Profile cover photo
Profile photo
Paul Bolton

Post has attachment
Bypassing Kaspersky 2017 AV by XOR encoding known malware with a twist
One thing that I haven't had a really good look
at, coming from a non-pentesting background, is how to avoid anti-virus
scanners; so here is my first serious dive into it. I suspect to most this isn't anything new to
experienced testers. Given the limitatio...
Add a comment...

Post has attachment
E9 3E 50 4F 53: What comes in red pills and is highly addictive?
Since passing my OSCP exam a few weeks ago I've
been debating whether to add to the vastness of reviews on the PWK course and OSCP exam. It, however, feels
like a right of passage; so here goes. What
is the PWK course , I hear you ask. To quote from Offensi...
Add a comment...

Post has attachment
Data Exfiltration with ease
As someone who has to regularly diagnose issues on a plethora of operational
systems and under various failure scenarios, just as a pen tester or adversary
I need to think of alternative ways to do things. Some turn out to be incredibly
straightforward ways...
Add a comment...

Post has attachment
NFS Abuse for Fun and Profit - Part 2
Following on from Part 1 of this article, we
continue our introduction to NFS by abusing SUID. When we talk about SUID here, we also infer
SGID. i.e. you can set the effective group ID as well; but I will leave that as
an exercise for the reader. Case
4a – ...
Add a comment...

Post has attachment
Samsung Self Signed Certs
With this blog entry I thought I would ask a
question. As you would expect, someone with my background
has a home network that is someone different to that of the average home user.
Part of that is the use of a web proxy server, so all devices need to go vi...
Add a comment...

Post has attachment
Kernel Tracing Qmax on Solaris – Part 1
Time to poke around the kernel and do a simple
bit of reversing. Whether you are a sysadmin, penetration tester,
or reverse engineer, if you don't know about Solaris DTrace you will want to.
It allows for low-latency instrumentation of the system. This incl...
Add a comment...

Post has attachment
NFS Abuse for Fun and Profit - Part 3
Following on from Part 1 and Part 2 ; in this
final part of this overview of NFS version 2 and 3, we will look at a number of
other countermeasures and a nice way to compromise a system. Case
5 – Read only shares This is one of the more useful options. If w...
Add a comment...

Post has attachment
Beyond TCP Qmax
When it comes to network security and
performance of network services, an important concept is how the UNIX kernel
handles establishing TCP connections. Whilst the three-way handshake is
commonly known, unless you write communications code (e.g. the listen(...
Add a comment...

Post has attachment
Linux Ransomware and SSH
I recently came across this article on the FAIRWARE ransomware attacking Linux servers by brute forcing SSH
according to the referenced article here .
I thought why in this day-and-age is brute forcing SSH from the Internet
working? Surely we are not exposi...
Add a comment...

Post has attachment
A Brief Look at EMail, SPF, DKIM and DMARC
Having recently built my home email server and
wanting to be a good MTA I decided to look a number of anti-spam mechanisms.
Whilst host-based anti-virus solutions and the like offer anti-spam engines,
there also exist a number of other technologies to help ...
Add a comment...
Wait while more posts are being loaded