https://amalbyte.github.io/blog/Recent content on amalbyteHugoen<a href="https://creativecommons.org/licenses/by-nc/4.0/" target="_blank" rel="noopener">CC BY-NC 4.0</a>Sun, 01 Feb 2026 00:00:00 +0000https://amalbyte.github.io/blog/posts/fourth/Sun, 01 Feb 2026 00:00:00 +0000https://amalbyte.github.io/blog/posts/fourth/Mimikatz is a post-exploitation credential dumping tool that is used to extract credentials from the Windows Operating System. The tool was originally created to experiment with the security of authentication protocols and has since been used by security professionals and threat actors to bypass security controls. Credential dumping LSASS To perform credential dumping mimikatz leverages the Local Security Authority Subsystem Service (LSASS) which is responsible for the authentication of users and security policies.https://amalbyte.github.io/blog/posts/fifth/Tue, 20 Jan 2026 00:00:00 +0000https://amalbyte.github.io/blog/posts/fifth/The ever changing landscape of cyber security has shown us a change in tactics and techniques when it comes to social engineering. In early 2025, security researchers observed a rise in Clickflix campaigns - a technique that leverages the use of fake verification prompts and error messages to trick users into executing commands. Implementation: User redirected to malicious website -&gt; Fake CAPTCHA pop-up that asks users to follow the instructions to verify themselves -&gt; Malicious command is pasted by user into the Windows Run Dialog box -&gt; Code is executedhttps://amalbyte.github.io/blog/posts/third/Mon, 05 Jan 2026 00:00:00 +0000https://amalbyte.github.io/blog/posts/third/ELF (Executable and Linkable Format): The ELF format defines the structure for executables, shared libraries and core dumps in Unix-like systems. From a detection-engineering perspective, it&rsquo;s important to understand not just how ELF files are supposed to look, but also how malware authors commonly manipulate them to evade static analysis. ELF files consist of: ELF Header Program Header Table (segments) Section Header Table (sections) Data ELF file headers contain information about the file like the location of the program, type, entry point address etc.https://amalbyte.github.io/blog/posts/second/Sun, 21 Dec 2025 00:00:00 +0000https://amalbyte.github.io/blog/posts/second/There are various methods one could employ to hide the execution of commands, whether it be via process injection or simply hiding the console window. Luckily for us, there are also many artifacts we could utilize to put the pieces together. To start things off it would be good to look into application shimming. Application Shimming (T1546.011) Application shimming is a Windows feature designed to maintain compatibility for older software.https://amalbyte.github.io/blog/posts/first/Mon, 08 Dec 2025 00:00:00 +0000https://amalbyte.github.io/blog/posts/first/Let&rsquo;s get into the goldmine that is WMI&hellip; Windows Management Instrumentation (WMI) is the infrastructure for management data and operations on Windows-based operating systems. It is used by developers and system administrators to manage and interact with system internals. This also means that it&rsquo;s abused by attackers in order to move laterally throughout a system, establish fileless persistence and store payloads in memory. Communication Traditionally, WMI queries used DCOM via RPC (Remote Procedure Call) which utilized random high ports (Make yourself at home!https://amalbyte.github.io/blog/ttps/Mon, 01 Jan 0001 00:00:00 +0000https://amalbyte.github.io/blog/ttps/Thoughts, tools and POC&rsquo;s?