Tim carrington

3 Aug 2021

Playing with PuTTY

This article explores techniques for manipulating PuTTY's source code and session sharing mechanism to capture credentials and execute remote commands. Multiple methods are demonstrated for backdooring PuTTY, including capturing user commands, stealing authentication details, and hijacking SSH sessions through named pipe communications. The techniques provide creative approaches for bypassing security controls during adversarial simulations without traditional keylogging methods.

10 Mar 2020

Making Donuts Explode – Updates to the C3 Framework

The C3 framework's "Exploding Donut" release introduces significant updates to cybersecurity operations. Key improvements include integration with the Covenant C2 framework and Donut for compressed shellcode generation. The ChannelLinter project was added to simplify channel development for cybersecurity professionals.

22 Feb 2019

AutoCAD - Designing a Kill Chain

A detailed analysis of potential cybersecurity vulnerabilities in AutoCAD reveals multiple attack vectors across the cyber kill chain. The research demonstrates how malicious actors can exploit AutoCAD's features like ActionMacros, AutoLisp scripts, and remote text functionality to gain code execution, establish persistence, and perform lateral movement. Multiple attack techniques were identified that could potentially compromise users in high-value industries through targeted AutoCAD-specific exploitation methods.