Jithin Alex's Blog, page 4

Note : This is the continuation to my previous post on VirtualAlloc function, click here to refer.
RtlMoveMemory function copies the contents of the payload to the destination memory block/buffer.
The syntax of the function is,
VOID RtlMoveMemory(
  _Out_       VOID UNALIGNED *Destination,
  _In_  const VOID UNALIGNED *Source,
  _In_        SIZE_T         Length
);

Destination : To where to copy the payload.
Source : From where to copy the payload.
Length : Size of the payload.

Example :
char payload[] ={0x...

While creating a malware, in-order to run they payload in the memory of the process, we need to create a memory buffer for the payload. For this purpose, we need to make use of the VirtualAlloc function.
As per the windows documentation, a VirtualAlloc function reserves, commits or changes the state of a region of pages in the virtual address space of the calling process.
Lets dig deep on this function and its parameters,

The syntax for the function usage is,
LPVOID VirtualAlloc(
  [in, optional] L...

Often times, we might need to save some of the images in a word document or from a power point presentation. Most of us copy and save the images one by one. There is an easier way to extract all the images from the office file at once. Watch the video or follow the steps mentioned below.

1) Rename the file extension to .zip
2) Open or extract the Zip file.
3) Access the word/ppt directory
4) Open media folder and there you can see all the images embedded in the document.

Metadata is the data about the data. Every files has some metadata and it describe what the file is (minus the content). For example,  an image file, its metadata might contain information such as when the image is created, by whom, when is it modified, who can access etc, but it wont be able to tell what is in that image. 

There are different types of metadata. Lets go through the main types.

1) System Metadata
This metadata is created and used by the Operating system. Though OS uses it for variou...

While performing a digital forensics investigation, you might need to collect various artifacts, information and images from the target machine. Most of the times, we make use of the automated tools to retrieve the information that we require. Read DFIR KAPE : Evidence Collection Tool

However, it is important to know to collect the data manually as well. This process of collecting the required information and image , also known as Evidence acquisition is one of the most important tasks to be perf...

"Global Privacy Control (GPC) is a proposed specification designed to allow Internet users to notify businesses of their privacy preferences, such as whether or not they want their personal information to be sold or shared. It consists of a setting or extension in the user’s browser or mobile device and acts as a mechanism that websites can use to indicate they support the specification." -- Source : https://globalprivacycontrol.org/

GPC is inbuilt with Brave and DuckDuckGo browser, and from ve...

Are you interested in learning cybersecurity and having the big question "Where to start?". Well, few months ago, i also had the same question in my mind. Do i need to learn programming languages...



This is a content summary only. Visit my website for full links, other content, and more!

:)

I am not an exploit developer but was interested to see how this vulnerability can be exploited. So i tried to replicate the infamous PrintNightmare vulnerability using the following PoCs...



This is a content summary only. Visit my website for full links, other content, and more!

:)

This month, i have done two certification exams. Certified Ethical Hacker (CEH) Practical and eLearn Security Junior Penetration Tester (eJPT). These were not actually in my plan however when i...



This is a content summary only. Visit my website for full links, other content, and more!

:)

I was trying to use the snmpenum.pl in my lab and encountered this error.
Can't locate Net/SNMP.pm in @INC (you may need to install the Net::SNMP module)

I searched over the internet for the fix ,...



This is a content summary only. Visit my website for full links, other content, and more!

:)