Arbitrary, Unsigned Code Execution Vector in Microsoft.Workflow.Compiler.exe
https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb
@WindowsHackingLibrary
https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb
@WindowsHackingLibrary
Medium
Arbitrary, Unsigned Code Execution Vector in Microsoft.Workflow.Compiler.exe
Bypass Technique Denoscription
Forwarded from Security Talks (Jonhnathan Jonhnathan Jonhnathan)
YouTube
SANS Webcast: PowerShell for PenTesting
Learn ethical hacking: www.sans.org/sec504
Presented by: Mick Douglas
Attendees of this talk will learn why attackers have latched on to PowerShell. Mick will discuss how bad guys use this built in OS component to dodge many defensive techniques.
Mick…
Presented by: Mick Douglas
Attendees of this talk will learn why attackers have latched on to PowerShell. Mick will discuss how bad guys use this built in OS component to dodge many defensive techniques.
Mick…
w0rk3r's Windows Hacking Library
Arbitrary, Unsigned Code Execution Vector in Microsoft.Workflow.Compiler.exe https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb @WindowsHackingLibrary
Microsoft.Workflow.Compiler.exe Mimikatz Runner.
https://gist.github.com/caseysmithrc/b1190e023cd29c1910c01a164675a22e
@WindowsHackingLibrary
https://gist.github.com/caseysmithrc/b1190e023cd29c1910c01a164675a22e
@WindowsHackingLibrary
List-RDP-Connections-History
Use powershell to list the RDP Connections History of logged-in users or all users
https://github.com/3gstudent/List-RDP-Connections-History
@WindowsHackingLibrary
Use powershell to list the RDP Connections History of logged-in users or all users
https://github.com/3gstudent/List-RDP-Connections-History
@WindowsHackingLibrary
GitHub
GitHub - 3gstudent/List-RDP-Connections-History: Use powershell to list the RDP Connections History of logged-in users or all users
Use powershell to list the RDP Connections History of logged-in users or all users - 3gstudent/List-RDP-Connections-History
Forwarded from Zer0 to her0 (Jonhnathan Jonhnathan Jonhnathan)
A Universal Windows Bootkit
An analysis of the MBR bootkit referred to as “HDRoot"
http://williamshowalter.com/a-universal-windows-bootkit
@FromZer0toHero
An analysis of the MBR bootkit referred to as “HDRoot"
http://williamshowalter.com/a-universal-windows-bootkit
@FromZer0toHero
William Showalter
A Universal Windows Bootkit
An analysis of the MBR bootkit referred to as “HDRoot”
.NET Deserialization To NTLM Hashes
https://www.digitalinterruption.com/single-post/2018/04/22/NET-Deserialization-to-NTLM-hashes
@WindowsHackingLibrary
https://www.digitalinterruption.com/single-post/2018/04/22/NET-Deserialization-to-NTLM-hashes
@WindowsHackingLibrary
Broadcast Name Resolution Poisoning / WPAD Attack Vector
https://p16.praetorian.com/blog/broadcast-name-resolution-poisoning-wpad-attack-vector
@WindowsHackingLibrary
https://p16.praetorian.com/blog/broadcast-name-resolution-poisoning-wpad-attack-vector
@WindowsHackingLibrary
Python tool to inject fake updates into unencrypted WSUS traffic
https://github.com/pdjstone/wsuspect-proxy
@WindowsHackingLibrary
https://github.com/pdjstone/wsuspect-proxy
@WindowsHackingLibrary
GitHub
GitHub - pdjstone/wsuspect-proxy: Python tool to inject fake updates into unencrypted WSUS traffic
Python tool to inject fake updates into unencrypted WSUS traffic - pdjstone/wsuspect-proxy
Remotely Modify Anti-Virus Configurations
https://www.fortynorthsecurity.com/remotely-modify-anti-virus-configurations
@WindowsHackingLibrary
https://www.fortynorthsecurity.com/remotely-modify-anti-virus-configurations
@WindowsHackingLibrary
FortyNorth Security Blog
Remotely Modify Anti-Virus Configurations
Last week, we covered how to enumerate anti-virus configurations on remote systems. The information that you could gather would allow you to create a much more targeted attack against any system you are targeting. The natural next questions might be: What…
Making The Perfect Injector: Abusing Windows Address Sanitization And CoW
https://blog.can.ac/2018/05/02/making-the-perfect-injector-abusing-windows-address-sanitization-and-cow
@WindowsHackingLibrary
https://blog.can.ac/2018/05/02/making-the-perfect-injector-abusing-windows-address-sanitization-and-cow
@WindowsHackingLibrary
Leaking Environment Variables in Windows Explorer via .URL or desktop.ini files
https://insert-noscript.blogspot.com/2018/08/leaking-environment-variables-in_20.html
@WindowsHackingLibrary
https://insert-noscript.blogspot.com/2018/08/leaking-environment-variables-in_20.html
@WindowsHackingLibrary
Blogspot
Leaking Environment Variables in Windows Explorer via .URL or desktop.ini files
I recently discovered an interesting behavior how explorer.exe handles defined icon resources for certain file types IconFile property ...
Extracting SSH Private Keys from Windows 10 ssh-agent
https://blog.ropnop.com/extracting-ssh-private-keys-from-windows-10-ssh-agent
@WindowsHackingLibrary
https://blog.ropnop.com/extracting-ssh-private-keys-from-windows-10-ssh-agent
@WindowsHackingLibrary
ropnop blog
Extracting SSH Private Keys From Windows 10 ssh-agent
The newest Windows 10 update includes OpenSSH utilities, including ssh-agent. Here’s how to extract unencrypted saved private keys from the registry
Top Five Ways I Got Domain Admin on Your Internal Network before Lunch (2018 Edition)
https://medium.com/@adam.toscher/top-five-ways-i-got-domain-admin-on-your-internal-network-before-lunch-2018-edition-82259ab73aaa
@WindowsHackingLibrary
https://medium.com/@adam.toscher/top-five-ways-i-got-domain-admin-on-your-internal-network-before-lunch-2018-edition-82259ab73aaa
@WindowsHackingLibrary
Medium
Top Five Ways I Got Domain Admin on Your Internal Network before Lunch (2018 Edition)
Yes it’s still easy to get Domain Admin “before lunch” as it was when I first started.
CVE-2018-0952: Privilege Escalation Vulnerability in Windows Standard Collector Service
https://www.atredis.com/blog/cve-2018-0952-privilege-escalation-vulnerability-in-windows-standard-collector-service
@WindowsHackingLibrary
https://www.atredis.com/blog/cve-2018-0952-privilege-escalation-vulnerability-in-windows-standard-collector-service
@WindowsHackingLibrary
Atredis Partners
CVE-2018-0952: Privilege Escalation Vulnerability in Windows Standard Collector Service — Atredis Partners
In this write-up, Ryan Hanson describes his process for identifying and exploiting CVE-2018-0952, an arbitrary file creation vulnerability in the Windows Diagnostics Hub Standard Collector service, allowing for elevation of privileges.
Operational Guidance for Offensive User DPAPI Abuse
https://posts.specterops.io/operational-guidance-for-offensive-user-dpapi-abuse-1fb7fac8b107
@WindowsHackingLibrary
https://posts.specterops.io/operational-guidance-for-offensive-user-dpapi-abuse-1fb7fac8b107
@WindowsHackingLibrary
Medium
Operational Guidance for Offensive User DPAPI Abuse
I’ve spoken about DPAPI (the Data Protection Application Programming Interface) a bit before, including how KeePass uses DPAPI for its “Windows User Account” key option. I recently dove into some of…
Kerberoasting and SharpRoast output parsing!
https://grumpy-sec.blogspot.com/2018/08/kerberoasting-and-sharproast-output.html
@WindowsHackingLibrary
https://grumpy-sec.blogspot.com/2018/08/kerberoasting-and-sharproast-output.html
@WindowsHackingLibrary
Blogspot
Kerberoasting and SharpRoast output parsing!
Hey everyone, so harmj0y released a bunch of cool C# tools about a month ago here: https://www.harmj0y.net/blog/redteaming/ghostpack/ . ...
whitelist_bypass_server
This module is designed to be a platform to test an endpoints application whitelisting effectiveness by providing bypasses to solutions such as software restriction policies and applocker.
https://github.com/rapid7/metasploit-framework/pull/8783
@WindowsHackingLibrary
This module is designed to be a platform to test an endpoints application whitelisting effectiveness by providing bypasses to solutions such as software restriction policies and applocker.
https://github.com/rapid7/metasploit-framework/pull/8783
@WindowsHackingLibrary
GitHub
Add whitelist_bypass_server module by NickTyrer · Pull Request #8783 · rapid7/metasploit-framework
Intro
This module is designed to be a platform to test an endpoints application whitelisting effectiveness by providing bypasses to solutions such as software restriction policies and applocker.
T...
This module is designed to be a platform to test an endpoints application whitelisting effectiveness by providing bypasses to solutions such as software restriction policies and applocker.
T...
Clientside Exploitation - Tricks of the Trade 0x01 - Sharpshooter + SquibblyTwo
https://0x00sec.org/t/clientside-exploitation-tricks-of-the-trade-0x01-sharpshooter-squibblytwo/8178
@WindowsHackingLibrary
https://0x00sec.org/t/clientside-exploitation-tricks-of-the-trade-0x01-sharpshooter-squibblytwo/8178
@WindowsHackingLibrary
0x00sec - The Home of the Hacker
Clientside Exploitation - Tricks of the Trade 0x01 - Sharpshooter + SquibblyTwo
Clientside Exploitation - Tricks of the Trade 0x01 - Sharpshooter + SquibblyTwo Hi! I hope you’re well, today I am going to show you something that is common knowledge in the red teaming community, people use this kind of thing every day without thinking…
Task Scheduler ALPC exploit (unpatched) && PoC by SandboxEscaper
https://github.com/SandboxEscaper/randomrepo/blob/master/PoC-LPE.rar
@WindowsHackingLibrary
https://github.com/SandboxEscaper/randomrepo/blob/master/PoC-LPE.rar
@WindowsHackingLibrary
Remote NTLM relaying through meterpreter on Windows port 445
https://diablohorn.com/2018/08/25/remote-ntlm-relaying-through-meterpreter-on-windows-port-445
@WindowsHackingLibrary
https://diablohorn.com/2018/08/25/remote-ntlm-relaying-through-meterpreter-on-windows-port-445
@WindowsHackingLibrary
DiabloHorn
Remote NTLM relaying through meterpreter on Windows port 445
The hijacking of port 445 to perform relay attacks or hash capturing attacks has been a recurring topic for a while now. When you infect a target with meterpreter, how do you listen on port 445? A …
Microsoft.Workflow.Compiler.exe, Veil, and Cobalt Strike
https://www.fortynorthsecurity.com/microsoft-workflow-compiler-exe-veil-and-cobalt-strike
@WindowsHackingLibrary
https://www.fortynorthsecurity.com/microsoft-workflow-compiler-exe-veil-and-cobalt-strike
@WindowsHackingLibrary