Florinel Olteanu

icon indicating a website link https://www.fo-sec.com

icon company Telefónica icon location Adversary Emulation at Telefónica Tech Red Team.

Results 3 comments of Florinel Olteanu

dLLs

You cannot inject native shellcode generated from tools like msfvenom (I'm guessing you used that). If you want to exec commands just write a .NET assembly (e.g., System.Diagnostics.Process.Start) and convert...

Can you make it clone cert look like Mangle!

I think it wouldn't make sense for this tool. We are already copying the whole signed binary, just altering the certificate to add shellcode without invalidating it. Cloning a certificate...

Why.

Hello, You need to be in a high integrity process in order to get a handle to LSASS. Make sure to open PowerShell/CMD as admin.