posts.specterops.io Open in urlscan Pro
52.1.147.205 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c...
Effective URL:
https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c...
Submission: On February 08 via api (February 8th 2024, 3:07:45 pm UTC) from BE — Scanned from DE

Summary HTTP 71 Redirects Links 87 Behaviour Indicators

Summary

This website contacted 7 IPs in 2 countries across 6 domains to perform 71 HTTP transactions. The main IP is 52.1.147.205, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is posts.specterops.io. The Cisco Umbrella rank of the primary domain is 397564.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on November 8th 2023. Valid for: a year.

This is the only time posts.specterops.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 16	52.1.147.205 52.1.147.205	14618 (AMAZON-AES) (AMAZON-AES)
1 50	2606:4700:7::... 2606:4700:7::a29f:9904	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE)
1	108.138.26.87 108.138.26.87	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:205... 2600:9000:2057:c000:19:9934:6a80:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
3	2600:9000:249... 2600:9000:2491:6600:11:f728:3040:93a1	16509 (AMAZON-02) (AMAZON-02)
71	7

16 52.1.147.205 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-1-147-205.compute-1.amazonaws.com

posts.specterops.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

50 2606:4700:7::a29f:9904 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
miro.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-client.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.26.87 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-26-87.fra56.r.cloudfront.net

cdn.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:c000:19:9934:6a80:93a1 (United States)

ASN16509 (AMAZON-02, US)

app.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2491:6600:11:f728:3040:93a1 (United States)

ASN16509 (AMAZON-02, US)

api2.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
50	medium.com 1 redirects medium.com — Cisco Umbrella Rank: 10398 glyph.medium.com — Cisco Umbrella Rank: 20347 miro.medium.com — Cisco Umbrella Rank: 13744 cdn-client.medium.com — Cisco Umbrella Rank: 21675	1 MB
16	specterops.io 1 redirects posts.specterops.io — Cisco Umbrella Rank: 397564	49 KB
4	branch.io cdn.branch.io — Cisco Umbrella Rank: 1100 api2.branch.io — Cisco Umbrella Rank: 968	24 KB
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2173	256 B
1	app.link app.link — Cisco Umbrella Rank: 2534	638 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 37	84 KB
71	6

	Domain	Requested by
37	cdn-client.medium.com	posts.specterops.io cdn-client.medium.com
16	posts.specterops.io	1 redirects cdn-client.medium.com
8	glyph.medium.com	glyph.medium.com
4	miro.medium.com	posts.specterops.io
3	api2.branch.io	cdn-client.medium.com
1	region1.google-analytics.com	www.googletagmanager.com
1	app.link	cdn.branch.io
1	cdn.branch.io	posts.specterops.io
1	www.googletagmanager.com	cdn-client.medium.com
1	medium.com	1 redirects
71	10

This site contains links to these domains. Also see Links.

Domain
rsci.app.link
medium.com
mattifestation.medium.com
bugs.chromium.org
twitter.com
subt0x11.blogspot.com
www.w3.org
github.com
enigma0x3.net
blogs.msdn.microsoft.com
cloudblogs.microsoft.com
harmj0y.medium.com
posts.redteamtacticsacademy.com
redteamtacticsacademy.com
arz101.medium.com
ain-kun.medium.com
help.medium.com
medium.statuspage.io
blog.medium.com
policy.medium.com
speechify.com

Subject Issuer	Validity	Valid
posts.specterops.io Sectigo RSA Domain Validation Secure Server CA	`2023-11-08` - `2024-11-07`	a year	crt.sh
medium.com Cloudflare Inc ECC CA-3	`2023-12-18` - `2024-03-17`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
*.branch.io Amazon RSA 2048 M01	`2023-09-11` - `2024-10-09`	a year	crt.sh
appipv4.link Amazon RSA 2048 M02	`2023-04-25` - `2024-05-23`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
Frame ID: D52FB47826115C804616825F346F69B1
Requests: 71 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Application Whitelisting Bypass and Arbitrary Unsigned Code Execution Technique in winrm.vbs | by Matt Graeber | Posts By SpecterOps Team Members

Page URL History Show full URLs

https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-techni... HTTP 307
https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Fapplicat... HTTP 307
https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-techni... Page URL

Detected technologies

Medium (Blogs) Expand

Overall confidence: 100%
Detected patterns

medium\.com

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

71
Requests

100 %
HTTPS

71 %
IPv6

6
Domains

10
Subdomains

7
IPs

2
Countries

1213 kB
Transfer

3247 kB
Size

8
Cookies

87 Outgoing links

These are links going to different origins than the main page.

URL: https://rsci.app.link/?%24canonical_url=https%3A%2F%2Fmedium.com%2Fp%2Fc8c24fb40404&%7Efeature=LoOpenInAppButton&%7Echannel=ShowPostUnderCollection&source=---two_column_layout_nav----------------------------------
Title: Open in app

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fapplication-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404&source=post_page---two_column_layout_nav-----------------------global_nav-----------
Title: Sign up

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fposts.specterops.io%2Fapplication-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404&source=post_page---two_column_layout_nav-----------------------global_nav-----------
Title: Sign in

Search URL Search Domain Scan URL

URL: https://medium.com/?source=---two_column_layout_nav----------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fnew-story&source=---two_column_layout_nav-----------------------new_post_topnav-----------
Title: Write

Search URL Search Domain Scan URL

URL: https://medium.com/search?source=---two_column_layout_nav----------------------------------

Search URL Search Domain Scan URL

URL: https://mattifestation.medium.com/?source=post_page-----c8c24fb40404--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2Fe8e64b89121&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fapplication-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404&user=Matt+Graeber&userId=e8e64b89121&source=post_page-e8e64b89121----c8c24fb40404---------------------post_header-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fspecter-ops-posts%2Fc8c24fb40404&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fapplication-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404&user=Matt+Graeber&userId=e8e64b89121&source=-----c8c24fb40404---------------------clap_footer-----------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Fc8c24fb40404&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fapplication-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404&source=-----c8c24fb40404---------------------bookmark_footer-----------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2Fplans%3Fdimension%3Dpost_audio_button%26postId%3Dc8c24fb40404&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fapplication-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404&source=-----c8c24fb40404---------------------post_audio_button-----------
Title: Listen

Search URL Search Domain Scan URL

URL: https://bugs.chromium.org/p/project-zero/issues/detail?id=1514
Title: enlightened script host

Search URL Search Domain Scan URL

URL: https://twitter.com/subTee
Title: Casey Smith

Search URL Search Domain Scan URL

URL: https://subt0x11.blogspot.com/2018/04/wmicexe-whitelisting-bypass-hacking.html
Title: wmic.exe technique

Search URL Search Domain Scan URL

URL: http://www.w3.org/1999/XSL/Transform
Title: http://www.w3.org/1999/XSL/Transform

Search URL Search Domain Scan URL

URL: https://github.com/tyranid/DotNetToJScript
Title: DotNetToJScript

Search URL Search Domain Scan URL

URL: https://twitter.com/enigma0x3
Title: Matt Nelson

Search URL Search Domain Scan URL

URL: https://enigma0x3.net/2017/08/03/wsh-injection-a-case-study/
Title: purprn.vbs injection technique

Search URL Search Domain Scan URL

URL: https://blogs.msdn.microsoft.com/powershell/2015/06/09/powershell-the-blue-team/
Title: scriptblock logging

Search URL Search Domain Scan URL

URL: https://cloudblogs.microsoft.com/microsoftsecure/2015/06/09/windows-10-to-offer-application-developers-new-malware-defenses/
Title: Antimalware Scan Interface

Search URL Search Domain Scan URL

URL: https://github.com/Microsoft/krabsetw
Title: KrabsETW

Search URL Search Domain Scan URL

URL: https://twitter.com/mattifestation/status/774321379411955712
Title: perfview.exe

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fapplication-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404&source=---post_footer_upsell--c8c24fb40404---------------------lo_non_moc_upsell-----------
Title: Sign up for free

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fplans&source=---post_footer_upsell--c8c24fb40404---------------------lo_non_moc_upsell-----------
Title: Try for $5/month

Search URL Search Domain Scan URL

URL: https://medium.com/tag/security?source=post_page-----c8c24fb40404---------------security-----------------
Title: Security

Search URL Search Domain Scan URL

URL: https://medium.com/tag/application-whitelisting?source=post_page-----c8c24fb40404---------------application_whitelisting-----------------
Title: Application Whitelisting

Search URL Search Domain Scan URL

URL: https://medium.com/tag/detection?source=post_page-----c8c24fb40404---------------detection-----------------
Title: Detection

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fapi%2Fsubscriptions%2Fnewsletters%2F7db304d15601&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fapplication-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404&newsletterV3=e8e64b89121&newsletterV3Id=7db304d15601&user=Matt+Graeber&userId=e8e64b89121&source=-----c8c24fb40404---------------------subscribe_user-----------

Search URL Search Domain Scan URL

URL: https://mattifestation.medium.com/followers?source=post_page-----c8c24fb40404--------------------------------
Title: 612 Followers

Search URL Search Domain Scan URL

URL: https://mattifestation.medium.com/?source=author_recirc-----c8c24fb40404----0---------------------ecc27382_e875_4e01_93c9_4d8677a8f194-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fspecter-ops-posts%2Fbe7ad7f99a47&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fworking-with-sysmon-configurations-like-a-pro-through-better-tooling-be7ad7f99a47&user=Matt+Graeber&userId=e8e64b89121&source=-----be7ad7f99a47----0-----------------clap_footer----ecc27382_e875_4e01_93c9_4d8677a8f194-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Fbe7ad7f99a47&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fworking-with-sysmon-configurations-like-a-pro-through-better-tooling-be7ad7f99a47&source=-----c8c24fb40404----0-----------------bookmark_preview----ecc27382_e875_4e01_93c9_4d8677a8f194-------

Search URL Search Domain Scan URL

URL: https://medium.com/@_wald0?source=author_recirc-----c8c24fb40404----1---------------------ecc27382_e875_4e01_93c9_4d8677a8f194-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fspecter-ops-posts%2Fda2b7e674ebc&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fmicrosoft-breach-what-happened-what-should-azure-admins-do-da2b7e674ebc&user=Andy+Robbins&userId=b9c2df322eaf&source=-----da2b7e674ebc----1-----------------clap_footer----ecc27382_e875_4e01_93c9_4d8677a8f194-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Fda2b7e674ebc&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fmicrosoft-breach-what-happened-what-should-azure-admins-do-da2b7e674ebc&source=-----c8c24fb40404----1-----------------bookmark_preview----ecc27382_e875_4e01_93c9_4d8677a8f194-------

Search URL Search Domain Scan URL

URL: https://harmj0y.medium.com/?source=author_recirc-----c8c24fb40404----2---------------------ecc27382_e875_4e01_93c9_4d8677a8f194-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fspecter-ops-posts%2Fd95910965cd2&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcertified-pre-owned-d95910965cd2&user=Will+Schroeder&userId=74ad66811b78&source=-----d95910965cd2----2-----------------clap_footer----ecc27382_e875_4e01_93c9_4d8677a8f194-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Fd95910965cd2&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcertified-pre-owned-d95910965cd2&source=-----c8c24fb40404----2-----------------bookmark_preview----ecc27382_e875_4e01_93c9_4d8677a8f194-------

Search URL Search Domain Scan URL

URL: https://mattifestation.medium.com/?source=author_recirc-----c8c24fb40404----3---------------------ecc27382_e875_4e01_93c9_4d8677a8f194-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fspecter-ops-posts%2F6f98657fc6ec&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&user=Matt+Graeber&userId=e8e64b89121&source=-----6f98657fc6ec----3-----------------clap_footer----ecc27382_e875_4e01_93c9_4d8677a8f194-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F6f98657fc6ec&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&source=-----c8c24fb40404----3-----------------bookmark_preview----ecc27382_e875_4e01_93c9_4d8677a8f194-------

Search URL Search Domain Scan URL

URL: https://medium.com/@sam.rothlisberger/amsi-bypass-memory-patch-technique-in-2024-f5560022752b?source=read_next_recirc-----c8c24fb40404----0---------------------33ef2512_b60e_468e_bbc4_ab3d1cf96fc6-------

Search URL Search Domain Scan URL

URL: https://medium.com/@sam.rothlisberger?source=read_next_recirc-----c8c24fb40404----0---------------------33ef2512_b60e_468e_bbc4_ab3d1cf96fc6-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2Ff5560022752b&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40sam.rothlisberger%2Famsi-bypass-memory-patch-technique-in-2024-f5560022752b&user=Sam+Rothlisberger&userId=f215b9cd90cb&source=-----f5560022752b----0-----------------clap_footer----33ef2512_b60e_468e_bbc4_ab3d1cf96fc6-------

Search URL Search Domain Scan URL

URL: https://medium.com/@sam.rothlisberger/amsi-bypass-memory-patch-technique-in-2024-f5560022752b?responsesOpen=true&sortBy=REVERSE_CHRON&source=read_next_recirc-----c8c24fb40404----0---------------------33ef2512_b60e_468e_bbc4_ab3d1cf96fc6-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Ff5560022752b&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40sam.rothlisberger%2Famsi-bypass-memory-patch-technique-in-2024-f5560022752b&source=-----c8c24fb40404----0-----------------bookmark_preview----33ef2512_b60e_468e_bbc4_ab3d1cf96fc6-------

Search URL Search Domain Scan URL

URL: https://posts.redteamtacticsacademy.com/azure-functions-a-game-changer-for-red-team-operations-67b704da63eb?source=read_next_recirc-----c8c24fb40404----1---------------------33ef2512_b60e_468e_bbc4_ab3d1cf96fc6-------

Search URL Search Domain Scan URL

URL: https://redteamtacticsacademy.com/?source=read_next_recirc-----c8c24fb40404----1---------------------33ef2512_b60e_468e_bbc4_ab3d1cf96fc6-------

Search URL Search Domain Scan URL

URL: https://posts.redteamtacticsacademy.com/?source=read_next_recirc-----c8c24fb40404----1---------------------33ef2512_b60e_468e_bbc4_ab3d1cf96fc6-------
Title: REDTACTICTEAMACADEMY

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fredtacticteamacademy%2F67b704da63eb&operation=register&redirect=https%3A%2F%2Fposts.redteamtacticsacademy.com%2Fazure-functions-a-game-changer-for-red-team-operations-67b704da63eb&user=RotPhoenix&userId=fe4b35f77e1c&source=-----67b704da63eb----1-----------------clap_footer----33ef2512_b60e_468e_bbc4_ab3d1cf96fc6-------

Search URL Search Domain Scan URL

URL: https://posts.redteamtacticsacademy.com/azure-functions-a-game-changer-for-red-team-operations-67b704da63eb?responsesOpen=true&sortBy=REVERSE_CHRON&source=read_next_recirc-----c8c24fb40404----1---------------------33ef2512_b60e_468e_bbc4_ab3d1cf96fc6-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F67b704da63eb&operation=register&redirect=https%3A%2F%2Fposts.redteamtacticsacademy.com%2Fazure-functions-a-game-changer-for-red-team-operations-67b704da63eb&source=-----c8c24fb40404----1-----------------bookmark_preview----33ef2512_b60e_468e_bbc4_ab3d1cf96fc6-------

Search URL Search Domain Scan URL

URL: https://medium.com/@MediumStaff/list/staff-picks-c7bc6e1ee00f?source=read_next_recirc-----c8c24fb40404--------------------------------
Title: Staff Picks574 stories·727 saves

Search URL Search Domain Scan URL

URL: https://medium.com/@MediumStaff/list/stories-to-help-you-levelup-at-work-faca18b0622f?source=read_next_recirc-----c8c24fb40404--------------------------------
Title: Stories to Help You Level-Up at Work19 stories·463 saves

Search URL Search Domain Scan URL

URL: https://medium.com/@MediumForTeams/list/selfimprovement-101-3c62b6cb0526?source=read_next_recirc-----c8c24fb40404--------------------------------
Title: Self-Improvement 10120 stories·1311 saves

Search URL Search Domain Scan URL

URL: https://medium.com/@MediumForTeams/list/productivity-101-f09f1aaf38cd?source=read_next_recirc-----c8c24fb40404--------------------------------
Title: Productivity 10120 stories·1202 saves

Search URL Search Domain Scan URL

URL: https://arz101.medium.com/vulnlab-delegate-dde0a396f504?source=read_next_recirc-----c8c24fb40404----0---------------------33ef2512_b60e_468e_bbc4_ab3d1cf96fc6-------

Search URL Search Domain Scan URL

URL: https://arz101.medium.com/?source=read_next_recirc-----c8c24fb40404----0---------------------33ef2512_b60e_468e_bbc4_ab3d1cf96fc6-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2Fdde0a396f504&operation=register&redirect=https%3A%2F%2Farz101.medium.com%2Fvulnlab-delegate-dde0a396f504&user=ARZ101&userId=7fb09031e8a8&source=-----dde0a396f504----0-----------------clap_footer----33ef2512_b60e_468e_bbc4_ab3d1cf96fc6-------

Search URL Search Domain Scan URL

URL: https://arz101.medium.com/vulnlab-delegate-dde0a396f504?responsesOpen=true&sortBy=REVERSE_CHRON&source=read_next_recirc-----c8c24fb40404----0---------------------33ef2512_b60e_468e_bbc4_ab3d1cf96fc6-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Fdde0a396f504&operation=register&redirect=https%3A%2F%2Farz101.medium.com%2Fvulnlab-delegate-dde0a396f504&source=-----c8c24fb40404----0-----------------bookmark_preview----33ef2512_b60e_468e_bbc4_ab3d1cf96fc6-------

Search URL Search Domain Scan URL

URL: https://medium.com/@garrfoster?source=read_next_recirc-----c8c24fb40404----1---------------------33ef2512_b60e_468e_bbc4_ab3d1cf96fc6-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fspecter-ops-posts%2Fd932e22b2bf&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fsite-takeover-via-sccms-adminservice-api-d932e22b2bf&user=Garrett+Foster&userId=d7ce927baa5&source=-----d932e22b2bf----1-----------------clap_footer----33ef2512_b60e_468e_bbc4_ab3d1cf96fc6-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Fd932e22b2bf&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fsite-takeover-via-sccms-adminservice-api-d932e22b2bf&source=-----c8c24fb40404----1-----------------bookmark_preview----33ef2512_b60e_468e_bbc4_ab3d1cf96fc6-------

Search URL Search Domain Scan URL

URL: https://ain-kun.medium.com/dll-injection-60cc0d86a7bf?source=read_next_recirc-----c8c24fb40404----2---------------------33ef2512_b60e_468e_bbc4_ab3d1cf96fc6-------

Search URL Search Domain Scan URL

URL: https://ain-kun.medium.com/?source=read_next_recirc-----c8c24fb40404----2---------------------33ef2512_b60e_468e_bbc4_ab3d1cf96fc6-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2F60cc0d86a7bf&operation=register&redirect=https%3A%2F%2Fain-kun.medium.com%2Fdll-injection-60cc0d86a7bf&user=Hussain&userId=292ac73492&source=-----60cc0d86a7bf----2-----------------clap_footer----33ef2512_b60e_468e_bbc4_ab3d1cf96fc6-------

Search URL Search Domain Scan URL

URL: https://ain-kun.medium.com/dll-injection-60cc0d86a7bf?responsesOpen=true&sortBy=REVERSE_CHRON&source=read_next_recirc-----c8c24fb40404----2---------------------33ef2512_b60e_468e_bbc4_ab3d1cf96fc6-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F60cc0d86a7bf&operation=register&redirect=https%3A%2F%2Fain-kun.medium.com%2Fdll-injection-60cc0d86a7bf&source=-----c8c24fb40404----2-----------------bookmark_preview----33ef2512_b60e_468e_bbc4_ab3d1cf96fc6-------

Search URL Search Domain Scan URL

URL: https://medium.com/@yua.mikanana19/sliver-c2-modern-command-and-control-exploitation-framework-a332484caf0d?source=read_next_recirc-----c8c24fb40404----3---------------------33ef2512_b60e_468e_bbc4_ab3d1cf96fc6-------

Search URL Search Domain Scan URL

URL: https://medium.com/@yua.mikanana19?source=read_next_recirc-----c8c24fb40404----3---------------------33ef2512_b60e_468e_bbc4_ab3d1cf96fc6-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2Fa332484caf0d&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40yua.mikanana19%2Fsliver-c2-modern-command-and-control-exploitation-framework-a332484caf0d&user=Yua+Mikanana&userId=60c4d5429459&source=-----a332484caf0d----3-----------------clap_footer----33ef2512_b60e_468e_bbc4_ab3d1cf96fc6-------

Search URL Search Domain Scan URL

URL: https://medium.com/@yua.mikanana19/sliver-c2-modern-command-and-control-exploitation-framework-a332484caf0d?responsesOpen=true&sortBy=REVERSE_CHRON&source=read_next_recirc-----c8c24fb40404----3---------------------33ef2512_b60e_468e_bbc4_ab3d1cf96fc6-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Fa332484caf0d&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40yua.mikanana19%2Fsliver-c2-modern-command-and-control-exploitation-framework-a332484caf0d&source=-----c8c24fb40404----3-----------------bookmark_preview----33ef2512_b60e_468e_bbc4_ab3d1cf96fc6-------

Search URL Search Domain Scan URL

URL: https://medium.com/?source=post_page-----c8c24fb40404--------------------------------
Title: See more recommendations

Search URL Search Domain Scan URL

URL: https://help.medium.com/hc/en-us?source=post_page-----c8c24fb40404--------------------------------
Title: Help

Search URL Search Domain Scan URL

URL: https://medium.statuspage.io/?source=post_page-----c8c24fb40404--------------------------------
Title: Status

Search URL Search Domain Scan URL

URL: https://medium.com/about?autoplay=1&source=post_page-----c8c24fb40404--------------------------------
Title: About

Search URL Search Domain Scan URL

URL: https://medium.com/jobs-at-medium/work-at-medium-959d1a85284e?source=post_page-----c8c24fb40404--------------------------------
Title: Careers

Search URL Search Domain Scan URL

URL: https://blog.medium.com/?source=post_page-----c8c24fb40404--------------------------------
Title: Blog

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-privacy-policy-f03bf92035c9?source=post_page-----c8c24fb40404--------------------------------
Title: Privacy

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-terms-of-service-9db0094a1e0f?source=post_page-----c8c24fb40404--------------------------------
Title: Terms

Search URL Search Domain Scan URL

URL: https://speechify.com/medium?source=post_page-----c8c24fb40404--------------------------------
Title: Text to speech

Search URL Search Domain Scan URL

URL: https://medium.com/business?source=post_page-----c8c24fb40404--------------------------------
Title: Teams

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-privacy-policy-f03bf92035c9
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404 HTTP 307
https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Fapplication-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404 HTTP 307
https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

71 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404 Show response
posts.specterops.io/
Redirect Chain

https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Fapplication-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

162 KB
39 KB

631ms
630ms

Document
text/html

52.1.147.205
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.1.147.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-147-205.compute-1.amazonaws.com

Software

nginx /

Resource Hash

977b4571fbd35581d404c3544bf8f97c826cd9eb72920a6b9f07540b695943a8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://medium.com

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: frame-ancestors 'self' https://medium.com
content-type: text/html; charset=utf-8
date: Thu, 08 Feb 2024 15:07:38 GMT
etag: W/"288ff-5qMkPE2PKsDFsEW+GtuKRgJIM0s"
link: <https://glyph.medium.com/css/unbound.css>; as="style"; rel="preload"
medium-fulfilled-by: valencia/main-20240207-083441-c01c1b6733, lite/main-20240207-183631-db1b58f143, rito/main-20240207-142856-336854f984, tutu/main-20240208-100939-b470dc8a48
medium-missing-time: 281
sepia-upstream: medium
server: nginx
vary: Accept-Encoding
x-envoy-upstream-service-time: 531
x-request-received-at: 1707404857990

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8524c888ce0871b5-FRA
content-length: 0
content-type: text/plain;charset=UTF-8
date: Thu, 08 Feb 2024 15:07:37 GMT
location: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
medium-fulfilled-by: edgy/8.7.0, valencia/main-20240207-083441-c01c1b6733
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
worker-missing-cookies: 1
x-content-type-options: nosniff
x-envoy-upstream-service-time: 15

GET
H2 200 unbound.css
glyph.medium.com/css/ 18 KB
1 KB 34ms
34ms Stylesheet
text/css 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca2b6c294049540bb3cf90a4425ee46c65a114fba4d1a91b0c76b644b95e4d2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 2434
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=7200
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8524c88dff4671b5-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Thu, 08 Feb 2024 17:07:38 GMT

GET
H3 200 sohne-700-normal.woff
glyph.medium.com/font/cf896f3/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
19 KB 82ms
70ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/cf896f3/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-700-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78661d3e6871b6e5c37f3113d811cb3dfc69546449e3b2c28095b6e7f28d9a7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 8000403
x-envoy-upstream-service-time: 38
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8524c88e98a39165-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H3 200 sohne-400-normal.woff
glyph.medium.com/font/b492c44/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
19 KB 75ms
64ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b492c44/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0f424bafe993b016ea96973894f95dfc4290608478a2d7d3fdd080d9b0a60d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 8591959
x-envoy-upstream-service-time: 36
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8524c88e989e9165-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H3 200 source-serif-pro-400-normal.woff
glyph.medium.com/font/8e059b2/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 12 KB
12 KB 58ms
47ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/8e059b2/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-serif-pro-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d5d7947aa3e6131478a97f06e72913cb7b9e19161e03502ad1de3eb67f447213

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 6003122
x-envoy-upstream-service-time: 71
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8524c88e98a69165-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H3 200 source-code-pro-400-normal.woff
glyph.medium.com/font/3bd49b7/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 7 KB
7 KB 59ms
48ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/3bd49b7/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-code-pro-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d6c90ff7bddb2b437a4130fbfaad1dd6fdc87a532ed4a97b5a4484c659e632ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 6003013
x-envoy-upstream-service-time: 31
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8524c88e98a89165-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H3 200 source-serif-pro-400-italic.woff
glyph.medium.com/font/76c214a/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 12 KB
13 KB 51ms
39ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/76c214a/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-serif-pro-400-italic.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ca820b9aa7681184130d09157ea679d1d31390bee2af294c088f6dcaa24923b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 6182755
x-envoy-upstream-service-time: 101
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8524c88e98af9165-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H3 200 sohne-500-normal.woff
glyph.medium.com/font/df9ba7f/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 18 KB
19 KB 68ms
61ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/df9ba7f/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-500-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65f0c65b5db3aa0568c7986479a4a3e909a05a84fb34ced48d70a2d628dd1444

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 6166782
x-envoy-upstream-service-time: 45
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8524c88e98ac9165-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H2 200 1*dmbNkD5D-u45r44go_cf0g.png
miro.medium.com/v2/resize:fill:64:64/ 1 KB
1 KB 56ms
38ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fill:64:64/1*dmbNkD5D-u45r44go_cf0g.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f90d19259478cca4381bea7e760845de9bcf2155ee96cd8b06049add894022d3

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 121938
x-envoy-upstream-service-time: 30
content-disposition: inline; filename="1*dmbNkD5D-u45r44go_cf0g.png"
alt-svc: h3=":443"; ma=86400
content-length: 1310
x-request-id: 98f220a4-37b9-49de-bd4d-096d3dabbb3b
sepia-upstream: medium
server: cloudflare
etag: "qUlGJkYhB4LINmyi_TVOvM25Dy409gGbmK5EqrHhPd0/RImNiNjU3ZGRlN2RhNjI0NjU3YTVmNmQ0ZDdhNzEyMDM3Ig"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20231012-152649-b8092c91fb
accept-ranges: bytes
cf-ray: 8524c88ee8ee71b5-FRA
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H2 200 1*rzDEywT-rGMVud0vq03qfw.jpeg
miro.medium.com/v2/resize:fill:88:88/ 4 KB
5 KB 159ms
141ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fill:88:88/1*rzDEywT-rGMVud0vq03qfw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

23851a0752a4d159babf6bd3bbe60a4166adb193c2207bddc8e6beaa461c5998

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: script-src 'none'
cf-cache-status: HIT
x-envoy-upstream-service-time: 56
content-disposition: inline; filename="1*rzDEywT-rGMVud0vq03qfw.jpg"
alt-svc: h3=":443"; ma=86400
content-length: 4586
x-request-id: 2ee11e7e-da5f-4187-b8c0-b21b70144e7d
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "9ivaNyhTKaKecaYmZr68Fn9V98S0df7YQu7TMR33mwc/RImFmMzBjNGNiMDRmZWFjNjMxNWI5ZGQyZmFiNGRlYTdmIg"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20231207-145203-3b70adbedf
accept-ranges: bytes
cf-ray: 8524c88ee8ef71b5-FRA
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H2 200 1*D-FDlfkqivRBQZoESrwtqw.png
miro.medium.com/v2/resize:fill:48:48/ 2 KB
3 KB 46ms
28ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fill:48:48/1*D-FDlfkqivRBQZoESrwtqw.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

94e0099d1af6191fe1aadfef55debc9732f3e759f50788fd9316df0cb9d4cce7

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 223949
x-envoy-upstream-service-time: 142
content-disposition: inline; filename="1*D-FDlfkqivRBQZoESrwtqw.png"
alt-svc: h3=":443"; ma=86400
content-length: 2270
x-request-id: 2fd08f49-d707-4b9a-896c-73dd240e6798
sepia-upstream: medium
server: cloudflare
etag: "c1CjgVkcafhdh7F-WEYEpOglzgQoBxTrHiRusf4J2s4/RIjBmZTE0Mzk1ZjkyYThhZjQ0MTQxOWEwNDRhYmMyZGFiIg"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20231012-152649-b8092c91fb
accept-ranges: bytes
cf-ray: 8524c88ee8eb71b5-FRA
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H2 200 manifest.b18f92a3.js Show response
cdn-client.medium.com/lite/static/js/ 13 KB
6 KB 51ms
32ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/manifest.b18f92a3.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

891ef5f10b2921a284b3219b477bbce48cdef8c4af85e82990e4f9a53bfeb2e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
x-amz-version-id: wcHCEG_Nk4zOsBcI_18UQlnGESs1eiXF
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: S2MT46CZ70SE4SK3
age: 73156
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: evSL+y2FX9fCvN+T6+1HGvW6CanxeR8mrGJu4uMKBLLYRriSBpPp6wBNesIKHGURZgsClcoHkFDDM4cO121UDtvdFGVROrVLcGcrmnl8yu0=
last-modified: Wed, 07 Feb 2024 18:42:34 GMT
server: cloudflare
etag: W/"52e9e342461ba3f8ccc4dadccd9a6043"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8524c88f497271b5-FRA
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H2 200 3057.5e22bbb0.js Show response
cdn-client.medium.com/lite/static/js/ 659 KB
207 KB 49ms
31ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3057.5e22bbb0.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9d4cacc612c452bdcc10a085e37f00f77d8863cb1e8fe669ca02c1156f2cb712

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
x-amz-version-id: 8U1kFgMJlUNmH8qkZNp1xniyDYQNS3lm
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: S9TRK1AHXC8W7BG5
age: 394354
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: hkWPbHHvK1/y1PgOnLBoXr4//WBOChBIQMYHo6ZKSSXDsAgljJm06sWniTaVissh9BXx5UvePfpqj01kEJSFdQ==
last-modified: Thu, 19 Oct 2023 20:38:07 GMT
server: cloudflare
etag: W/"5cf73b47b8f9468e48683b2d39073bf2"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8524c88f497e71b5-FRA
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H2 200 main.d58ce879.js Show response
cdn-client.medium.com/lite/static/js/ 754 KB
180 KB 59ms
42ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/main.d58ce879.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b6cf3de7da6a4ecc32fea9e64970c910d44109bc77fdd7dc4b654034350f2632

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
x-amz-version-id: n3j0Qb.b3oWqpWb4wWRP6Ah0Wenuyxhl
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: S2MMWRB8DBS0Z89F
age: 73156
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: VzOfLfbyX1OnTbfpLA+LzMYMI/byDwsyqNoW9d230wLvKg8ES2mLuc4L3OSXAh21Lr3x/RH9HaA2zIqyzykjZHyci9X57q45mvWpL14n5H0=
last-modified: Wed, 07 Feb 2024 18:42:28 GMT
server: cloudflare
etag: W/"5bcc569f89eee5ea315a27b8368f5080"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8524c88f497671b5-FRA
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H2 200 instrumentation.7c58a71f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 3 KB
2 KB 45ms
28ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/instrumentation.7c58a71f.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1d40ba6bcffd2d51735ad266bbcea130205c2560e34f60d204feed40bce804cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
x-amz-version-id: UX__5BGcNKiUoyDiu_x5KKgrlZdf_eFZ
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: RZS96G6D305HFWCJ
age: 88722
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: ZMit9sZ1d6taGwFOE7ZT7tuMc/Te4leGtiX2A03cEV21WixO7paCt3GOiliFS4z/KjRaWHrvRUA=
last-modified: Tue, 06 Feb 2024 14:42:19 GMT
server: cloudflare
etag: W/"88ef7fedb2a5e4fc8f183b27a7395553"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8524c88f497871b5-FRA
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H2 200 reporting.2021fe63.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 1 KB
972 B 51ms
34ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/reporting.2021fe63.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e114382d20a02d0ca050b5fb41beeeb8d1c63762fa2f2e2b75557a48117d365

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
x-amz-version-id: EAFtMMjOBNpoIMOAp_mjLfH0fLlmjqvd
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: Y7RX5VAF4TF7222R
age: 115025
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: JHgAZ7AHuFEoIDjuQ2DCUaiJhC8YIyDuEYQCLPaaJPNcjN8BwJh313a9RG+Xlj+hBft7icQRYuQ=
last-modified: Fri, 23 Jun 2023 16:13:42 GMT
server: cloudflare
etag: W/"4f45b39c86a2eb9ca7068099b34d3af6"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8524c88f497971b5-FRA
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H2 200 6068.e9093f2e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 5 KB
1 KB 50ms
33ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6068.e9093f2e.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a1aa5b3fe12402794e0a8981461a9a908a62d6fdea536e669147fc38bfc7be5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
x-amz-version-id: LaFo2b5tnj4iD0imA.cXIy7d6iZ0jIMl
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: ERGEX3S52MHNCRBE
age: 300180
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 2YWvi8AyW7uWIT6Ae6Z5TjxEdTB1+pF+ziq9PZLMIn5+0YxWUL+kgrjI5g4609SJNTAP/vLaJpy7oMx9qzs4NQ==
last-modified: Thu, 19 Oct 2023 20:38:11 GMT
server: cloudflare
etag: W/"e18bffffe340e41dc3b596cf1d9b13ee"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8524c88f497b71b5-FRA
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H3 200 4398.db4d4378.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 7 KB
3 KB 61ms
57ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4398.db4d4378.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25b283a69fdffec5aed19ca2a40b67f490744d4e28d1b41b14f78c7c3ca85304

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
x-amz-version-id: nD1Ekxpw41hmPZGu8aCR69Fn6l56BS19
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 710GYJMZMX9T7NGZ
age: 1110866
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: sjqpdMVqjBfESWRs5xhG/mIWiF7BOMIkvwN/mtgjm/eW0hArhYoO6C+eqOMXw5Mx3WX33F6rPgg=
last-modified: Wed, 10 Jan 2024 23:43:40 GMT
server: cloudflare
etag: W/"2a9a8cc3a5c7456e93ac9fd0734d8562"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8524c88f7f10928d-FRA
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H3 200 7883.0e445e04.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 22 KB
10 KB 95ms
89ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7883.0e445e04.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5e45ce783ff6f2159c09545f4a3a53cfd8aa6588e53ab2e3dc894b69048128e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
x-amz-version-id: Xo3CN7D2L9evtWunaTa_wVLneZe0Q4Yq
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: SACK8Q284PX7P1V2
age: 238544
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 67ywPv5YyD9zsVly8e1VcBiH8iiSGioLpKMQkm7v57DqwwvU4COOClkIdD6jwCL6XjaXwkONehGOMgztCvymqQ==
last-modified: Mon, 05 Feb 2024 14:32:27 GMT
server: cloudflare
etag: W/"ff460fdd31cf043a5b0c5480db3156c6"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8524c88f7f14928d-FRA
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H3 200 6733.1d85727b.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 13 KB
5 KB 74ms
68ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6733.1d85727b.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8d3e598ba737be043c5d785d54f858660c4dd4d22805b22a550876b017830f6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
x-amz-version-id: 2fJFQUTf2u12vcW9GWlwyqCzuRzGu243
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: Z11FF91V4M2BCFBZ
age: 35493
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 9ziG9CVVIZyQdzZY1xMarTk3Ku1fSXjirMiZpLCOMrTv+fVjKCdj96icu4JPL2y+6Zf63XHreak=
last-modified: Thu, 19 Oct 2023 20:38:12 GMT
server: cloudflare
etag: W/"637f2748bb252f63c1746748e78f94ae"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8524c88f7f1f928d-FRA
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H3 200 4711.043615ac.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 8 KB
3 KB 94ms
88ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4711.043615ac.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36958875136eaa028381ba1b7c0169a46c0a3a80b12a2be773ec5e30479e3e87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
x-amz-version-id: qnKQzk0b9urC.8imJsDQEceRC7r1d.6v
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: Z61N02GG08QYGQQG
age: 888131
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: TDzbgSsTQzWgXfPlSZ0VwVui8lCvcFiGQ8xRjvdtZuQYxaivYa5JC3NI/c1sA7BJ0zWkwTff7AIFSGOaGC6AGwbcYORYmGAbj7M++aatLqo=
last-modified: Thu, 19 Oct 2023 20:38:09 GMT
server: cloudflare
etag: W/"fa8866965099e179b25da758eb62a2da"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8524c88f7f28928d-FRA
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H3 200 8695.d81be414.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 13 KB
5 KB 67ms
61ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8695.d81be414.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e9c4e489d812f5522580e4428a83cc32ff15a43a00449667ff632d3c620ead58

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
x-amz-version-id: pazfDlSBmV6CAHv5GjzQciSiMxjHZ6jw
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 23A17R8F2MNY1Z4K
age: 261153
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: R8PNmF83wCmCYD7cNIgU9au/jXq2AsD1/v7AeFN0M8FwE0U6puq7584VaOHYC/jkBXbXYEZFk8k=
last-modified: Fri, 02 Feb 2024 15:33:22 GMT
server: cloudflare
etag: W/"d63c5bef48ec5bca847dd4946bef6394"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8524c88f7f2e928d-FRA
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H3 200 4341.09a484a0.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 40 KB
10 KB 63ms
57ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4341.09a484a0.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c07430ac1075c62498346fe13ef2ebc6c1981eec9947dd244e5a16bff4133cee

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
x-amz-version-id: 47iSWdqrvcoFM5KAcxTk0R9O5afyldIA
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: FDK2BJRJC88PV1F2
age: 578804
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: ghpOcGZLYY7PHVvwVUqdBi4TbTqoa2l4jf1gWtJ3ioRqqSwW9JQjcsIKZ7k26DqYa4Iu5kjoxSM=
last-modified: Thu, 19 Oct 2023 20:38:09 GMT
server: cloudflare
etag: W/"d5f9495d725166e8fda884d64d8d21dd"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8524c88f7f32928d-FRA
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H3 200 2522.c9ccdc98.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 17 KB
5 KB 71ms
64ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2522.c9ccdc98.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

046c5911ce94f822a071f7d2f21cb43c926da851bb3b5ddb95fcd705e1dffe27

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
x-amz-version-id: 8vPytHMHyrw8Wa8juDg.m25N5K3agwVp
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: Q53EK4EDT14QC4ZZ
age: 780817
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: PRS6S0m2MGAU8zrmtimdjMRK1jGQBbn4zrowU48pdyvOSI6AplWcG9fRqJHBboyCTeSsENiCCsg=
last-modified: Mon, 18 Dec 2023 18:37:54 GMT
server: cloudflare
etag: W/"89752e1f97a7b4c99c8911b337d84c3c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8524c88f7f34928d-FRA
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H3 200 5203.e7a22052.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 17 KB
4 KB 74ms
68ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5203.e7a22052.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

46e758010f351793913ddca875cd4d6b107e4fe8b263b352c1da5b2f3d151021

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
x-amz-version-id: sYZi_T_vovpyjHR0HCCODg8UWAAlZCKC
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 4G41DBY3KYNQX9MD
age: 390396
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: hjUGm8MKzsmi3mkpcyxVF250ZoZi/eTMgnFDsjhhwRDoDDOvQtxbVG9a8TT+TtztvpcQlLGA70tB9JciD/fIWZr+k0YmBhsG
last-modified: Thu, 19 Oct 2023 20:38:10 GMT
server: cloudflare
etag: W/"4b2a2b012f01bcd5a7880043af3823bc"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8524c88f7f38928d-FRA
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H3 200 3486.68d9a40d.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 27 KB
7 KB 62ms
56ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3486.68d9a40d.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

07080369aba872ba059261aa7a0114bf1373a38a7c6d615fa9f17bf43a382c5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
x-amz-version-id: pfwMv_ApdQQ19fmVVC5BEx38xtUlcFDA
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: ZVDN2GCQDR4H9Y56
age: 1117444
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: HNPrklefLqrhkmyYRJHAipprFiJXZ4llhSH3SJc2z0BvFq4AGVBJrZuREPNhoWQ0UP2P23csidfg5csaJ2sfOA==
last-modified: Fri, 26 Jan 2024 16:19:10 GMT
server: cloudflare
etag: W/"c223a0c6ab36611c58be3a2de03581b5"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8524c88f7f3a928d-FRA
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H3 200 8084.ff129ede.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 24 KB
6 KB 76ms
70ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8084.ff129ede.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ac0aa372cf76c239eaff19aec12273c13a5c95b9a9dab7cae9e6fd822b0a810

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
x-amz-version-id: N62U9FUPepes47FE0JHEvWZvgK6MZjw7
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: SP75S74D3PGJ4QPM
age: 87688
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: VeCdyKcvJs282DagXJ4BRtWUeOUHGSVs1hY25K6x3FD7DcASYVtTKgQRCfcjLp0ASozNFVNnajE=
last-modified: Tue, 06 Feb 2024 20:53:17 GMT
server: cloudflare
etag: W/"f893f46f9754378d7aad0931ba4fa46d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8524c88f7f3e928d-FRA
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H3 200 6616.70b0722d.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 13 KB
4 KB 70ms
64ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6616.70b0722d.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f9df31bc24b5277be57a4876e408a7fef57e29e95818cce329e995c65f46540

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
x-amz-version-id: DMwql5KSbx.afnyUBBJ._rOO4ON0ImLb
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: ZVDH8VY86STB2MZM
age: 1117444
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: sS/snlG5rjaKitEwpT9BG/dSbTYE5Yq6ydBAl/pEw3xUxfn8MrK/hdCS4Suot8dENRhhY/XS+82WPd8Y3mxKmg==
last-modified: Thu, 25 Jan 2024 21:52:42 GMT
server: cloudflare
etag: W/"00deca0f3da51bf66abe856d4be70052"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8524c88f7f41928d-FRA
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H3 200 1711.b70f1a35.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 23 KB
7 KB 79ms
72ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1711.b70f1a35.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

93efcb5760c80b2b05a06369f841dec8894aec84f393f473d4a98c97d753637c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
x-amz-version-id: an7lZshTbeizT4YvZ.H_UfpGSLFLVp6K
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: J178EJGERS581XHJ
age: 150365
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 1I0RZFqis3VUg39l18/zzES9x70K/pwfl3YWM9quPJZkzqvAzZXymSFOZhptZBXkE89qOgs7zSg=
last-modified: Tue, 12 Dec 2023 20:16:53 GMT
server: cloudflare
etag: W/"be9a7f1d16e66912ad5aca0b77f43879"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8524c88f7f43928d-FRA
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H3 200 5459.80a6ee18.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 24 KB
9 KB 121ms
114ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5459.80a6ee18.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dfdb6f5b4806f1c38df4fe8759a9de97db51013d581eab964f30e0168c63824

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
x-amz-version-id: Xo5Pr3Ij5Cgw5oTeyQue1xJQ0yv8JEXg
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: CHZKXH56PFAXAFEG
age: 548314
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: BBd7tWA52shZmT0c5SCc8moGJkiC4G7uHUttpvXAepUdBi0mMnRJ6imZ/VrcHJiBUjMtdM45pAI=
last-modified: Thu, 19 Oct 2023 20:38:10 GMT
server: cloudflare
etag: W/"6e1344575b07708a7b94c40d88f89dce"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8524c88f7f45928d-FRA
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H3 200 9114.49b6b911.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 15 KB
4 KB 80ms
73ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9114.49b6b911.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

24183a1040266651c9220130eeb24ae69eaf1aea2f6cdf2928c47c1d28ec616f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
x-amz-version-id: 5HP3EOnC9v2XvBoz8LhP.2aoPkreALV7
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 3N219REVC9ZYPNYQ
age: 310452
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: pMocFrYuTvZNcT+E5EWJl91OyGLMXAw6jBtIWQbO3ZI5fxKtuj3sgvOVN/RdHdqMoNtZ4/8ChKE=
last-modified: Thu, 19 Oct 2023 20:38:15 GMT
server: cloudflare
etag: W/"8b63f526f073a7a5c4fc7961b42c1594"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8524c88f7f49928d-FRA
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H3 200 6804.53e6dec4.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
3 KB 83ms
76ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6804.53e6dec4.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7d2aa006bf27911a62f151436d7b3d12e24397c9c2befb9821f14808327adbd0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
x-amz-version-id: todTaNHxor7z6DkxEEYKUxGO_1.8UYX_
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 1Q7GVDZ2W0QN2D9J
age: 511229
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: W8VtQZLKkjyepOC1FwuEeKrE5eijybuzX8udgFMYTWu2U6Y6/iU4TGmC3QRRoBLvsiQaaya8a7GuOwWEWUXRtw==
last-modified: Fri, 08 Dec 2023 16:20:20 GMT
server: cloudflare
etag: W/"6e15efdedf85602439d99f6da2760537"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8524c88f7f4e928d-FRA
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H3 200 9174.b1cc3539.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 107 KB
27 KB 90ms
83ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9174.b1cc3539.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14c45a864427b8fb976671fb4b8e93c55984678c2fa0c087e0eb35b7ded3ff9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
x-amz-version-id: NtZOT6_fdUN18E9.niL.Jt3i3V1rP4Bs
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: SQRN8P5B08F0KSHZ
age: 767018
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: jsEZEiMjBoG/fhcXiM0t0MRLpClGgWf1L1809L4lQDQx1qD/MDnrLy/G56or54d361XQyc/CwFaglSi+sS2C2g==
last-modified: Mon, 29 Jan 2024 22:27:28 GMT
server: cloudflare
etag: W/"9a950f7738f7e49485a73ce1b11959a9"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8524c88f7f50928d-FRA
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H3 200 4129.ee8ae2c8.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 23 KB
8 KB 80ms
73ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4129.ee8ae2c8.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37a92f6f729051d8f507d8e2102fb6ff65523e1cac9a02c5cf73f1503b446dfc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
x-amz-version-id: GKCEAjCz9C3rq4gDy5D41ahGcAUvJYws
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: MT269DYJ93D7FQ65
age: 125868
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: cusI7iSSJCBsd666xA9WgOKQaUZuVRaxOg4MroP7ROiIDH9vQ6XHZEamcKo+qjjznfVGfpv8iSnks0g4r9Pjzjac+/VZOAWVo4ewSrht4zc=
last-modified: Tue, 31 Oct 2023 13:31:10 GMT
server: cloudflare
etag: W/"c63ba7334aaaa7c433116323b85dddd8"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8524c88f7f51928d-FRA
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H3 200 2295.30dff0b0.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 15 KB
4 KB 80ms
74ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2295.30dff0b0.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee5c96e6fc310e38d9bdf9d134b7d09bfdb681b02a80a8ab477edeef9e215451

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
x-amz-version-id: 69MazsIWj_WcHIAOL6vx0n8tecFg7uXP
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: AZJ9DJ29HDD766MG
age: 1206742
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: j8ZUnyB4OGhS0c79It5L3ODgi8vlULSqwOwkZzzPZtVc730vKRr5kSNe+joTK7AaJF9gjRnRI4c=
last-modified: Wed, 24 Jan 2024 19:06:46 GMT
server: cloudflare
etag: W/"f04c0fbecebf231537327e025aca4478"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8524c88f7f53928d-FRA
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H3 200 2550.9fcdbe78.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 21 KB
6 KB 91ms
84ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2550.9fcdbe78.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cbc4cc31fc72016388919ffae4b633191097c1a1c473291830b9ef3d8633385c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
x-amz-version-id: amhmJqiaDer.9FOLB6FdniqAsIU_w4xW
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: E1PEM473GDVYHNN5
age: 1116586
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: pbvDf7PFhx6dwng2lsucJqLvi6Hd7F3wXKtb7+oS3V+Zu67s74pcedy9szPmySsVHPaC8ohgJhk=
last-modified: Thu, 25 Jan 2024 20:51:46 GMT
server: cloudflare
etag: W/"c56e55cba11a3b8449d37496a0001e27"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8524c88f7f54928d-FRA
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H3 200 8580.feeb2549.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 20 KB
2 KB 81ms
74ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8580.feeb2549.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ab4e6c77ee5e6178222bb7deefc0c6d5b0e2b3ab2df5d8623da00840809e639d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
x-amz-version-id: zzAbVdzU1EHaoBWemZXYawSAaPKOliQq
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: Y65FVQ7NTEJBXQ6Y
age: 294943
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: cZohDeNRwUgaONTLit+xJE3dfHFvPeoV85c+KqhEP6x9pyiEj9eN5SLHPyGrwvD8EB0RQ7cMwU0=
last-modified: Thu, 19 Oct 2023 20:38:14 GMT
server: cloudflare
etag: W/"807d78fe3a15361dfb7d56b056c4ff12"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8524c88f7f56928d-FRA
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H3 200 8883.c8b03d13.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 30 KB
10 KB 95ms
88ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8883.c8b03d13.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6371dbf8600466f6a05a06c3372f54b5df5ea4ce7e2145571a7f72886d61d879

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
x-amz-version-id: rqCBYLKOv.8NNDtk1ZWJs0i2M.e6fYOU
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 57Q85NHRR4043R5E
age: 88496
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: wuWZa7C2RdY4I2iSAi/fZbqSkRPfrct1na/WxR4Eo3Z8UpsLjVo7kojWZijKyuO84f5zvVpJFpU=
last-modified: Wed, 01 Nov 2023 19:54:54 GMT
server: cloudflare
etag: W/"db9f4f034f186af2c5d3eb5b06d84be1"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8524c88f7f57928d-FRA
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H3 200 4078.da7800a7.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
2 KB 88ms
81ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4078.da7800a7.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e365238b8f3b49688bb6f1344496c0e25a3ebe4302c859856e937f18f403d6a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
x-amz-version-id: rrQLGST4J4fLi10qQKaFEEGE2uCdLnIB
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 449KG7PBSJGZC01G
age: 209043
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Ko8g5TRpaaJuMF3kj7RpTbSpnKQf/Toi0fRdIQ165XbAECplCvgs/h1QHuZjsQitsIsvW+5BsVA=
last-modified: Thu, 19 Oct 2023 20:38:08 GMT
server: cloudflare
etag: W/"6fe9bb13da7ba28df60248af83559170"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8524c88f7f58928d-FRA
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H3 200 2539.f55454a0.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 29 KB
8 KB 83ms
76ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2539.f55454a0.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b719c993d8c6ddc13fa9061db3f64044ad2f784539d44db2d84e57dc7e42d9e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
x-amz-version-id: XWf2AXEFNlClcrzm9ClRIEiH4V4YQoaP
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 1WRXRZPD25JNMS64
age: 1117648
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: fpDYcNc7HR3821rtA13CUBgBk/HQlSApT8YH1kmhTszsZGQwUK63A33L1pm6Tpvhqp716X5TiZU=
last-modified: Fri, 26 Jan 2024 16:19:10 GMT
server: cloudflare
etag: W/"ab26896dcff43f258dda05adc8374f28"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8524c88f7f59928d-FRA
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H3 200 9408.1c6d46ac.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 19 KB
5 KB 95ms
88ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9408.1c6d46ac.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8cf41c0f745c69819ec5b4be13b73116190e101893f9ecd134f934d76a28ce41

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
x-amz-version-id: 9a0Vl8lLKKEkTlipGC4nyQjlYhBe1bhG
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 8BJ5QE0AXCPSRDZK
age: 227830
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: dczVEUzqsTOhL8GIrOjCJyW6oCWX0x8b7hd2b/bRo/T8ValCGyAPAbOiZfCi6LICuanhXxYjlAo=
last-modified: Sat, 09 Dec 2023 01:10:53 GMT
server: cloudflare
etag: W/"a3c7d15ccc33a8cd97c10896abbd6d3b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8524c88f7f5a928d-FRA
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H3 200 9150.42fafb2e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
2 KB 83ms
77ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9150.42fafb2e.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3df22782693c9af50722c8e68c3bd5f0f2248d53b79cd278c2f0953d7b9d4571

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
x-amz-version-id: Juh7s6eqIR5VpuEFNUcPQ7B8LwsnUpKw
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: RN7HXARNCBXX8B4K
age: 635495
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: JdEWkQYV5f8lXbdQuVjf4Ny8CryboZNimKTWaKr5gu64oXoUcCZKfYTDEEee4o0MurDa9dtzit4=
last-modified: Thu, 19 Oct 2023 20:38:15 GMT
server: cloudflare
etag: W/"78132c40ece3187924f4251503c0fe2e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8524c88f7f5c928d-FRA
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H3 200 5005.b5d4a37c.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 31 KB
3 KB 83ms
77ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5005.b5d4a37c.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed871cdd5c0d8def9f024a161b7b8e8cef778a47955c05a27fbdcf023b9fa4b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
x-amz-version-id: RisC25ILXQZI5zUiv0YF80pfrgqVmer.
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: NEESR8DSNFTRDXX8
age: 470895
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: gDwQxxkhjYaqXGZpDeHuM/5206TkQdKZjAI80x8uyXp+PySrrr7QAvKdE31wzprOOt+qteOAvKnB/kENdCZAkw==
last-modified: Thu, 19 Oct 2023 20:38:10 GMT
server: cloudflare
etag: W/"a72dda426ce4412cf5cdf2bd365c57c4"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8524c88f7f5e928d-FRA
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H3 200 2393.fcf95ce7.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 45 KB
16 KB 86ms
80ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2393.fcf95ce7.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

891812de9a55dbba7d6f6cee7ee157224a071990faca7764f83406fa6e1eaf93

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
x-amz-version-id: sIZdDO734LWoJP_qwJATl2wiXwFl7gZ7
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: ZVDJ9TK0FY89798W
age: 1117444
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: hWQVYKloyjHAxDyTbYnHdzMprq+hedJCDdqu+eLHx/q6B9h/2iHlwXS8FsIGG/iBXeuzwE2Bs2Y=
last-modified: Thu, 25 Jan 2024 21:52:37 GMT
server: cloudflare
etag: W/"2e93272b3fe8845ec838da7076cb32d8"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8524c88f7f61928d-FRA
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H3 200 7600.4d7a7595.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 26 KB
7 KB 95ms
89ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7600.4d7a7595.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c7ee521f8c13e8aaa3779a7fad99f2822784a51313d07e3222b36c4018d20a7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
x-amz-version-id: .XMtp4wk4dGv4Enbc3qKxprymBpr6ZIv
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: KR0F0QEKVN6ZA3HE
age: 512893
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: FsJj/NC6d2zww+F4sX8JfKLM63Qh5AEaQ3siFy4wIH3HibSGEEOa8QoZoy/FAiZOKMzA8cuC3Uvf0FAgl7lP+KG4DHm8uNpw
last-modified: Fri, 05 Jan 2024 16:11:32 GMT
server: cloudflare
etag: W/"75742e30c23038c6648f6a7f411d922c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8524c88f7f64928d-FRA
expires: Fri, 07 Feb 2025 15:07:38 GMT

GET
H3 200 PostPage.MainContent.e7341618.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 200 KB
48 KB 102ms
96ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/PostPage.MainContent.e7341618.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

729b34e17bfe422faa523cfcbd540d3339a8afbfa87a071d147bbb70e1b8cf5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:38 GMT
x-amz-version-id: ahKljzzUJZlAfG2.NFeIRCYaXLgWLvqi
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: PXJJBYG66Y10J42K
age: 623732
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: sytt/X3F2EaXP9IbejTcqBL64iqEqoECVaiTKFxFQ2y+GFfWCppcnxt2/34bA562E7oyonh2Cq8=
last-modified: Thu, 01 Feb 2024 09:26:41 GMT
server: cloudflare
etag: W/"d5b8c6f7b4a23c1d23c30689df778575"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8524c88f7f66928d-FRA
expires: Fri, 07 Feb 2025 15:07:38 GMT

POST
H2 200 /
posts.specterops.io/_/clientele/reports/performance/ 0
0 108ms
108ms Fetch
application/octet-stream 52.1.147.205
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.d58ce879.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.1.147.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-147-205.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
Medium-Clientele-Client: lite
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 08 Feb 2024 15:07:39 GMT
medium-fulfilled-by: valencia/main-20240207-083441-c01c1b6733, clientele/main-20231219-145619-fa9dd934c1
x-envoy-upstream-service-time: 13
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

GET
H3 200 2230.c546f16c.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 20 KB
8 KB 61ms
61ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2230.c546f16c.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.b18f92a3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf9e6a6362e194c2e0d66aec3b1e207810fcd0eb794937c01e215478b29bc182

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:39 GMT
x-amz-version-id: xWJf__tEGtfK6SYsYt3.b.Ctl1FYrL2e
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: NWQA4V69B6R8CXEC
age: 205580
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: YpocriCW8Y4fQGU/OIaMp0zZkBtCqHFtQKKf20MwZhFDFCTGB8/FCcpPV8nbpA1C7mqspJLXPUUThBby4hZxPtjI2TRsg3xy
last-modified: Thu, 19 Oct 2023 20:38:05 GMT
server: cloudflare
etag: W/"5b5ebdea4bda0086b419f1dc8ca91a75"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8524c893fdd7928d-FRA
expires: Fri, 07 Feb 2025 15:07:39 GMT

POST
H2 200 /
posts.specterops.io/_/clientele/reports/performance/ 0
0 109ms
109ms Fetch
application/octet-stream 52.1.147.205
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.d58ce879.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.1.147.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-147-205.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
Medium-Clientele-Client: lite
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 08 Feb 2024 15:07:39 GMT
medium-fulfilled-by: valencia/main-20240207-083441-c01c1b6733, clientele/main-20231219-145619-fa9dd934c1
x-envoy-upstream-service-time: 12
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

GET
H3 200 GiveTipButton.7844a2d2.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 7 KB
3 KB 38ms
38ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/GiveTipButton.7844a2d2.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.b18f92a3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc5cb8bee960b5d5fd591fde3730e4d20198f53a4883b19f1a36d072b7f4e0a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:39 GMT
x-amz-version-id: 5wxFaPBbZuXVEH4zg8t9Fz46CDAnJYq7
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: JQK49W551XWWKQSG
age: 548333
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: oBPvZ/DiAaFAgghVdZX2+M09eUH6G+njMO6u8DUApB9Iwy6IdMwtFem7S71xjWYJ50nva9jh/4KJTUiEPhXdOg==
last-modified: Thu, 19 Oct 2023 20:38:24 GMT
server: cloudflare
etag: W/"c9d3c6b5a486ea6dcc919c927917cf19"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8524c894ef50928d-FRA
expires: Fri, 07 Feb 2025 15:07:39 GMT

GET
H3 200 gt-super-400-normal.woff
glyph.medium.com/font/4a44748/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 13 KB
13 KB 47ms
47ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/4a44748/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/gt-super-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

40c05a07ac09c244b63a1755d524e094c32a18072335fb6cfc7f13da9cfe3eb9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:39 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 6164550
x-envoy-upstream-service-time: 114
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8524c8950d359165-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 07 Feb 2025 15:07:39 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 239 KB
84 KB 41ms
18ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-7JY7T788PK

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3057.5e22bbb0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e9e9b77689d27caa995ff121a6c91b1fe6975f705a8f1a117a452d4b6892fbd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:39 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 85337
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 08 Feb 2024 15:07:39 GMT

GET
H2 200 branch-latest.min.js Show response
cdn.branch.io/ 72 KB
22 KB 36ms
7ms Script
text/javascript 108.138.26.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.branch.io/branch-latest.min.js
Requested by: Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.26.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-26-87.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d3274941dc93ac31afbfb11a8c2e6b3f935a47f83f74af49b4c50ea7f2cfb8f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

x-amz-version-id: BpHUBRZKvY6QXr9yoMLjiALV4oevMpLi
content-encoding: gzip
via: 1.1 837a869ba82f4a85a2e5810b11746698.cloudfront.net (CloudFront)
date: Thu, 08 Feb 2024 15:03:10 GMT
last-modified: Thu, 18 Jan 2024 22:46:23 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P7
age: 269
etag: "c4477709ceb6b0b6893d7360fcf08780"
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age=300
content-length: 22502
x-amz-cf-id: FoccAbnFQWQ_E-NQKG3unwaonOj8FXVs6dky3PcfhRxiFY0eZ3L-Pg==

GET
H3 200 5c50caa54067fd622d2f0fac18392213bf92f6e2fae89b691e62bceb40885e74
miro.medium.com/v2/da:true/resize:fit:0/ 300 KB
300 KB 45ms
45ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/da:true/resize:fit:0/5c50caa54067fd622d2f0fac18392213bf92f6e2fae89b691e62bceb40885e74

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

67c2e60e6e47776cd0394b8dca668b89acaadee5198bbf9172a61ecc33dec97a

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:39 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 249887
x-envoy-upstream-service-time: 200
content-disposition: inline; filename="5c50caa54067fd622d2f0fac18392213bf92f6e2fae89b691e62bceb40885e74.png"
alt-svc: h3=":443"; ma=86400
content-length: 306868
x-request-id: 78d6a68b-8900-44cf-9475-0baae262d9b1
sepia-upstream: medium
server: cloudflare
etag: "_89iZTbMWFrDAXoszgLV1LA1pq4J7sBwEDXleeW4l1U/RIjIwZDEwN2Y4NjUyZGRjYWYzMDBkNGYxNjllNjMwODQ5Ig"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20231120-091327-e2dd1b4066
accept-ranges: bytes
cf-ray: 8524c8952f85928d-FRA
expires: Fri, 07 Feb 2025 15:07:39 GMT

POST
H2 200 graphql Show response
posts.specterops.io/_/ 129 B
425 B 118ms
117ms Fetch
application/json 52.1.147.205
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3057.5e22bbb0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.1.147.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-147-205.compute-1.amazonaws.com

Software

nginx /

Resource Hash

4eded261b5bb4b7830d16c24c518f7978b3d476ade3fc5cfd1d657855bae973e

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 12f874b0dca34c43
medium-frontend-path: /application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
graphql-operation: VisitorQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
medium-frontend-app: lite/main-20240207-183631-db1b58f143
apollographql-client-version: main-20240207-183631-db1b58f143
ot-tracer-spanid: 28b3bca3233f856a

Response headers

date: Thu, 08 Feb 2024 15:07:39 GMT
sepia-upstream: medium
server: nginx
etag: W/"81-nENVkdsTKKMsPXDAfyE72ULIKis"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20240208-143913-f3bba4adc1, rito/main-20240207-142856-336854f984
x-envoy-upstream-service-time: 21
content-length: 129
x-xss-protection: 0
x-request-received-at: 1707404859936

POST
H2 200 graphql Show response
posts.specterops.io/_/ 80 B
374 B 124ms
124ms Fetch
application/json 52.1.147.205
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3057.5e22bbb0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.1.147.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-147-205.compute-1.amazonaws.com

Software

nginx /

Resource Hash

f6adb47c34f420ef114d5ecdb9b7daab2948c5e9c6d7e3441fee907e5a8fef3f

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 12f874b0dca34c43
medium-frontend-path: /application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
graphql-operation: AvatarMenuQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
medium-frontend-app: lite/main-20240207-183631-db1b58f143
apollographql-client-version: main-20240207-183631-db1b58f143
ot-tracer-spanid: 28b3bca3233f856a

Response headers

date: Thu, 08 Feb 2024 15:07:39 GMT
sepia-upstream: medium
server: nginx
etag: W/"50-uwdNQiS1cauYvMsRotgPVGuGSSE"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20240207-083441-c01c1b6733, rito/main-20240207-142856-336854f984
x-envoy-upstream-service-time: 25
content-length: 80
x-xss-protection: 0
x-request-received-at: 1707404859937

POST
H2 200 graphql Show response
posts.specterops.io/_/ 1 KB
804 B 180ms
179ms Fetch
application/json 52.1.147.205
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3057.5e22bbb0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.1.147.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-147-205.compute-1.amazonaws.com

Software

nginx /

Resource Hash

dbdac8cfa8a741405350723c0441afe13cc385c819f819fb9ceec835782aa01b

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 12f874b0dca34c43
medium-frontend-path: /application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
graphql-operation: ClapCountQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
medium-frontend-app: lite/main-20240207-183631-db1b58f143
apollographql-client-version: main-20240207-183631-db1b58f143
ot-tracer-spanid: 28b3bca3233f856a

Response headers

date: Thu, 08 Feb 2024 15:07:40 GMT
content-encoding: gzip
sepia-upstream: medium
server: nginx
etag: W/"4a1-AKtISX60So/Ye+PxZrcPxWz2seU"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20240207-083441-c01c1b6733, rito/main-20240207-142856-336854f984, tutu/main-20240208-100939-b470dc8a48
x-envoy-upstream-service-time: 85
x-xss-protection: 0
x-request-received-at: 1707404859935

POST
H2 200 graphql Show response
posts.specterops.io/_/ 210 B
532 B 154ms
153ms Fetch
application/json 52.1.147.205
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3057.5e22bbb0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.1.147.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-147-205.compute-1.amazonaws.com

Software

nginx /

Resource Hash

52e67deb0a40627c9770ebd6842570915ab6982106144cbb2de6fd18686908a3

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 12f874b0dca34c43
medium-frontend-path: /application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
graphql-operation: NewsletterV3ViewerEdge
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
medium-frontend-app: lite/main-20240207-183631-db1b58f143
apollographql-client-version: main-20240207-183631-db1b58f143
ot-tracer-spanid: 28b3bca3233f856a

Response headers

date: Thu, 08 Feb 2024 15:07:39 GMT
sepia-upstream: medium
server: nginx
etag: W/"d2-bldo4PhnYd4L0Ur0Ff8bO3+/N5Q"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20240207-083441-c01c1b6733, rito/main-20240207-142856-336854f984, tutu/main-20240208-100939-b470dc8a48
x-envoy-upstream-service-time: 56
content-length: 210
x-xss-protection: 0
x-request-received-at: 1707404859941

POST
H2 200 graphql Show response
posts.specterops.io/_/ 23 KB
5 KB 385ms
384ms Fetch
application/json 52.1.147.205
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3057.5e22bbb0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.1.147.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-147-205.compute-1.amazonaws.com

Software

nginx /

Resource Hash

99eb2e17e7ff90046cad8b6a73ffb786c58651222729a2854cdbfd5a774924f5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 12f874b0dca34c43
medium-frontend-path: /application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
graphql-operation: MoreFromMediumRecircQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
medium-frontend-app: lite/main-20240207-183631-db1b58f143
apollographql-client-version: main-20240207-183631-db1b58f143
ot-tracer-spanid: 28b3bca3233f856a

Response headers

date: Thu, 08 Feb 2024 15:07:40 GMT
content-encoding: gzip
sepia-upstream: medium
server: nginx
etag: W/"5ccb-oAdeneRxbZpkhDFmQggnPZFaMDM"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20240207-083441-c01c1b6733, rito/main-20240207-142856-336854f984, tutu/main-20240207-202353-aa8ac8e58c
x-envoy-upstream-service-time: 201
x-xss-protection: 0
x-request-received-at: 1707404860029

POST
H2 200 graphql Show response
posts.specterops.io/_/ 27 B
320 B 202ms
201ms Fetch
application/json 52.1.147.205
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3057.5e22bbb0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.1.147.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-147-205.compute-1.amazonaws.com

Software

nginx /

Resource Hash

706e568e0c4a22004a1c177674ae9489b5a3ca9f5a97e4addb3c626c03016548

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 12f874b0dca34c43
medium-frontend-path: /application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
graphql-operation: ViewerQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
medium-frontend-app: lite/main-20240207-183631-db1b58f143
apollographql-client-version: main-20240207-183631-db1b58f143
ot-tracer-spanid: 28b3bca3233f856a

Response headers

date: Thu, 08 Feb 2024 15:07:40 GMT
sepia-upstream: medium
server: nginx
etag: W/"1b-zcE2qsOE110W+7rHoTa9C+cwT68"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20240207-083441-c01c1b6733, rito/main-20240207-142856-336854f984
x-envoy-upstream-service-time: 23
content-length: 27
x-xss-protection: 0
x-request-received-at: 1707404860027

POST
H2 200 graphql Show response
posts.specterops.io/_/ 79 B
373 B 202ms
202ms Fetch
application/json 52.1.147.205
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3057.5e22bbb0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.1.147.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-147-205.compute-1.amazonaws.com

Software

nginx /

Resource Hash

52d25ab4a53674b721be8fa2983c6b0f2b6821618f6d4fbc3472fec02b5e67d0

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 12f874b0dca34c43
medium-frontend-path: /application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
graphql-operation: LogGateExposure
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
medium-frontend-app: lite/main-20240207-183631-db1b58f143
apollographql-client-version: main-20240207-183631-db1b58f143
ot-tracer-spanid: 28b3bca3233f856a

Response headers

date: Thu, 08 Feb 2024 15:07:40 GMT
sepia-upstream: medium
server: nginx
etag: W/"4f-PyDyq/vz3tkRgbZXHMnLXcJrsR4"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20240207-083441-c01c1b6733, rito/main-20240207-142856-336854f984
x-envoy-upstream-service-time: 22
content-length: 79
x-xss-protection: 0
x-request-received-at: 1707404860025

POST
H2 200 graphql Show response
posts.specterops.io/_/ 96 B
416 B 319ms
319ms Fetch
application/json 52.1.147.205
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3057.5e22bbb0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.1.147.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-147-205.compute-1.amazonaws.com

Software

nginx /

Resource Hash

29e2a6a03815efb653d3c3a5e8a55135356f6623af46e573b7861fb9b68a4f60

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 12f874b0dca34c43
medium-frontend-path: /application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
graphql-operation: InteractivePostBodyQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
medium-frontend-app: lite/main-20240207-183631-db1b58f143
apollographql-client-version: main-20240207-183631-db1b58f143
ot-tracer-spanid: 28b3bca3233f856a

Response headers

date: Thu, 08 Feb 2024 15:07:40 GMT
sepia-upstream: medium
server: nginx
etag: W/"60-6WcIbCzJrln1p81/MvZQk6bmO00"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20240207-083441-c01c1b6733, rito/main-20240207-142856-336854f984, tutu/main-20240208-100939-b470dc8a48
x-envoy-upstream-service-time: 57
content-length: 96
x-xss-protection: 0
x-request-received-at: 1707404860112

GET
H2 200 _r Show response
app.link/ 91 B
638 B 224ms
161ms Script
text/javascript 2600:9000:2057:c000:19:9934:6a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.link/_r?sdk=web2.81.0&branch_key=key_live_ofxXr2qTrrU9NqURK8ZwEhknBxiI6KBm&callback=branch_callback__0

Requested by

Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:c000:19:9934:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

openresty /

Resource Hash

6a6cbec5ef7fe2fbb0d254f38bd500043bb82dd0edcfd433637cee203a9ae363

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:07:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 c6b364b1181abfafd7a69f210841edca.cloudfront.net (CloudFront)
server: openresty
accept-ch: Sec-CH-UA-Platform-Version,Sec-CH-UA-Model
x-amz-cf-pop: FRA6-C1
etag: W/"5b-ioUGzwwU+0A818b+N+Oa8bCarTQ"
x-cache: Miss from cloudfront
content-type: text/javascript; charset=utf-8
content-length: 91
x-amz-cf-id: X_LKw0DUiICHAmhkWCsSLeisF3CysaGPIWpThtqWDBzD7lnui5cBBA==

POST
H2 204 collect
region1.google-analytics.com/g/ 0
256 B 51ms
14ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-7JY7T788PK&gtm=45je4250v9123887712za200&_p=1707404859698&gcd=13l3l3l3l1&npa=0&dma_cps=sypham&dma=1&cid=568327869.1707404860&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_s=1&sid=1707404860&sct=1&seg=0&dl=https%3A%2F%2Fposts.specterops.io%2Fapplication-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404&dt=Application%20Whitelisting%20Bypass%20and%20Arbitrary%20Unsigned%20Code%20Execution%20Technique%20in%20winrm.vbs%20%7C%20by%20Matt%20Graeber%20%7C%20Posts%20By%20SpecterOps%20Team%20Members&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=2714
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-7JY7T788PK
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Feb 2024 15:07:40 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://posts.specterops.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 graphql Show response
posts.specterops.io/_/ 80 B
374 B 124ms
124ms Fetch
application/json 52.1.147.205
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3057.5e22bbb0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.1.147.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-147-205.compute-1.amazonaws.com

Software

nginx /

Resource Hash

31ee9e6ca34f47acdb8a09360cdb267a16d36ad2105fba3945ed8a1470c309aa

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 12f874b0dca34c43
medium-frontend-path: /application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
graphql-operation: PostGiveTipOnExternalPlatformQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
medium-frontend-app: lite/main-20240207-183631-db1b58f143
apollographql-client-version: main-20240207-183631-db1b58f143
ot-tracer-spanid: 28b3bca3233f856a

Response headers

date: Thu, 08 Feb 2024 15:07:40 GMT
sepia-upstream: medium
server: nginx
etag: W/"50-LQNXHJLe4hAeT0qUYpbC13iGHpA"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20240207-083441-c01c1b6733, rito/main-20240207-142856-336854f984
x-envoy-upstream-service-time: 28
content-length: 80
x-xss-protection: 0
x-request-received-at: 1707404860248

POST
H2 200 open Show response
api2.branch.io/v1/ 316 B
691 B 197ms
162ms XHR
application/json 2600:9000:2491:6600:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/open

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3057.5e22bbb0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2491:6600:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

132a8100246a422625ce8019d7ed9b529a4139b91703a92a9430514fa78f3b85

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 08 Feb 2024 15:07:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56317bf75183e752b06c880e8a1e502a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P7
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
x-branch-request-id: 6fb4370d-0471-43b2-8303-a7e22e52134c-2024020815
content-length: 316
x-amz-cf-id: EuQaSk6Tlp072yWpkndD9-xI1IAididyYAmwXlKylHBXGtWAs5EFcA==

POST
H2 200 /
posts.specterops.io/_/clientele/reports/performance/ 0
0 107ms
107ms Fetch
application/octet-stream 52.1.147.205
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.d58ce879.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.1.147.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-147-205.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
Medium-Clientele-Client: lite
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 08 Feb 2024 15:07:40 GMT
medium-fulfilled-by: valencia/main-20240208-143913-f3bba4adc1, clientele/main-20231219-145619-fa9dd934c1
x-envoy-upstream-service-time: 11
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

POST
H2 200 graphql Show response
posts.specterops.io/_/ 3 KB
778 B 240ms
240ms Fetch
application/json 52.1.147.205
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3057.5e22bbb0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.1.147.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-147-205.compute-1.amazonaws.com

Software

nginx /

Resource Hash

074354de08f470c1833556934649d67c38cca4e2cbee3d112949978939ab8d63

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 12f874b0dca34c43
medium-frontend-path: /application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
graphql-operation: ClapCountQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
medium-frontend-app: lite/main-20240207-183631-db1b58f143
apollographql-client-version: main-20240207-183631-db1b58f143
ot-tracer-spanid: 28b3bca3233f856a

Response headers

date: Thu, 08 Feb 2024 15:07:40 GMT
content-encoding: gzip
sepia-upstream: medium
server: nginx
etag: W/"d8e-Ti1zanUHhuHRHd2lkQX2wy8OqH8"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20240207-083441-c01c1b6733, rito/main-20240207-142856-336854f984, tutu/main-20240208-100939-b470dc8a48
x-envoy-upstream-service-time: 145
x-xss-protection: 0
x-request-received-at: 1707404860795

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
436 B 182ms
181ms XHR
application/json 2600:9000:2491:6600:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/pageview

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3057.5e22bbb0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2491:6600:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Express

Resource Hash

a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 08 Feb 2024 15:07:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56317bf75183e752b06c880e8a1e502a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P7
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: b6d1f079a52c4764b1e95f7ab1ff9e98-2024020815
content-length: 28
x-amz-cf-id: -Y4HxbzVBePO-pBRVymV3BC3aYvTJpWxqA6mCRwL1f6MZ5RZM1Ov7g==

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
434 B 322ms
321ms XHR
application/json 2600:9000:2491:6600:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/pageview

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3057.5e22bbb0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2491:6600:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Express

Resource Hash

a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 08 Feb 2024 15:07:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56317bf75183e752b06c880e8a1e502a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P7
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: f43f8aebdb8a4a1d948ab6ad69c1f310-2024020815
content-length: 28
x-amz-cf-id: 368Utl9jOrIjZC5BPzlVPmW6PZnrBVJ-XETOp01o0atidHiiG8PqJA==

POST
H2 200 batch Show response
posts.specterops.io/_/ 17 B
173 B 256ms
255ms Fetch
application/json 52.1.147.205
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/batch
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.d58ce879.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.1.147.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-147-205.compute-1.amazonaws.com
Software: nginx /
Resource Hash: f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

Request headers

Referer: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
x-xsrf-token: 1
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
content-type: application/json

Response headers

date: Thu, 08 Feb 2024 15:07:44 GMT
medium-fulfilled-by: valencia/main-20240207-083441-c01c1b6733
x-envoy-upstream-service-time: 156
sepia-upstream: medium
server: nginx
content-length: 17
content-type: application/json

Verdicts & Comments Add Verdict or Comment

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.medium.com/	1970-01-21 03:52:44	Name: uid Value: lo_566cdd141924
.medium.com/	1970-01-21 03:52:44	Name: sid Value: 1:kzXaA9Z47niWrnemyqM0YrezfmQ7/3e+/I4F0BYAgEbDHRQY3WVdJutqyxf/aK78
posts.specterops.io/	1970-01-21 03:52:44	Name: uid Value: lo_566cdd141924
posts.specterops.io/	1970-01-21 03:52:44	Name: sid Value: 1:C2oF+r1oGGD6XDP1kAo+TimAV8hV+h5g8sEUOzLAC0ddQ7tRVx5Ka6gDpwuUN5Aa
posts.specterops.io/	1970-01-20 18:16:45	Name: _dd_s Value: rum=0&expire=1707405759538
.specterops.io/	1970-01-21 03:52:44	Name: _ga_7JY7T788PK Value: GS1.1.1707404860.1.0.1707404860.0.0.0
.specterops.io/	1970-01-21 03:52:44	Name: _ga Value: GA1.1.568327869.1707404860
.app.link/	1970-01-21 03:02:20	Name: _s Value: vHfgHpOCHPhd8gjxEYL%2BC1Cdnw%2F3Rr51pg1frq53Iej65M%2FmgXSjcS6jYqXUmSaJ

86 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
security	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: document.domain mutation is ignored because the surrounding agent cluster is origin-keyed.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404?gi=1d91fd2b1512(Line 41) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404(Line 72) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404(Line 72) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404 Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' https://medium.com

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api2.branch.io
app.link
cdn-client.medium.com
cdn.branch.io
glyph.medium.com
medium.com
miro.medium.com
posts.specterops.io
region1.google-analytics.com
www.googletagmanager.com
108.138.26.87
2001:4860:4802:34::36
2600:9000:2057:c000:19:9934:6a80:93a1
2600:9000:2491:6600:11:f728:3040:93a1
2606:4700:7::a29f:9904
2a00:1450:4001:808::2008
52.1.147.205
046c5911ce94f822a071f7d2f21cb43c926da851bb3b5ddb95fcd705e1dffe27
07080369aba872ba059261aa7a0114bf1373a38a7c6d615fa9f17bf43a382c5a
074354de08f470c1833556934649d67c38cca4e2cbee3d112949978939ab8d63
132a8100246a422625ce8019d7ed9b529a4139b91703a92a9430514fa78f3b85
14c45a864427b8fb976671fb4b8e93c55984678c2fa0c087e0eb35b7ded3ff9b
1ca820b9aa7681184130d09157ea679d1d31390bee2af294c088f6dcaa24923b
1d40ba6bcffd2d51735ad266bbcea130205c2560e34f60d204feed40bce804cb
23851a0752a4d159babf6bd3bbe60a4166adb193c2207bddc8e6beaa461c5998
24183a1040266651c9220130eeb24ae69eaf1aea2f6cdf2928c47c1d28ec616f
25b283a69fdffec5aed19ca2a40b67f490744d4e28d1b41b14f78c7c3ca85304
29e2a6a03815efb653d3c3a5e8a55135356f6623af46e573b7861fb9b68a4f60
31ee9e6ca34f47acdb8a09360cdb267a16d36ad2105fba3945ed8a1470c309aa
36958875136eaa028381ba1b7c0169a46c0a3a80b12a2be773ec5e30479e3e87
37a92f6f729051d8f507d8e2102fb6ff65523e1cac9a02c5cf73f1503b446dfc
3df22782693c9af50722c8e68c3bd5f0f2248d53b79cd278c2f0953d7b9d4571
3dfdb6f5b4806f1c38df4fe8759a9de97db51013d581eab964f30e0168c63824
3e114382d20a02d0ca050b5fb41beeeb8d1c63762fa2f2e2b75557a48117d365
40c05a07ac09c244b63a1755d524e094c32a18072335fb6cfc7f13da9cfe3eb9
46e758010f351793913ddca875cd4d6b107e4fe8b263b352c1da5b2f3d151021
4eded261b5bb4b7830d16c24c518f7978b3d476ade3fc5cfd1d657855bae973e
52d25ab4a53674b721be8fa2983c6b0f2b6821618f6d4fbc3472fec02b5e67d0
52e67deb0a40627c9770ebd6842570915ab6982106144cbb2de6fd18686908a3
5a1aa5b3fe12402794e0a8981461a9a908a62d6fdea536e669147fc38bfc7be5
5e45ce783ff6f2159c09545f4a3a53cfd8aa6588e53ab2e3dc894b69048128e3
6371dbf8600466f6a05a06c3372f54b5df5ea4ce7e2145571a7f72886d61d879
65f0c65b5db3aa0568c7986479a4a3e909a05a84fb34ced48d70a2d628dd1444
67c2e60e6e47776cd0394b8dca668b89acaadee5198bbf9172a61ecc33dec97a
6a6cbec5ef7fe2fbb0d254f38bd500043bb82dd0edcfd433637cee203a9ae363
6ac0aa372cf76c239eaff19aec12273c13a5c95b9a9dab7cae9e6fd822b0a810
6f9df31bc24b5277be57a4876e408a7fef57e29e95818cce329e995c65f46540
706e568e0c4a22004a1c177674ae9489b5a3ca9f5a97e4addb3c626c03016548
729b34e17bfe422faa523cfcbd540d3339a8afbfa87a071d147bbb70e1b8cf5d
78661d3e6871b6e5c37f3113d811cb3dfc69546449e3b2c28095b6e7f28d9a7d
7d2aa006bf27911a62f151436d7b3d12e24397c9c2befb9821f14808327adbd0
891812de9a55dbba7d6f6cee7ee157224a071990faca7764f83406fa6e1eaf93
891ef5f10b2921a284b3219b477bbce48cdef8c4af85e82990e4f9a53bfeb2e0
8cf41c0f745c69819ec5b4be13b73116190e101893f9ecd134f934d76a28ce41
8d3e598ba737be043c5d785d54f858660c4dd4d22805b22a550876b017830f6b
93efcb5760c80b2b05a06369f841dec8894aec84f393f473d4a98c97d753637c
94e0099d1af6191fe1aadfef55debc9732f3e759f50788fd9316df0cb9d4cce7
977b4571fbd35581d404c3544bf8f97c826cd9eb72920a6b9f07540b695943a8
99eb2e17e7ff90046cad8b6a73ffb786c58651222729a2854cdbfd5a774924f5
9d4cacc612c452bdcc10a085e37f00f77d8863cb1e8fe669ca02c1156f2cb712
a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb
ab4e6c77ee5e6178222bb7deefc0c6d5b0e2b3ab2df5d8623da00840809e639d
b0f424bafe993b016ea96973894f95dfc4290608478a2d7d3fdd080d9b0a60d1
b6cf3de7da6a4ecc32fea9e64970c910d44109bc77fdd7dc4b654034350f2632
b719c993d8c6ddc13fa9061db3f64044ad2f784539d44db2d84e57dc7e42d9e3
c07430ac1075c62498346fe13ef2ebc6c1981eec9947dd244e5a16bff4133cee
c7ee521f8c13e8aaa3779a7fad99f2822784a51313d07e3222b36c4018d20a7a
ca2b6c294049540bb3cf90a4425ee46c65a114fba4d1a91b0c76b644b95e4d2f
cbc4cc31fc72016388919ffae4b633191097c1a1c473291830b9ef3d8633385c
cf9e6a6362e194c2e0d66aec3b1e207810fcd0eb794937c01e215478b29bc182
d3274941dc93ac31afbfb11a8c2e6b3f935a47f83f74af49b4c50ea7f2cfb8f2
d5d7947aa3e6131478a97f06e72913cb7b9e19161e03502ad1de3eb67f447213
d6c90ff7bddb2b437a4130fbfaad1dd6fdc87a532ed4a97b5a4484c659e632ee
dbdac8cfa8a741405350723c0441afe13cc385c819f819fb9ceec835782aa01b
dc5cb8bee960b5d5fd591fde3730e4d20198f53a4883b19f1a36d072b7f4e0a0
e365238b8f3b49688bb6f1344496c0e25a3ebe4302c859856e937f18f403d6a2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9c4e489d812f5522580e4428a83cc32ff15a43a00449667ff632d3c620ead58
e9e9b77689d27caa995ff121a6c91b1fe6975f705a8f1a117a452d4b6892fbd1
ed871cdd5c0d8def9f024a161b7b8e8cef778a47955c05a27fbdcf023b9fa4b1
ee5c96e6fc310e38d9bdf9d134b7d09bfdb681b02a80a8ab477edeef9e215451
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
f6adb47c34f420ef114d5ecdb9b7daab2948c5e9c6d7e3441fee907e5a8fef3f
f90d19259478cca4381bea7e760845de9bcf2155ee96cd8b06049add894022d3

posts.specterops.io Open in urlscan Pro 52.1.147.205 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

71 Requests

100 %HTTPS

71 %IPv6

6 Domains

10 Subdomains

7 IPs

2 Countries

1213 kBTransfer

3247 kBSize

8 Cookies

87 Outgoing links

Page URL History

Redirected requests

71 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

posts.specterops.io Open in urlscan Pro
52.1.147.205 Public Scan

Screenshot
Live screenshot

Full Image

71
Requests

100 %
HTTPS

71 %
IPv6

6
Domains

10
Subdomains

7
IPs

2
Countries

1213 kB
Transfer

3247 kB
Size

8
Cookies

71 HTTP transactions
0 data transactions