TL;DR

Quite frankly, this training is for anyone but those looking to skim material with a brief TL;DR section. Rather, it caters best to security professionals looking to roll up their sleeves and dive deep into the cogs and gears of the Windows operating system. If you fit this description, read on closely and carefully.

Note that this training isn’t tailored only for security professionals. Some of the attendees were system administrators, Windows developers, etc.

Credit Where Credit is Due

A thousand thanks to Pavel Yosifovich for authoring the content for this training and delivering it to myself and my fellow attendees during unsavory hours to accommodate our respective time zones. …


Update #1 (1/29/2018)

Hours after the release of this post, Matt Nelson unleashed a new technique to bypass the latest mitigation options made available by Microsoft. As a result, attackers can embed an Excel spreadsheet within OneNote in order to completely bypass the corresponding registry key intended to block DDE functionality. Furthermore, OneNote documents downloaded from external sources (e.g., the public Internet) are (still) not sandboxed by Protected View. I’ve added another item to the roadmap for my Office DDE payload generation tool, as I intend to automate this technique as well.

TL;DR

Microsoft pushed an update that disables DDE functionality within Word by default. However, this default setting can be nullified by setting a single registry key value. All other Office applications remain (relatively) vulnerable to DDE abuse attacks. …


Each year, the cybersecurity students of New York University (NYU) host the Cyber Security Awareness Week (CSAW) capture-the-flag (CTF) competition, the largest student-run cybersecurity event in the world. This is a jeopardy-style CTF event with a variety of challenge types and thousands of competitors, comprised of both students and professionals. In this post, I’ll cover the first ‘pwn’ challenge of the competition, ‘pilot’. As the category name appropriately indicates, in order to obtain the flag, you need to pwn the target (in this case, a binary).

So let’s dive in headfirst. The challenge description provides a connection string using netcat, a very versatile networking utility (often called the “TCP/IP swiss army knife”). …


As stated in my “about me” page, there have been more than a few conversations that involved someone asking me how I successfully “broke” into the information security field and, more importantly, how they could as well. Although this topic has been covered quite a bit, I felt it would be beneficial to offer my two cents to others looking to follow a similar path. However, I would strongly recommend you read the following posts before diving into my content:

About

Dominic

(Information|Cyber) security professional with particular interest in mobile security, red teaming and exploit development.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store