Projects
GeeksExplained.com image

DLL Side-Loading (T1574)

Check out my research into this MITER ATTACK persistence technique where I identify vulnerable pre-installed Windows applications. Creating a PoC exploit for this vulnerability to inject and execute a Cobalt Strike Beacon in the victim machine's memory. The victim machine was running Symmantec Endpoint Protection and all traffic was going through Paulo Alto Network's Next Generation Firewall.

GitHub

GeeksExplained.com image

Windows Timeline Parser

Windows collects a lot of detailed telemetry about the applications you open, when you open them, how long you spend on them, and the times and names of when you switched from you work app to YouTube. It also records where and when you copy and pasted. All of this data is very useful for digital forensics investigators in a corporate setting, or for an attacker to bypass behavioural analysis when exfiltrating data.

My script will parse your local windows timeline database and generate some CSV files and PDFs to show you the kinds of data stored here.

GitHub

GeeksExplained.com image