blue-team - tbhaxor

blue-team

A collection of 10 posts

Hunting Secrets from Containers by Analysing Docker Images

Hunting Secrets from Containers by Analysing Docker Images

Docker images are used to create containers and contain some secrets that can be extremely useful when exploiting applications. In this post, you will learn how to search for such information in Docker images or Dockerfiles in order to gain unauthorised access.

Hunting for Malicious Binaries and Backdoors in the Running Containers

Hunting for Malicious Binaries and Backdoors in the Running Containers

An attacker might exploit one of the container's service and install malicious apps or a backdoor to get access to your container later. In this post, you'll learn how to use the "docker diff" plugin to do forensics and incident response on a running docker container.

Reading and Writing into Process's Memory

Reading and Writing into Process's Memory

Get the basic understanding on the remote process memory read and write all by windows 32 API and create your own game hacks.

Dump Information for Process using GetTokenInformation

Dump Information for Process using GetTokenInformation

In this post, you will get a very thorough step-by-step walkthrough on building your own process token dumper in the c++ which will help you in knowing your target better before launching another post exploitation attack.

Windows Process Listing using NTQuerySystemInformation

Windows Process Listing using NTQuerySystemInformation

Get acquainted with the undocumented low-level yet powerful APIs from winternls and how to use the NtQuerySystemInformation function to get a list of all the processes running in the system

Windows Process Listing Using PSApi

Windows Process Listing Using PSApi

Get a detailed walkthrough on process listing via PSApi. You will also learn about its pros-n-cons and the new set of functions from the PS Api suite related to module enumeration.

Windows Process Listing using ToolHelp32 API

Windows Process Listing using ToolHelp32 API

Get a detailed walk-through on the code of process listing using ToolHelp32 API from scratch. You will also learn to enumerate the threads and modules for each process and will know about its advantages and challenges

Windows Process Listing Using WTS API – Part 2

Windows Process Listing Using WTS API – Part 2

In this post, you will learn how to gracefully enable SeDebugPrivilege and automatically launch the process using ShellExecuteExA with administrator privileges. This is in continuation to part 1 of windows process listing using wts api.

Windows Process Listing Using WTS API – Part 1

Windows Process Listing Using WTS API – Part 1

In this detailed walkthrough of process listing using WTS API, you will learn the importance of the process listing and enumeration of anti-malware agents and will get your hands dirty with the source code

Mitigating the Damage in the Compromised Webserver using AppArmor

Mitigating the Damage in the Compromised Webserver using AppArmor

In this post, you will get a very (very) detailed tutorial on how to confine the resource for an nginx server and the php fpm service on a compromised server to allow specific commands via webshell