Profile cover photo
Profile photo
zero sum
6 followers
6 followers
About
zero's posts

Post has attachment
Public
On the Misuse of Artifacts of Whitehat Research
The Metasploit module for EternalBlue was developed by myself and JennaMagius, previous community contributors of the project, and security researchers at RiskSense, a provider of pro-active cyber risk management solutions. The module was developed to enabl...

Post has attachment
Public
WannaCry Artifacts of Research
The Metasploit module for the EternalBlue vulnerability was developed by myself and JennaMagius, previous community contributors of the project, and security researchers at RiskSense, a provider of pro-active cyber risk management solutions. The module was ...

Post has attachment
Public
DoublePulsar Initial SMB Backdoor Ring 0 Shellcode Analysis
One week ago today, the Shadow Brokers (unknown hacking entity) leaked the Equation Group's (NSA) FuzzBunch software, an exploitation framework similar to Metasploit. In the framework were several unauthenticated, remote exploits for Windows (such as the ex...

Post has attachment
Public
MS17-010 (SMB RCE) Metasploit Scanner Detection Module
During the first Shadow Brokers leak, my colleagues at RiskSense and I reverse engineered and improved the EXTRABACON exploit , which I wrote a feature about it for PenTest Magazine . Again I find myself tangled up in the latest Shadow Brokers leak, which i...

Post has attachment
Overflow Exploit Pattern Generator
Metasploit's pattern generator is a great tool, but Ruby's startup time is abysmally slow. Out of frustration, I made this in-browser online JavaScript pattern generator. Generate Overflow Pattern Find Overflow Offset For the unfamiliar, this tool will gene...

Post has attachment
Hack the Vote "The Wall" Solution
RPISEC ran a capture the flag called Hack the Vote 2016 that was themed after the election. In the competition was "The Wall" challenge by itszn. The Wall challenge clue: The Trump campaign is running a trial of The Wall plan. They want to prove that no ill...

Post has attachment
Hack the Vote CTF "IRS" Solution
RPISEC ran a capture the flag called Hack the Vote 2016 that was themed after the election. In the competition was the "IRS" challenge by pigeon. IRS challenge clue: Good day fellow Americans. In the interest of making filing your tax returns as easy and pa...

Post has attachment
CSRF Attack for JSON-encoded Endpoints
Sometimes you see a possible Cross-Site Request Forgery (CSRF) attack against JSON endpoints, where data is a JSON blob instead of x-www-form-urlencoded data. Here is a PoC that will send a JSON CSRF. <html>
    <form action=http://127.0.0.1/json method=po...

Post has attachment
Reverse Engineering Cisco ASA for EXTRABACON Offsets
Background Understanding the Exploit Hijacking Execution Stage 1: "Finder" Stage 2: "Preamble" Stage 3: "Payload" Finding Offsets RET Smash "Safe" Return Address Authentication Functions Improving the Shellcode Future Work Background   On August 13, 2016 a ...

Post has attachment
Removing Sublime Text Nag Window
I contemplated releasing this blog post earlier, and now that everyone has moved on from Sublime Text to Atom there's really no reason not to push it out. This is posted purely for educational purposes. Everyone who has used the free version of Sublime Text...
Wait while more posts are being loaded