modifyCertTemplate – ADCS Cert Template Modification And ACL Enumeration

This tool is designed to aid an operator in modifying ADCS certificate templates so that a created vulnerable state can be leveraged for privilege escalation (and then reset the template to its previous state afterwards). This is specifically designed for a scenario where WriteProperty rights over a template have been compromised, but the operator isRead More

ShellcodeTemplate – An Easily Modifiable Shellcode Template For Windows X64/X86

An easily modifiable shellcode template for Windows x64/x86 How does it work? This template is heavily based on Austin Hudson’s (aka SecIdiot) TitanLdr It compiles the project into a PE Executable and extracts the .text section Example The entrypoint of the shellcode looks like this. Of course, this can be changed for your need. FirstRead More

Server Side Template Injection Payloads

Server-side template injection is when an attacker is able to use native template syntax to inject a malicious payload into a template, which is then executed server-side.Template engines are designed to generate web pages by combining fixed templates with volatile data. Server-side template injection attacks can occur when user input is concatenated directly into aRead More