Another way to get to a system shell – Assistive Technology
https://oddvar.moe/2018/07/23/another-way-to-get-to-a-system-shell
@WindowsHackingLibrary
https://oddvar.moe/2018/07/23/another-way-to-get-to-a-system-shell
@WindowsHackingLibrary
Oddvar Moe's Blog
Another way to get to a system shell – Assistive Technology
TL;DR Manipulate HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs\magnifier – StartExe to run other binary when pressing WinKey and plus to zoom. Can load bin…
Robber : An open source tool for finding executables prone to DLL hijacking
https://github.com/MojtabaTajik/Robber
@WindowsHackingLibrary
https://github.com/MojtabaTajik/Robber
@WindowsHackingLibrary
GitHub
GitHub - MojtabaTajik/Robber: Robber is open source tool for finding executables prone to DLL hijacking
Robber is open source tool for finding executables prone to DLL hijacking - MojtabaTajik/Robber
SafetyKatz: a combination of slightly modified version of @gentilkiwi's Mimikatz project and @subtee's .NET PE Loader.
https://github.com/GhostPack/SafetyKatz
@WindowsHackingLibrary
https://github.com/GhostPack/SafetyKatz
@WindowsHackingLibrary
GitHub
GitHub - GhostPack/SafetyKatz: SafetyKatz is a combination of slightly modified version of @gentilkiwi's Mimikatz project and @subtee's…
SafetyKatz is a combination of slightly modified version of @gentilkiwi's Mimikatz project and @subtee's .NET PE Loader - GhostPack/SafetyKatz
Stored passwords found all over the place after installing Windows in company networks
http://blog.win-fu.com/2017/08/stored-passwords-found-all-over-place.html
@WindowsHackingLibrary
http://blog.win-fu.com/2017/08/stored-passwords-found-all-over-place.html
@WindowsHackingLibrary
Win-Fu
Stored passwords found all over the place after installing Windows in company networks :(
Hi everyone! It's been a while as I had a nice summer and a busy Techmentor conference after my holiday, and hence I haven't really had th...
Security Fun: Bloodhound, MS16-072 and GPO Discoverability
https://sdmsoftware.com/group-policy-blog/security-related/security-fun-bloodhound-ms16-072-gpo-discoverability
@FromZer0toHero
https://sdmsoftware.com/group-policy-blog/security-related/security-fun-bloodhound-ms16-072-gpo-discoverability
@FromZer0toHero
SDM Software
Security Fun: Bloodhound, MS16-072 and GPO Discoverability - SDM Software
I had a chance to attend my first BlackHat/Defcon conference last week in Las Vegas. I also attended the very excellent BSides conference, happening concurrently. Besides being shaken to my core from the skills demonstrated during the week :-), I got a chance…
Post Exploitation Using WMIC (System Command)
http://www.hackingarticles.in/post-exploitation-using-wmic-system-command/
@WindowsHackingLibrary
http://www.hackingarticles.in/post-exploitation-using-wmic-system-command/
@WindowsHackingLibrary
Hacking Articles
Post Exploitation Using WMIC (System Command)
This article is about Post Exploitation using the WMIC (Windows Management Instrumentation Command Line). When an Attacker gains a meterpreter session on a Remote PC,
Updated PoC Mimikatz Loader for 2018
PoC: https://gist.github.com/caseysmithrc/87f6572547f633f13a8482a0c91fb7b7
One-Liner: https://gist.github.com/xillwillx/96e2c5011577d8583635ad7bf6d4fb58
@WindowsHackingLibrary
Via: @SubTee
PoC: https://gist.github.com/caseysmithrc/87f6572547f633f13a8482a0c91fb7b7
One-Liner: https://gist.github.com/xillwillx/96e2c5011577d8583635ad7bf6d4fb58
@WindowsHackingLibrary
Via: @SubTee
Gist
Updated Katz.cs - Latest Mimikatz, I mean honestly it is 2018...
Updated Katz.cs - Latest Mimikatz, I mean honestly it is 2018... - katz.cs
Domain Penetration Testing: Using BloodHound, Crackmapexec, & Mimikatz to get Domain Admin
https://hausec.com/2017/10/21/domain-penetration-testing-using-bloodhound-crackmapexec-mimikatz-to-get-domain-admin
@WindowsHackingLibrary
https://hausec.com/2017/10/21/domain-penetration-testing-using-bloodhound-crackmapexec-mimikatz-to-get-domain-admin
@WindowsHackingLibrary
hausec
Domain Penetration Testing: Using BloodHound, Crackmapexec, & Mimikatz to get Domain Admin
In the previous two articles, I gathered local user credentials and escalated to local administrator, with my next step is getting to domain admin. Since I have local admin, I’ll be using a t…
Ultimate AppLocker ByPass List: The goal of this repository is to document the most common techniques to bypass AppLocker.
https://github.com/api0cradle/UltimateAppLockerByPassList/tree/Dev
@WindowsHackingLibrary
https://github.com/api0cradle/UltimateAppLockerByPassList/tree/Dev
@WindowsHackingLibrary
GitHub
GitHub - api0cradle/UltimateAppLockerByPassList at Dev
The goal of this repository is to document the most common techniques to bypass AppLocker. - GitHub - api0cradle/UltimateAppLockerByPassList at Dev
LDAP Injection Cheat Sheet, Attack Examples & Protection
https://www.checkmarx.com/knowledge/knowledgebase/LDAP
@WindowsHackingLibrary
https://www.checkmarx.com/knowledge/knowledgebase/LDAP
@WindowsHackingLibrary
PowerShell noscript which allows pausing\unpausing Win32/64 exes
https://github.com/besimorhino/Pause-Process
@WindowsHackingLibrary
https://github.com/besimorhino/Pause-Process
@WindowsHackingLibrary
GitHub
GitHub - besimorhino/Pause-Process: PowerShell noscript which allows pausing\unpausing Win32/64 exes
PowerShell noscript which allows pausing\unpausing Win32/64 exes - besimorhino/Pause-Process
ASP.NET resource files (.RESX) and deserialisation issues
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/august/aspnet-resource-files-resx-and-deserialisation-issues/
@WindowsHackingLibrary
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/august/aspnet-resource-files-resx-and-deserialisation-issues/
@WindowsHackingLibrary
Exploiting XXE Vulnerabilities in IIS/.NET
https://pen-testing.sans.org/blog/2017/12/08/entity-inception-exploiting-iis-net-with-xxe-vulnerabilities
@WindowsHackingLibrary
https://pen-testing.sans.org/blog/2017/12/08/entity-inception-exploiting-iis-net-with-xxe-vulnerabilities
@WindowsHackingLibrary
pen-testing.sans.org
SANS Penetration Testing | Exploiting XXE Vulnerabilities in IIS/.NET | SANS Institute
SANS Penetration Testing blog pertaining to Exploiting XXE Vulnerabilities in IIS/.NET
When "ASLR" Is Not Really ASLR - The Case of Incorrect Assumptions and Bad Defaults
https://insights.sei.cmu.edu/cert/2018/08/when-aslr-is-not-really-aslr---the-case-of-incorrect-assumptions-and-bad-defaults.html
@WindowsHackingLibrary
https://insights.sei.cmu.edu/cert/2018/08/when-aslr-is-not-really-aslr---the-case-of-incorrect-assumptions-and-bad-defaults.html
@WindowsHackingLibrary
SEI Blog
When
As a vulnerability analyst at the CERT Coordination Center, I am interested not only in software vulnerabilities themselves, but also exploits and exploit mitigations....
Capturing NetNTLM Hashes with Office [DOT] XML Documents
https://bohops.com/2018/08/04/capturing-netntlm-hashes-with-office-dot-xml-documents
@WindowsHackingLibrary
https://bohops.com/2018/08/04/capturing-netntlm-hashes-with-office-dot-xml-documents
@WindowsHackingLibrary
bohops
Capturing NetNTLM Hashes with Office [DOT] XML Documents
TL;DR An Office XML (.xml) document can call a remote XSL stylesheet over SMB. If this occurs against an attacker controlled server, the net-NTLM authentication hash (challenge/response) of t…
Copying Files via WMI and PowerShell
https://www.fortynorthsecurity.com/copying-files-via-wmi-and-powershell
@WindowsHackingLibrary
https://www.fortynorthsecurity.com/copying-files-via-wmi-and-powershell
@WindowsHackingLibrary
Using WinRM Through Meterpreter
https://www.trustedsec.com/2017/09/using-winrm-meterpreter
@WindowsHackingLibrary
https://www.trustedsec.com/2017/09/using-winrm-meterpreter
@WindowsHackingLibrary
TrustedSec
Cybersecurity Education from the Experts | TrustedSec Blog Posts
Learn more about how to safeguard your company through our educational blog posts on everything from updated tech to the newest scams infiltrating organizations today.