<![CDATA[splinter_code blog]]>

<![CDATA[splinter_code blog]]> https://splintercod3.blogspot.com/ https://splintercod3.blogspot.com/favicon.ico splinter_code blog https://splintercod3.blogspot.com/ <![CDATA[ Bypassing UAC with SSPI Datagram Contexts ]]>

]]> https://splintercod3.blogspot.com/p/bypassing-uac-with-sspi-datagram.html <![CDATA[ LocalPotato - When Swapping The Context Leads You To SYSTEM ]]>

]]> https://splintercod3.blogspot.com/p/localpotato-when-swapping-context-leads.html <![CDATA[Custom-Branded Ransomware: The Vice Society Group and the Threat of Outsourced Development]]>

]]> https://splintercod3.blogspot.com/p/custom-branded-ransomware-vice-society.html <![CDATA[Black Basta Ransomware | Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor]]>

]]> https://splintercod3.blogspot.com/p/black-basta-ransomware-attacks-deploy.html <![CDATA[Giving JuicyPotato a second chance: JuicyPotatoNG]]>

]]> https://splintercod3.blogspot.com/p/giving-juicypotato-second.html <![CDATA[The hidden side of Seclogon part 3: Racing for LSASS dumps]]>

]]> https://splintercod3.blogspot.com/p/the-hidden-side-of-seclogon-part-3.html <![CDATA[A very simple and alternative PID finder]]>

]]> https://splintercod3.blogspot.com/p/a-very-simple-and-alternative-pid-finder.html <![CDATA[Insomni'Hack 2022 - Ransomware Encryption Internals: A Behavioral Characterization]]>

]]> https://splintercod3.blogspot.com/p/insomnihack-2022-ransomware-encryption.html <![CDATA[BlueHat IL 2022 - Relaying to Greatness: Windows Privilege Escalation by abusing the RPC/DCOM protocols]]>

]]> https://splintercod3.blogspot.com/p/bluehat-il-2022-relaying-to-greatness.html <![CDATA[ The hidden side of Seclogon part 2: Abusing leaked handles to dump LSASS memory ]]>

]]> https://splintercod3.blogspot.com/p/the-hidden-side-of-seclogon-part-2.html <![CDATA[ Hide and Seek | New Zloader Infection Chain Comes With Improved Stealth and Evasion Mechanisms]]>

]]> https://splintercod3.blogspot.com/p/hide-and-seek-new-zloader-infection.html <![CDATA[HITB 2021 AMS - The Rise of Potatoes: Privilege Escalation in Windows Services]]>

]]> https://splintercod3.blogspot.com/p/hitb-2021-ams-rise-of-potatoes.html <![CDATA[Black Hat Asia 2021 - The Rise of Potatoes: Privilege Escalations in Windows Services]]>

]]> https://splintercod3.blogspot.com/p/black-hat-asia-2021-rise-of-potatoes.html <![CDATA[Relaying Potatoes: Another Unexpected Privilege Escalation Vulnerability in Windows RPC Protocol]]>

by splinter_code & decoder_it - 26 April 2021 Executive Summary Every Windows system is vulnerable to a particular NTLM relay attack...

]]> https://splintercod3.blogspot.com/p/relaying-potatoes-another-unexpected.html <![CDATA[RomHack2020 - Windows Privilege Escalations: Still abusing local service accounts to get SYSTEM privileges]]>

Slides here: https://github.com/antonioCoco/infosec-talks/blob/main/RomHack2020_Windows_Privilege_Escalations_Still_abusing_Service_Acco...

]]> https://splintercod3.blogspot.com/p/romhack2020-windows-privilege.html <![CDATA[Weaponizing Mapping Injection with Instrumentation Callback for stealthier process injection]]>

by splinter_code - 16 July 2020 Process Injection is a technique to hide code behind benign and/or system processes. This technique is u...

]]> https://splintercod3.blogspot.com/p/weaponizing-mapping-injection-with.html <![CDATA[No more JuicyPotato? Old story, welcome RoguePotato!]]>

by splinter_code & decoder_it - 11 May 2020 After the hype we ( @splinter_code and me) created with our recent tweet , it’s time t...

]]> https://splintercod3.blogspot.com/p/no-more-juicypotato-old-story-welcome.html <![CDATA[We thought they were potatoes but they were beans (from Service Account to SYSTEM again)]]>

by splinter_code - 6 December 2019 This post has been written by me and two friends: @splinter_code and 0xea31 This is the “unintended...

]]> https://splintercod3.blogspot.com/p/we-thought-they-were-potatoes-but-they.html <![CDATA[Reverse Engineering a JavaScript Obfuscated Dropper]]>

by splinter_code - 31 July 2017 1. Introduction Nowadays one of the techniques most used to spread malware on windows systems is...

]]> https://splintercod3.blogspot.com/p/reverse-engineering-javascript.html <![CDATA[New Locky variant – Zepto Ransomware Appears On The Scene]]>

by splinter_code - 7 July 2016 New threat dubbed Zepto Ransomware is spreading out with a new email spam campaign. It is a variant of the...

]]> https://splintercod3.blogspot.com/p/new-threat-dubbed-zepto-ransomware-is.html <![CDATA[Locky Ransomware is back! 49 domains compromised!]]>

by splinter_code - 26 June 2016 Locky ransomware starts up again its illegal activity of stealing money from their victims after a temporary inactivity since the end of May. This time, it comes with hard-coded javascript...

]]> https://splintercod3.blogspot.com/p/blog-page_14.html