Posts

Remote Kernel Debugging (HEVD-Part 1)

Image
This post will setup the VMs for Debugger(Win10 x86) and Debuggee(Win7 x86) for the Kernel Debugging using HEVD (HackSysExtremeVulnerableDriver) as case study. The tools that we need for our installation  Host     1. Binary Ninja (personal/trial) Debugger VM     1. WinDBG Preview      2. HE VD 2.0 pdb Debuggee VM     1.  HEVD 2.0 sys     2. OSRLoader.exe     3. Python 2.7 ( python 3.0+ ) Install Window 10 VM (Debugger) I nstall Window 7 (Debuggee) Once the OS have successfully installed on both VM. Download and Install it. (Debugger) (Debuggee) ==================================Debugger VM================================== Add follow sympath for WinDbg on  Debugger VM Variable Name : _NT_SYMBOL_PATH Variable Value : SRV*C:\Symbols*https://msdl.microsoft.com/download/symbols Click ok and Shut Down the VM. Edit the .vmx file configuration.  serial0.present = "TRUE" serial0.fileType = "pipe" serial0.fileName = "\\.\pipe\com_1" serial0.pipe.endPoint = "
Post a Comment
Read more

Sub Domain Take Over - Simulate Environment

Image
Sub Domain Take Over - Simulate Environment These few days, I have done some studies on this topic " sub domain take over" , and I found out that most of the blogs does not have end to end tutorial and this blog I would not be explaining the theory. But I will show a simple case study "sub-domain takeover". I have created an environment and ready to show, how the subdomain takeover can be done. Victim (subdomain.tehwinsam.xyz) Let assume that you have found a subdomain through your own unique enumeration technique. We can use a tool call "dig" and to find the DNS information for  subdomain.tehwinsam.xyz. The DNS information shows that subdomain.tehwinsam.xyz  CNAME applebois.asuscomm.com   Since, I bought the tehwinsam.xyz from namecheap.com.  Therefore, from the dashboard of namecheap, the configuration of DNS should look like image below.  Assuming, that the domain for applebois.asuscomm.com is no longer valid/use by anyone and available to register this
Post a Comment
Read more