Erica Zelic
Playing with Bubbles: An Introduction to DLL-Sideloading
DLL Side-Loading is a pervasive technique partially because its behavior is difficult to detect. As a sub-technique of DLL Hijacking, it ta
top of page
Search
Nihaal Prasad
- Oct 5, 2021
- 6 min
Return to Libc: Linux Exploit Development
This blog post will cover how to conduct a ret2libc attack. The ret2libc technique is a tactic used in Linux exploit development that allows
Mattia Campagnano
- May 20, 2020
- 6 min
Weaponizing Windows Binaries and Scripts (LOLBAS): What's Old Is New Again
One of the latest trends in penetration testing and malware development is to weaponize the so-called Living Off the Land Binaries and Scrip
Wade Ma
- Mar 3, 2020
- 9 min
Automated Obfuscation of Windows Malware and Exploits Using O-LLVM
Today’s malware authors and exploit developers have automated methods of obfuscating their software, When these techniques are combined with
Mattia Campagnano
- Feb 3, 2020
- 9 min
Ransomware Attacks Are on the Rise, Should You Pay the Ransom?
However, sometimes the answer to this question cannot be so clear-cut. Much depends on how valuable the information being held for ransom is
Fred Mastrippolito
- Jun 18, 2019
- 2 min
The CISO asked me to run Ransomware on his laptop
The executive’s laptop had the very latest version of a cloud-based, next-generation antivirus endpoint detection and response software, whi
Admin
- Jan 4, 2018
- 5 min
Meltdown and Spectre: Quick Overview and Next Steps
The purpose of this blog post is not to provide an exhaustive overview of Meltdown and Spectre, but instead to provide key points and caveat
Polito, Inc.
- Oct 3, 2017
- 4 min
Language Interpreters and Post-Exploitation
*This blog entry was originally published on March 15, 2016 on the original Polito Blog by Ian Duffy. It was re-posted on October 3, 2017...
Polito, Inc.
- Oct 2, 2017
- 3 min
Running Metasploit Shellcode in a Process
*This blog entry was originally published on March 23, 2015 on the original Polito Blog by Ian Duffy. It was re-posted on October 2, 2017...
Ian Duffy
- Mar 15, 2016
- 4 min
Language Interpreters and Post-Exploitation
Polito is observing a trend towards disuse of bespoke / purpose-built tools by attackers for post-exploitation activities on systems. Such t
Ian Duffy
- Mar 23, 2015
- 3 min
Running Metasploit Shellcode in a Process
Thus I decided that I would need to execute the shellcode in a new process. This should have the effect of freeing any memory used by meterp
bottom of page