Cyber Struggle
Articles
14 December 2021
COM Hijacking for Persistence
COM Object? The Microsoft Component Object Model (COM) is an interface standard that allows the software components to interact and...
17 September 2020
Ratelimit Bypass Tool: Whitepass
Cyber Struggle Delta Team has developed a tool to bypass Whitelist/Ratelimit Implementations in Web Applications/APIs Main Features Parsing Requests from burp-suite...
22 July 2020
Credential Dumping Tool: Chalumeau
Cyber Struggle Delta Team has developed a tool to help penetration testers and red teamers during their operations.Chalumeau is an...
21 April 2020
Microsoft ATA Evasion (Over PTH, Golden Ticket)
Introduction During these quarantine times, our team focusses on creating new updated topics for courses, analyses evasion, and threat hunting...
Vulnerability descriptionThis morning, Microsoft released patches for CVE-2020-0796 SMBv3 RCE Microsoft’s advisory said a crafted SMBv3 packet could be used...
6 February 2020
Intelligence Planning
The discipline of “Intelligence” is often assumed to be practiced only by governmental agencies. However, in the field of cybersecurity,...
3 February 2020
Symantec Endpoint Protection Bypass + Meterpreter Pivoting
Introduction In Red Teaming, it is essential to keep your tactical, mechanical skills, and operational competence updated with researches and...
14 January 2020
FireEye EDR Bypassed with Basic Process Injection
Introduction During our SOC and Red Team researches, we like to give some time to understand the endpoints and their...
12 January 2020
Citrix ADC Remote Code Execution, CVE-2019-19781
Introduction Last month, a critical vulnerability in Citrix ADC and Citrix Gateway was published under CVE-2019-19781. The vulnerability caught our...
13 November 2019
Exploit Implicit Coercion Bugs in Node.js Applications
Introduction Implicit type coercion conditions in dynamically typed programming languages has always lead to tricky outcomes. If you ever programmed...
12 November 2019
Training Model and New Approaches
In our previous article, we have mentioned the unique training methodology applied within the organization of Cyber Struggle. And in...
12 November 2019
Cyber Struggle and Training Model
There are many free or paid training in the field of Cyber Security. The number of events and training activities...
12 November 2019
Cyber Struggle and Ideal Performance State
Cyber Security is mostly considered as only a technical issue. It contains, however, many other parameters in addition to the...
22 September 2019
Preventing IDOR in Django
Basically I got some basic internals about Django framework since most of my code reviews operations are with web applications...
5 July 2019
Criminal Profiling at a Glance
The history of criminal profiling goes back to the first profiling study of Jack the Ripper in the 1880s. But...
22 May 2019
CVE-2019-0708 Technical Analysis (RDP-RCE)
Microsoft patch Tuesday this May (2019) comes with patch for critical RDP RCE Vulnerability, CVE-2019-0708 Remote Code Execution Vulnerability exists...
20 January 2019
Analysis of APT37 New Year Attack
EXECUTIVE SUMMARY This is the analysis report of a sample which is tied to a campaign conducted against South Korean...
5 January 2019
Bankshot Dropper Analysis
Summary This is the analysis report of a malicious Word document used in a Phishing campaign targeting financial organizations and...
1 January 2019
APT37 New Year Attack
This is the analysis report of a sample which is tied to a campaign conducted against South Korean Unification Ministry...
15 October 2018
WannaCry Dropper Analysis
Introduction In this article, we will perform a simple analysis of the WannaCry ransomware given to CS Ranger candidates as...
8 October 2018
Serial Killers, 7 Psychological Phases and Cyber World
In 1988, psychologist Joel Norris, after 500 interviews, revealed his work based on the fact that serial killers undergo 7...