The Hidden PP Attack – A Non-Administrative Remote Shell For Data Exfiltration

Powershell to exploit systems is now being used fairly heavily but does frequently rely on administrative access to perform anything of value. To briefly address the different remote connections to new users we have: Backdoors – The computer has an open port in which someone can connect to at any point in time. Reverse Shell … More The Hidden PP Attack – A Non-Administrative Remote Shell For Data Exfiltration

Teensy Script to Exfil Passwords Through Outlook

Using the previous posts CLI commands to unveil cached credentials, here is an additional implementation which will exfil the data from the users own Outlook account. Once plugged in, the Teensy will do the following: Launch an unelevated Powershell prompt (no administrative access required). Run a brief few lines of code to dump the security … More Teensy Script to Exfil Passwords Through Outlook

Teensy Script to Enforce Users Locking Screens (Non administrative Password Dump!!)

We try to express time and time again the threats posed by leaving your screen unlocked. These are often batted back with responses of: I don’t have anything private on my screen I’m only away for a minute nothing can happen Aside from changing my screensaver… what else can be done? Well this is akin to smokers … More Teensy Script to Enforce Users Locking Screens (Non administrative Password Dump!!)

Bypassing Mechanical Locks With Lemon Juice

Mechanical locks normally require 4 digits and a single character in order for the lock to function. This normally excludes the “C” character as that is reserved for cancelling an input. Here’s the catch, they don’t have to be pressed in any particular order! We only need to figure out which buttons are being pressed, not … More Bypassing Mechanical Locks With Lemon Juice