PinnedRaafat AbualazmCESP-ADCS: Attacking Active Directory with Certificate Services only.Do you trust the certificates?Sep 15, 2023Sep 15, 2023
PinnedRaafat AbualazmMy review of CAWASP.A very good introduction to Cloud Web Apps Pentesting on AzureMay 20, 20231May 20, 20231
Raafat AbualazmThe hitchhiker’s guide to Windows APIs for Process Injection. — Part 6After a brief pause, we delve, once again, into Process Injection. This time we will discuss a technique called Module Stomping.Apr 2Apr 2
Raafat AbualazmOverSecured iOS App Walkthrough: Dumping sensitive data.Last time when looking through the UI of the iOS App we saw that it had a suspicious looking button which says, “Dump cache data”.Feb 8Feb 8
Raafat AbualazmThe hitchhiker’s guide to Windows APIs for Process Injection. — Part 5For the fifth instalment in series, we make a slight variation to the APC Injection to make it less “guessy”.Dec 24, 2023Dec 24, 2023
Raafat AbualazmOverSecured iOS App Walkthrough: Deeplinks — Part 2Having analysed the source code — well sort of —, we have found out that the app makes use of Deeplinks. This time we are going to see…Dec 21, 2023Dec 21, 2023
Raafat AbualazmThe hitchhiker’s guide to Windows APIs for Process Injection. — Part 4For the fourth instalment of the Process Injection series, we will dive together into APC Process Injection?Dec 6, 2023Dec 6, 2023
Raafat AbualazmOverSecured iOS App Walkthrough: Deeplinks — Part 1Hey, today we shall venture into iOS vulnerabilities. Our target shall be OverSecured Vulnerable iOS Application (OVIA). The code for the…Nov 28, 2023Nov 28, 2023
Raafat AbualazmThe hitchhiker’s guide to Windows APIs for Process Injection. — Part 3The case for NT functions.Oct 17, 2023Oct 17, 2023
Raafat AbualazmThe hitchhiker’s guide to Windows APIs for Process Injection. — Part 2Now let’s do process injection in the most stupid way, shall we?Oct 4, 2023Oct 4, 2023