Monthly Archives: September 2013

Intercepting Password Changes With Function Hooking

Last week, Mubix published a malicious Windows password filter DLL ( The idea is simple, by installing this password filter, he can intercept the clear text credential whenever a user changes their password. There are two caveats with installing this

Tagged with: , ,
Posted in Hacking, PowerShell

Avoiding PowerShell Command Injection & Unicode Issues

PowerShell exposes a powerful set of functionality and is increasing in popularity for server management tasks. This post aims to help penetration testers identify issues that may be found when PowerShell scripts handle user input. There are multiple scenarios where

Tagged with: , , ,
Posted in Hacking, PowerShell