Glad you’re here! If you’re new here, why don’t you check out my About-Page to get to know me better? There you can get some general information about me and ways to contact me. Hope to speak to ...
Social Engineering: The downside of Security-Awareness
Introduction Almost not a day goes by that I don’t receive a suspicious-looking email asking me to either click on a shortened URL or open an attachment. And I’d bet you do, too. Why do cyber cri...
Malware: Living off the land - Creating fileless PowerShell malware
Introduction The Windows API refers to functionality exposed by built-in system DLLs (eg. kernel32.dll - which exposes multiple functions that can be used by developers to interact with Windows). ...
Exploit: Exploiting CVE-2016-2555 enumerating and dumping the underlying Database
Introduction Over the last few days I was researching an (already existing) vulnerability in ATutor v2.2.1. According to the official homepage of ATutor: ATutor is an Open Source LMS (Learning...
Evasion: Bypassing AV through malware obfuscation techniques
When I was enrolled in PWK to obtain my OSCP, we (the students) luckily did not have to bother with up-to-date installed Antivirus software on the machines within the lab. Even though we learned so...