writeups

Quasar: Compromising Electron Apps

7 minute read Published: 2022-09-06

This is the story of how I used Microsoft Teams's own design against itself.

We all kinda know that Electron apps are dangerous—at least to our RAM, am I right??

But seriously, these cross-platform apps, because of how they get installed, present a tasty spot for attackers to take up residence and even inject malicious code into trusted applications, with the poor user being none the wiser.

Here's how it works.

Chrome Extensions for Post Exploitation

9 minute read Published: 2022-07-18

POV: You're performing a pentest/red team engagement against a fairly hardened environment. You have, through creativity and perseverance, landed an implant on a workstation. Your session has low privileges, but the user may have local admin or associated higher-priv accounts. You're trying to remain stealthy, and normal lateral movement techniques might get detected. You need creds, but how to get them when everyone's watching you?

Answer: use SSO against itself by listening in on the browser.