Info Sec & Developers Blog

Dear reader, Below article is related to creating your personal folder which cannot be accessible to anyone or 98% users, even not to your system administrator or your organizational administrators (AD Admins) will be able to access it (except from 2 tricks which are share at the end of article). So lets start: As you all must be aware that there are certain words/Name which you cannot give to folder in windows. e.g. You can’t make a folder in Windows having CON, PRN, AUX, NUL, COM1, COM2, COM3, COM4, COM5, COM6, COM7, COM8, COM9, LPT1, LPT2, LPT3, LPT4, LPT5, LPT6, LPT7, LPT8, and LPT9. as the name. This is because these folder names are reserved for use in specific system related operations/tasks. But there is a trick that you can create folder using these name and if you double click it, it won't open or in cmd you can't CD, DIR to that folder, which mean anything inside that folder can't be viewed (except from one trick which will be shared at the end of thi

Dear all, This article is related to windows 7 Escalation of Privilege which was identified by Zero Day Initiative (Article link ) Here is the short version of how to escalate the Privilege if your windows 7 is not updated in/after Nov 2019. 1st you have to download an application which is signed by old Microsoft  certificate. Right click on it and go to properties and click on UNLOCK button. Right click on the application and run as administrator. UAC box will appear. Click on Show details, it will show you a Hyper Link, click on it. Certificate popup box will appear, there will be hyper link in front of ISSUED By row. Click it and it will open IE running as system privileges, close the all popup boxes. and open the minimized IE. Click on setting buttons and click on Save AS from there you can go to windows/system32 directory and run a CMD. Exploitation Video is below: https://www.youtube.com/watch?v=3BQKpPNlTSo Also below are the links of Old signed "Micros

Dear Reader, Today while testing for a website I changed my Firefox proxy setting to burp-suite proxy and completed the testing, now when I revert back the normal proxy settings/system proxy. The websites like google and other HTTPS base websites started showing my HSTS error due to our organization's self signed certificate. If you are facing same error below are the steps to follow: Close all tabs in Firefox. Go to proxy setting in Firefox and set your manual proxy or select proxy system proxy. Note that if you select system proxy, you have to set proxy in internet explorer . Once everything done, Open New Tab and type this and hit enter about:config It will show you an alert and click i accept s It will open a page, on top of that page there will be a search bar, in that search bar copy paste this: security.enterprise_roots.enabled The search bar will show you the value, double click on that value and its value will be changed true.  Close your browser and open it ag

Dear all, specially penetration testers If you were testing some new windows exploit which can help you in UAC bypass or fileless UAC bypass. Once you run the exploit and after sometimes you note that now all settings like network settings display settings and other windows settings are not opening or its opening CMD instead of normal settings, you are at right place to find the solution. Today I was testing a windows 10 UAC bypass exploit and my system's settings stops working and some settings are opening cmd.exe which annoyed my alot, so after alittle research and reading the exploit code, i got the solution. Below are the solution steps. Good news is that you dont need admin rights to do it. Open the registry (win+R, type regedit and hit enter) Next go to this path in registry \HKEY_CURRENT_USER\Software\Classes\ Inside the classes hive you will see ms-setting folder, right click on ms-setting and rename it to ms-settings- or any other name. close the regis

Dear reader As you know we update this blog once we get in some kind of trouble in our daily life, So today our organization started Bitlocker implementation on all systems which will encrypt all drives, I have allowed encryption on only C (windows) drive, but soon after that, the bitlocker started giving me popups like encrypt your D,E drive. I have clicked on postponed multiple times but it keeps on appearing after few minutes. Sooooo, if you have faced such issue below is the an awesome trick to bypass it, also you won't find this trick any where else on internet as its completely self learned. So I knew that this Bitlocker is some how communicating to its centralized server for policy updates or may be for some other communication or keys recovery or reports etc, and I knew that server information will be stored in Registry. But the problem was to search for those registry keys and find the server information and edit the host file and assigning the localhost to serv

Hi to everyone, As you know we update this blog whenever we encounter any issue and solve it after hell of trying. So today we will talk about Vmware and no IP/ no eth0 problem. The Problem which I faced was when I updated my windows 10 Wifi driver because it was causing some issues whenever I wanted to connect to some new WIFI network it always gives me errors like cant connect , so I had to update the Wifi driver. As I updated my driver I came across this problem that All the *nix (Linux/Unix) VMs in my VMWARE workstation 12 stopped working. But my windows VMs were working fine. As simple ifconfig  commands only shows the loopback interface and no eth0 interface. i tried to run ifconfig -a   than it showed the eth0  with no IP address assign to it. If u having the same problem, below solution can help you. 1st u have to login your *nix machine as root or you can do sudo and than perform below steps Step 1: leafpad /etc/network/interfaces  or if u dont have leafpad

Dear All, Its been a while that we have not updated this forum. Today we will talk about the AV bypassing or to check if your antivirus is really what they are claiming, So i have start testing the CISCO AMP for endpoint, it was detecting the netcat file (nc.exe) as a remote monitoring tool and was keep on deleting it. To bypass the AV i copied the nc.exe to an excluded directory which i already knew. Or in your case you have to perform below actions on a VM or another machine which do not have Cisco AMP installed. So lets start the bypassing process. We will assume that we copy our nc.exe in below directory: C:\excluded\   Open powershell (by press windows+R button and type powershell). Move to excluded directory in powershell cd C:\excluded\ Type following commands in power shell. Replace the nc.exe with the your exe name which you want not to detected by Antivirus.  add-content '.\nc.exe' `0 remember the  `0 Hit enter You are all good. This exec