https://tahadraidia.com/categories/security/Recent content in Security on Taha DraidiaHugo -- gohugo.ioen-usSun, 28 Jul 2024 00:00:00 +0000https://tahadraidia.com/posts/master-your-craft-tavis-ormandy-analysis-on-the-crowdstrike-incident/Sun, 28 Jul 2024 00:00:00 +0000https://tahadraidia.com/posts/master-your-craft-tavis-ormandy-analysis-on-the-crowdstrike-incident/Updated 08/07/2024 I received a lot of criticism suggesting I was trying to prove Tavis Ormandy wrong, which is not true. In fact, my entire video and post aim to delve into and support what Tavis explained. This post discusses how Tavis Ormandy called out misinformation spreading on Twitter. When I referred to “the author of the tweet,” I meant the person whose tweet Tavis was highlighting. Tavis is well respected in the industry, and I have always expressed my respect and admiration for his work.https://tahadraidia.com/posts/alternative-to-jmp-esp/Sun, 12 Dec 2021 13:34:28 +0000https://tahadraidia.com/posts/alternative-to-jmp-esp/When it comes to vanilla buffer overflow, JMP ESP instruction is the one you look for when you got control over EIP register. Now let’s assume that DEP is not enabled and due to ASLR and/or JMP ESP addresses contains bad characters, which make those address impossible to use. We can look for the following assembly instructions instead: PUSH ESP; RET (54C3) 0:012> u 77c73989 ntdll!ResCDirectoryValidateEntries+0x1805: 77c73989 54 push esp 77c7398a c3 ret CALL ESP; (FFD4) 0:012> u 77c77254 ntdll!https://tahadraidia.com/posts/dont-go-phising-blind-watch-while-execution/Sat, 04 Dec 2021 11:25:46 +0000https://tahadraidia.com/posts/dont-go-phising-blind-watch-while-execution/Raise your hand if you crafted well your payload and the payload worked well in your lab machines but in the real scenario you’re not receiving the callback! I guess all of us at some point have experienced this. To solve this I wrote a simple and yet effective set of functions that allow us to see what going on while the runtime of our script. The first function/subroutine, which I called hello simply sends an GET request to a specified server.https://tahadraidia.com/posts/identify-weak-service-configuration-with-oneliner-of-powershell/Fri, 03 Dec 2021 09:48:14 +0000https://tahadraidia.com/posts/identify-weak-service-configuration-with-oneliner-of-powershell/One of the features of PEN300 MSF script is lazy privilege escalation, it checks for few common excessive permissions and lack of configuration in certain component of the box. The missing part was how to identify weak service configuration? the approach was already known, however how to achieve it using MSF Ruby API or Win32 API seemed doomed. MSF Windows Services class relies on sc_manager, this won’t work with low privileged user.https://tahadraidia.com/posts/automate-the-reconnaissance-phase/Thu, 02 Dec 2021 07:43:03 +0000https://tahadraidia.com/posts/automate-the-reconnaissance-phase/If you have been reading my OSEP (PEN300) post series, you know that I love automating things, reconnaissance phase is one of the repetitive tasks that you do for each machine you compromise right. In this post, I am going to share with you how I took advantage of the existing scripts and tools to create let’s say a reconnaissance script bundle. The script is written into Powershell, the language has a rich API and special when it allow us to load .https://tahadraidia.com/posts/added-runasppl-check-to-our-pen300-msf-script/Wed, 01 Dec 2021 10:21:33 +0000https://tahadraidia.com/posts/added-runasppl-check-to-our-pen300-msf-script/While running some test this morning and stumbled on the following error: Could not execute auto: Rex::Post::Meterpreter::RequestError priv_passwd_get_sam_hashes: Operation failed: The parameter is incorrect. This occurred while executing right after enabling restricted admin in our MSF script as show in the screenshot. There are two important points we need to discuss here, first when the error happened, it was not handle hence, the script stop running, this bad. The second point is what could go wrong right?https://tahadraidia.com/posts/taking-advantage-of-assembly.getmanifestresourcestream-for-quick-dirty-hacks/Wed, 01 Dec 2021 04:32:52 +0000https://tahadraidia.com/posts/taking-advantage-of-assembly.getmanifestresourcestream-for-quick-dirty-hacks/We all get lazy from time to time, but things need to be done, in this post I am going to share with you a dirty hack that I used to avoid translating a solution written in a X programming language to another programming language. The scenario that we are going to cover here is that let’s say we wrote a piece of code that does something but requires another tool to achieve the next step of the aimed goal.https://tahadraidia.com/posts/make-sharprdp-a-loadable-dot-net-assembly/Mon, 29 Nov 2021 07:21:19 +0000https://tahadraidia.com/posts/make-sharprdp-a-loadable-dot-net-assembly/SharpRDP in a neat tool when it comes to get a command execution via RDP protocol, The project is written in C# .NET, which makes perfect to leverage .NET Assembly, however, in order to load an assembly the binary needs to expose the API and in this case SharpRDP is build in away that it can only be in traditional way. If we look at the source code of the project on github, we can clearly see that Program class has internal attributes and the two methods have private attribute.https://tahadraidia.com/posts/git--init-blog/Thu, 14 Dec 2017 00:00:00 +0000https://tahadraidia.com/posts/git--init-blog/Hello world, welcome to my little paradise, I’m Taha Ibrahim DRAIDIA, I’m a software developer interested in application security, binary exploitation, exploit developement, ethical hacking and bug bounties. I never wrote a blog before, this my first time, I hope you’ll like my writings. Below are the reasons why I decided to start writing a blog: I used to take notes on text files, they got messy I would like to share what I’ve learnt along my journey in computers I would like to increase my writing skills I would like to get feed back about my code, researchs and methodologies I would like to feel more connected with people who share the same interests Here is a list of topics which I’ll be writing about: