with NIST SP800-61, you’d be familiar with the following details about what we need to prepare to handle and respond to an incident, as an incident handler/responder. By the way, I found this talk by John Strand from Black Hills Information Security, How to Prepare Before the Compromise, has a broader scope, not just an incident handler/responder but also a person who may involve with the situation.