Hi there, 馃憢

welcome to my blog. You will find posts about pentesting, red teaming and malware development below.

TLS Reverse Shells

In a recent pentest I had code execution on an internal system, but was too lazy to deploy a full C2. Instead, I wanted to go for a classic reverse shell. Of course, the trusty...

08.09.2025 路 dadevel

Machine Account Takeover with LsaStorePrivateData()

Yesterday I stumbled upon an old tweet from @Oddvarmoe. In it, he described that a local admin can use the built-in ksetup.exe to change the password of the machine account....

16.08.2025 路 dadevel

Persistence With GPP Item-level Targeting

The list of Active Directory persistence techniques is already pretty long. This blog post adds another one to that list. The basic idea is this: Add a new Group Policy...

29.06.2024 路 dadevel, mojeda

Detecting Sandboxes Without Syscalls

The PEB, TEB and KUSER_SHARED_DATA structs are mapped into the memory space of every process. They provide a wealth of information to the process and can be accessed without...

19.04.2024 路 dadevel

Pwning Arcserve Backup Infrastructure

During a recent internal pentest I was asked to take a closer look at the customers backup infrastructure. In this blog post I will describe the attack path from domain user to...

25.08.2023 路 dadevel