Khris TolbertinMaveris LabsHTB: CA2023 — Forensics Interstellar C2The folks at HackTheBox put on another fun/great event!7 min read·Mar 24, 2023----
Khris TolbertinMaveris LabsHTB: HackTheBoo 2022 Crypto_whole_lotta_candy writeupHad a chance to meddle with HTB:HackTheBoo while it was live from October 23rd through the 27th. Plenty of fun and unique challenges…5 min read·Oct 31, 2022----
Khris TolbertinMaveris LabsF5 ASM Rule 200004181: Generic Server Side Code Injection BypassTL,DR; During a recent engagement, we discovered a signature bypass for the F5 ASM Rule 200004181: Generic Server Side Code Injection. As…3 min read·Sep 12, 2022----
Khris TolbertinMaveris Labs2022 Hacky Holidays: UnlockTheCity CTF— History Repeats, Stop The Heist, Cloud Escalator Part 1Recently, I participated in the Hackazon Hacky Holidays: UnlockTheCity CTF (say that three times fast). UnlockTheCity was a somewhat…18 min read·Jul 29, 2022----
Khris TolbertinMaveris LabsHow I [almost] blew up my computer: my story of trimming LARGE password lists / txt filesIn the midst of conducting a research project on auditing passwords (which I hope to blog about later!), I had acquired numerous large…13 min read·Apr 19, 2022--1--1
Khris TolbertinMaveris LabsDecrypting SMB3 Traffic with just a PCAP? Absolutely (maybe.)TL;DR: Given just a PCAP of an SMB3 session, the encrypted SMB3 could be decrypted by cracking the NetNTLMv2 hash and computing the Random…7 min read·Jul 28, 2021----
Khris TolbertinMaveris LabsTip: Use EDR to help eliminate the use of password documents in your organizationsDuring a recent engagement with a client, we had one of the usual discoveries of passwords stored in clear-text on a users workstation. Red…4 min read·Aug 17, 2020----
Khris TolbertinMaveris LabsProxyjump, the SSH option you probably never heard ofToday, it is becoming more and more common for Penetration Testers, Security Researchers, Red Teams, and the like to require some sort of…5 min read·Jun 15, 2020--5--5
Khris TolbertinMaveris LabsAnalysis of a VBS Malware DropperRecently, I was willingly forwarded a phishing email (for science!) which contained a ZIP attachment, requesting the recipient to update…9 min read·Feb 24, 2020--1--1
Khris TolbertinMaveris LabsYet another update to bypass AMSI in VBATl,dr; Toying with some VBA AMSI bypasses from the internet were not working as expected, so I decided to walk through to see where it was…10 min read·Nov 19, 2019--1--1