Quite frankly, this training is for anyone but those looking to skim material with a brief TL;DR section. Rather, it caters best to security professionals looking to roll up their sleeves and dive deep into the cogs and gears of the Windows operating system. If you fit this description, read on closely and carefully.

Note that this training isn’t tailored only for security professionals. Some of the attendees were system administrators, Windows developers, etc.

Credit Where Credit is Due

A thousand thanks to Pavel Yosifovich for authoring the content for this training and delivering it to myself and my fellow attendees during unsavory hours to…

Office DDE Attacks from an Offensive and Defensive Perspective

Update #1 (1/29/2018)

Hours after the release of this post, Matt Nelson unleashed a new technique to bypass the latest mitigation options made available by Microsoft. As a result, attackers can embed an Excel spreadsheet within OneNote in order to completely bypass the corresponding registry key intended to block DDE functionality. Furthermore, OneNote documents downloaded from external sources (e.g., the public Internet) are (still) not sandboxed by Protected View. I’ve added another item to the roadmap for my Office DDE payload generation tool, as I intend to automate this technique as well.


Microsoft pushed an update that disables DDE functionality within Word by…

Each year, the cybersecurity students of New York University (NYU) host the Cyber Security Awareness Week (CSAW) capture-the-flag (CTF) competition, the largest student-run cybersecurity event in the world. This is a jeopardy-style CTF event with a variety of challenge types and thousands of competitors, comprised of both students and professionals. In this post, I’ll cover the first ‘pwn’ challenge of the competition, ‘pilot’. As the category name appropriately indicates, in order to obtain the flag, you need to pwn the target (in this case, a binary).

So let’s dive in headfirst. The challenge description provides a connection string using netcat

As stated in my “about me” page, there have been more than a few conversations that involved someone asking me how I successfully “broke” into the information security field and, more importantly, how they could as well. Although this topic has been covered quite a bit, I felt it would be beneficial to offer my two cents to others looking to follow a similar path. However, I would strongly recommend you read the following posts before diving into my content:


(Information|Cyber) security professional with particular interest in mobile security, red teaming and exploit development.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store