Golden Ticket Attack Execution Against AD-Integrated SSO providers
https://www.fractalindustries.com/newsroom/blog/gt-attacks-and-sso
@WindowsHackingLibrary
https://www.fractalindustries.com/newsroom/blog/gt-attacks-and-sso
@WindowsHackingLibrary
Fractalindustries
GT Attacks and SSO - Fractal Industries
Cloud and SaaS offerings have accelerated the need to understand Golden Ticket Attacks and Single Sign-On issues, as well as the ways to quickly solve these problems at scale
BloodHound 2.0 released!
https://github.com/BloodHoundAD/BloodHound/releases/tag/2.0
@WindowsHackingLibrary
https://github.com/BloodHoundAD/BloodHound/releases/tag/2.0
@WindowsHackingLibrary
GitHub
Release BloodHound 2.0 · BloodHoundAD/BloodHound
This is a major feature release for BloodHound, introducing several new features, optimizations, and bugfixes. For a full changelog, see the blog post at https://blog.cptjesus.com/posts/bloodhound2...
Windows Privilege Escalation Fundamentals
http://www.fuzzysecurity.com/tutorials/16.html
@WindowsHackingLibrary
http://www.fuzzysecurity.com/tutorials/16.html
@WindowsHackingLibrary
Disabling AMSI in JScript with One Simple Trick
https://tyranidslair.blogspot.com/2018/06/disabling-amsi-in-jnoscript-with-one.html
@WindowsHackingLibrary
https://tyranidslair.blogspot.com/2018/06/disabling-amsi-in-jnoscript-with-one.html
@WindowsHackingLibrary
www.tiraniddo.dev
Disabling AMSI in JScript with One Simple Trick
This blog contains a very quick and dirty way to disable AMSI in the context of Windows Scripting Host which doesn't require admin privilege...
Unstoppable Service:
A pattern for a self-installing Windows service in C# with the unstoppable attributes in C#.
https://github.com/malcomvetter/UnstoppableService
@WindowsHackingLibrary
A pattern for a self-installing Windows service in C# with the unstoppable attributes in C#.
https://github.com/malcomvetter/UnstoppableService
@WindowsHackingLibrary
GitHub
GitHub - malcomvetter/UnstoppableService: A pattern for a self-installing Windows service in C# with the unstoppable attributes…
A pattern for a self-installing Windows service in C# with the unstoppable attributes in C#. - malcomvetter/UnstoppableService
Driver loader for bypassing Windows x64 Driver Signature Enforcement
https://github.com/hfiref0x/TDL
@WindowsHackingLibrary
https://github.com/hfiref0x/TDL
@WindowsHackingLibrary
GitHub
GitHub - hfiref0x/TDL: Driver loader for bypassing Windows x64 Driver Signature Enforcement
Driver loader for bypassing Windows x64 Driver Signature Enforcement - hfiref0x/TDL
Subverting Sysmon:
Application of a Formalized Security Product Evasion Methodology
Code:
https://github.com/mattifestation/BHUSA2018_Sysmon/tree/master/Code
Slides:
https://github.com/mattifestation/BHUSA2018_Sysmon/blob/master/Slides_Subverting_Sysmon.pdf
Whitepaper:
https://github.com/mattifestation/BHUSA2018_Sysmon/blob/master/Whitepaper_Subverting_Sysmon.pdf
@WindowsHackingLibrary
Application of a Formalized Security Product Evasion Methodology
Code:
https://github.com/mattifestation/BHUSA2018_Sysmon/tree/master/Code
Slides:
https://github.com/mattifestation/BHUSA2018_Sysmon/blob/master/Slides_Subverting_Sysmon.pdf
Whitepaper:
https://github.com/mattifestation/BHUSA2018_Sysmon/blob/master/Whitepaper_Subverting_Sysmon.pdf
@WindowsHackingLibrary
GitHub
BHUSA2018_Sysmon/Code at master · mattifestation/BHUSA2018_Sysmon
All materials from our Black Hat 2018 "Subverting Sysmon" talk - mattifestation/BHUSA2018_Sysmon
SMBetray: Backdooring and Breaking Signatures
https://quickbreach.io/2018/08/12/smbetray-backdooring-and-breaking-signatures
https://github.com/QuickBreach/SMBetray.git
@WindowsHackingLibrary
https://quickbreach.io/2018/08/12/smbetray-backdooring-and-breaking-signatures
https://github.com/QuickBreach/SMBetray.git
@WindowsHackingLibrary
ADRecon: Active Directory Recon Blackhat Arsenal 2018
https://www.slideshare.net/mobile/prashant3535/adrecon-bh-usa-2018-arsenal-and-def-con-26-demo-labs-presentation
https://github.com/sense-of-security/adrecon
@WindowsHackingLibrary
https://www.slideshare.net/mobile/prashant3535/adrecon-bh-usa-2018-arsenal-and-def-con-26-demo-labs-presentation
https://github.com/sense-of-security/adrecon
@WindowsHackingLibrary
www.slideshare.net
ADRecon BH USA 2018 : Arsenal and DEF CON 26 Demo Labs Presentation
Demo of ADRecon presented on 08th and 12th August at BlackHat USA 2018 Arsenal and DEF CON 26 Demo Labs. https://www.blackhat.com/us-18/arsenal/schedule/index.…
Ps1jacker:
A tool for generating COM Hijacking payload.
https://github.com/darkw1z/Ps1jacker
@WindowsHackingLibrary
A tool for generating COM Hijacking payload.
https://github.com/darkw1z/Ps1jacker
@WindowsHackingLibrary
GitHub
GitHub - cybercitizen7/Ps1jacker: Ps1jacker is a tool for generating COM Hijacking payload.
Ps1jacker is a tool for generating COM Hijacking payload. - GitHub - cybercitizen7/Ps1jacker: Ps1jacker is a tool for generating COM Hijacking payload.
DEF CON 26 (2018) – Exploiting Active Directory Administrator Insecurities
https://adsecurity.org/wp-content/uploads/2018/08/2018-DEFCON-ExploitingADAdministratorInsecurities-Metcalf.pdf
@WindowsHackingLibrary
https://adsecurity.org/wp-content/uploads/2018/08/2018-DEFCON-ExploitingADAdministratorInsecurities-Metcalf.pdf
@WindowsHackingLibrary
From Workstation to Domain Admin: Why Secure Administration isn’t Secure and How to Fix it
https://adsecurity.org/wp-content/uploads/2018/08/us-18-Metcalf-From-Workstation-To-Domain-Admin-Why-Secure-Administration-Isnt-Secure-Final.pdf
@WindowsHackingLibrary
https://adsecurity.org/wp-content/uploads/2018/08/us-18-Metcalf-From-Workstation-To-Domain-Admin-Why-Secure-Administration-Isnt-Secure-Final.pdf
@WindowsHackingLibrary
Tools for instrumenting Windows Defender's mpengine.dll
https://github.com/0xAlexei/WindowsDefenderTools
@WindowsHackingLibrary
https://github.com/0xAlexei/WindowsDefenderTools
@WindowsHackingLibrary
GitHub
GitHub - 0xAlexei/WindowsDefenderTools: Tools for instrumenting Windows Defender's mpengine.dll
Tools for instrumenting Windows Defender's mpengine.dll - 0xAlexei/WindowsDefenderTools
Art of Anti Detection 1 – Introduction to AV & Detection Techniques
https://pentest.blog/art-of-anti-detection-1-introduction-to-av-detection-techniques
@WindowsHackingLibrary
https://pentest.blog/art-of-anti-detection-1-introduction-to-av-detection-techniques
@WindowsHackingLibrary
Ridrelay: Enumerate usernames on a domain where you have no creds by using SMB Relay with low priv.
https://github.com/skorov/ridrelay
@WindowsHackingLibrary
https://github.com/skorov/ridrelay
@WindowsHackingLibrary
GitHub
GitHub - skorov/ridrelay: Enumerate usernames on a domain where you have no creds by using SMB Relay with low priv.
Enumerate usernames on a domain where you have no creds by using SMB Relay with low priv. - skorov/ridrelay
Remotely Enumerate Anti-Virus Configurations
https://www.fortynorthsecurity.com/remotely-enumerate-anti-virus-configurations
@WindowsHackingLibrary
https://www.fortynorthsecurity.com/remotely-enumerate-anti-virus-configurations
@WindowsHackingLibrary
FortyNorth Security Blog
Remotely Enumerate Anti-Virus Configurations
There are a variety of reasons why a pen tester would want to obtain the anti-virus configurations of the system they are targeting. The ability to capture this information remotely can allow a pen tester to customize their actions for the computer they are…
Juicy Potato (abusing the golden privileges)
https://decoder.cloud/2018/08/10/juicy-potato
@WindowsHackingLibrary
https://decoder.cloud/2018/08/10/juicy-potato
@WindowsHackingLibrary
Decoder's Blog
Juicy Potato (abusing the golden privileges)
Today me and my partner in crime Giuseppe, are releasing our small research with Windows impersonate privileges. The result is a tool named “Juicy Potato”, which is a kind of sequel of …
w0rk3r's Windows Hacking Library
Juicy Potato (abusing the golden privileges) https://decoder.cloud/2018/08/10/juicy-potato @WindowsHackingLibrary
Juicy Potato (abusing the golden privileges)
https://ohpe.github.io/juicy-potato
@WindowsHackingLibrary
https://ohpe.github.io/juicy-potato
@WindowsHackingLibrary
juicy-potato
Juicy Potato (abusing the golden privileges)
A sugared version of RottenPotatoNG, with a bit of juice, i.e. another Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY\SYSTEM.
Koadic C3 COM Command & Control - JScript RAT
https://github.com/zerosum0x0/koadic
@WindowsHackingLibrary
https://github.com/zerosum0x0/koadic
@WindowsHackingLibrary