top of page
Search
Ronny Thammasathiti & James Kelly
Oct 26, 202312 min read
How to Build Your Own DNS Sinkhole and DNS Logs Monitoring System
Pi-hole logs each DNS event, including domain resolutions and blocks. DNS logs are a gold mine that is often overlooked by network defenders
Esther Matut
Aug 16, 20238 min read
Introduction to Proving Grounds
The Proving-Grounds offers both free and paid tier levels, where users can test their skills in a lab environment similar to other platforms
Erica Zelickowski
Jul 25, 20235 min read
Playing with Bubbles: An Introduction to DLL-Sideloading
DLL Side-Loading is a pervasive technique partially because its behavior is difficult to detect. As a sub-technique of DLL Hijacking, it ta
Erica Zelickowski
Jul 5, 20236 min read
LDAP Queries for Offensive and Defensive Operations
The intention of this post is to provide basic queries for targeted AD DS information gathering used in penetration testing. The reader can
Fred Mastrippolito
Feb 1, 20233 min read
Enhancing Digital Forensics with X-Ways X-Tensions: VirusTotal Plugin
Polito is pleased to release our VirusTotal extension for X-Ways. This open source extension is useful to quickly triage file hashes
Fred Mastrippolito
Jan 31, 20222 min read
Introducing Hash Exporter for X-Ways: Automate Your Hash Lists
Polito Inc. is pleased to announce that we are releasing the Hash Exporter extension for X-Ways. Hash Exporter helps automate hash extract
Nihaal Prasad
Oct 5, 20216 min read
Return to Libc: Linux Exploit Development
This blog post will cover how to conduct a ret2libc attack. The ret2libc technique is a tactic used in Linux exploit development that allows
Nihaal Prasad
Aug 10, 20217 min read
How to go Phishing with Gophish
How to conduct basic phishing campaigns using Gophish, an open-source tool for testing an organization’s vulnerability to phishing.
Daniel Chen
Aug 5, 20203 min read
Enhancing Digital Forensics with X-Ways X-Tensions: Metadefender Plugin
To start, you’ll need your MetaDefender Cloud API key ready. You can sign up for MetaDefender’s free API key at opswat.com. You can downloa
Mattia Campagnano & Wade Ma
Jul 14, 20209 min read
Vulnerability Scanners and the SAINT Experience
Vulnerability scanners assist in the identification and detection of vulnerabilities arising from misconfigurations or insecure coding with
Mattia Campagnano
May 20, 20207 min read
Weaponizing Windows Binaries and Scripts (LOLBAS): What's Old Is New Again
One of the latest trends in penetration testing and malware development is to weaponize the so-called Living Off the Land Binaries and Scrip
Wade Ma
Mar 3, 20209 min read
Automated Obfuscation of Windows Malware and Exploits Using O-LLVM
Today’s malware authors and exploit developers have automated methods of obfuscating their software, When these techniques are combined with
Liana Parakesyan
Feb 21, 20194 min read
Using Intezer Analyze to Reveal Malware Ancestry and Assist IR and Forensic Investigations
Today, much of the malware still operates via the same concept of infecting machines and spreading throughout networks. Due to this, it only
Ben Hughes
Feb 5, 201811 min read
How to Build Your Own DNS Sinkhole and DNS Logs Monitoring System
While Pi-hole includes a nice web-based admin interface, I started to experiment with shipping its dnsmasq logs to the Elastic (AKA ELK) sta
Ian Duffy
Jan 29, 20162 min read
BurpSuite Yara Plugin
*This blog entry was originally published on January 29, 2016 on the original Polito Blog by Ian Duffy . It was re-posted on October 3,...
bottom of page