List-RDP-Connections-History
Use powershell to list the RDP Connections History of logged-in users or all users
https://github.com/3gstudent/List-RDP-Connections-History
@WindowsHackingLibrary
Use powershell to list the RDP Connections History of logged-in users or all users
https://github.com/3gstudent/List-RDP-Connections-History
@WindowsHackingLibrary
GitHub
GitHub - 3gstudent/List-RDP-Connections-History: Use powershell to list the RDP Connections History of logged-in users or all users
Use powershell to list the RDP Connections History of logged-in users or all users - 3gstudent/List-RDP-Connections-History
Forwarded from Zer0 to her0 (Jonhnathan Jonhnathan Jonhnathan)
A Universal Windows Bootkit
An analysis of the MBR bootkit referred to as “HDRoot"
http://williamshowalter.com/a-universal-windows-bootkit
@FromZer0toHero
An analysis of the MBR bootkit referred to as “HDRoot"
http://williamshowalter.com/a-universal-windows-bootkit
@FromZer0toHero
William Showalter
A Universal Windows Bootkit
An analysis of the MBR bootkit referred to as “HDRoot”
.NET Deserialization To NTLM Hashes
https://www.digitalinterruption.com/single-post/2018/04/22/NET-Deserialization-to-NTLM-hashes
@WindowsHackingLibrary
https://www.digitalinterruption.com/single-post/2018/04/22/NET-Deserialization-to-NTLM-hashes
@WindowsHackingLibrary
Broadcast Name Resolution Poisoning / WPAD Attack Vector
https://p16.praetorian.com/blog/broadcast-name-resolution-poisoning-wpad-attack-vector
@WindowsHackingLibrary
https://p16.praetorian.com/blog/broadcast-name-resolution-poisoning-wpad-attack-vector
@WindowsHackingLibrary
Python tool to inject fake updates into unencrypted WSUS traffic
https://github.com/pdjstone/wsuspect-proxy
@WindowsHackingLibrary
https://github.com/pdjstone/wsuspect-proxy
@WindowsHackingLibrary
GitHub
GitHub - pdjstone/wsuspect-proxy: Python tool to inject fake updates into unencrypted WSUS traffic
Python tool to inject fake updates into unencrypted WSUS traffic - pdjstone/wsuspect-proxy
Remotely Modify Anti-Virus Configurations
https://www.fortynorthsecurity.com/remotely-modify-anti-virus-configurations
@WindowsHackingLibrary
https://www.fortynorthsecurity.com/remotely-modify-anti-virus-configurations
@WindowsHackingLibrary
FortyNorth Security Blog
Remotely Modify Anti-Virus Configurations
Last week, we covered how to enumerate anti-virus configurations on remote systems. The information that you could gather would allow you to create a much more targeted attack against any system you are targeting. The natural next questions might be: What…
Making The Perfect Injector: Abusing Windows Address Sanitization And CoW
https://blog.can.ac/2018/05/02/making-the-perfect-injector-abusing-windows-address-sanitization-and-cow
@WindowsHackingLibrary
https://blog.can.ac/2018/05/02/making-the-perfect-injector-abusing-windows-address-sanitization-and-cow
@WindowsHackingLibrary
Leaking Environment Variables in Windows Explorer via .URL or desktop.ini files
https://insert-noscript.blogspot.com/2018/08/leaking-environment-variables-in_20.html
@WindowsHackingLibrary
https://insert-noscript.blogspot.com/2018/08/leaking-environment-variables-in_20.html
@WindowsHackingLibrary
Blogspot
Leaking Environment Variables in Windows Explorer via .URL or desktop.ini files
I recently discovered an interesting behavior how explorer.exe handles defined icon resources for certain file types IconFile property ...
Extracting SSH Private Keys from Windows 10 ssh-agent
https://blog.ropnop.com/extracting-ssh-private-keys-from-windows-10-ssh-agent
@WindowsHackingLibrary
https://blog.ropnop.com/extracting-ssh-private-keys-from-windows-10-ssh-agent
@WindowsHackingLibrary
ropnop blog
Extracting SSH Private Keys From Windows 10 ssh-agent
The newest Windows 10 update includes OpenSSH utilities, including ssh-agent. Here’s how to extract unencrypted saved private keys from the registry
Top Five Ways I Got Domain Admin on Your Internal Network before Lunch (2018 Edition)
https://medium.com/@adam.toscher/top-five-ways-i-got-domain-admin-on-your-internal-network-before-lunch-2018-edition-82259ab73aaa
@WindowsHackingLibrary
https://medium.com/@adam.toscher/top-five-ways-i-got-domain-admin-on-your-internal-network-before-lunch-2018-edition-82259ab73aaa
@WindowsHackingLibrary
Medium
Top Five Ways I Got Domain Admin on Your Internal Network before Lunch (2018 Edition)
Yes it’s still easy to get Domain Admin “before lunch” as it was when I first started.
CVE-2018-0952: Privilege Escalation Vulnerability in Windows Standard Collector Service
https://www.atredis.com/blog/cve-2018-0952-privilege-escalation-vulnerability-in-windows-standard-collector-service
@WindowsHackingLibrary
https://www.atredis.com/blog/cve-2018-0952-privilege-escalation-vulnerability-in-windows-standard-collector-service
@WindowsHackingLibrary
Atredis Partners
CVE-2018-0952: Privilege Escalation Vulnerability in Windows Standard Collector Service — Atredis Partners
In this write-up, Ryan Hanson describes his process for identifying and exploiting CVE-2018-0952, an arbitrary file creation vulnerability in the Windows Diagnostics Hub Standard Collector service, allowing for elevation of privileges.
Operational Guidance for Offensive User DPAPI Abuse
https://posts.specterops.io/operational-guidance-for-offensive-user-dpapi-abuse-1fb7fac8b107
@WindowsHackingLibrary
https://posts.specterops.io/operational-guidance-for-offensive-user-dpapi-abuse-1fb7fac8b107
@WindowsHackingLibrary
Medium
Operational Guidance for Offensive User DPAPI Abuse
I’ve spoken about DPAPI (the Data Protection Application Programming Interface) a bit before, including how KeePass uses DPAPI for its “Windows User Account” key option. I recently dove into some of…
Kerberoasting and SharpRoast output parsing!
https://grumpy-sec.blogspot.com/2018/08/kerberoasting-and-sharproast-output.html
@WindowsHackingLibrary
https://grumpy-sec.blogspot.com/2018/08/kerberoasting-and-sharproast-output.html
@WindowsHackingLibrary
Blogspot
Kerberoasting and SharpRoast output parsing!
Hey everyone, so harmj0y released a bunch of cool C# tools about a month ago here: https://www.harmj0y.net/blog/redteaming/ghostpack/ . ...
whitelist_bypass_server
This module is designed to be a platform to test an endpoints application whitelisting effectiveness by providing bypasses to solutions such as software restriction policies and applocker.
https://github.com/rapid7/metasploit-framework/pull/8783
@WindowsHackingLibrary
This module is designed to be a platform to test an endpoints application whitelisting effectiveness by providing bypasses to solutions such as software restriction policies and applocker.
https://github.com/rapid7/metasploit-framework/pull/8783
@WindowsHackingLibrary
GitHub
Add whitelist_bypass_server module by NickTyrer · Pull Request #8783 · rapid7/metasploit-framework
Intro
This module is designed to be a platform to test an endpoints application whitelisting effectiveness by providing bypasses to solutions such as software restriction policies and applocker.
T...
This module is designed to be a platform to test an endpoints application whitelisting effectiveness by providing bypasses to solutions such as software restriction policies and applocker.
T...
Clientside Exploitation - Tricks of the Trade 0x01 - Sharpshooter + SquibblyTwo
https://0x00sec.org/t/clientside-exploitation-tricks-of-the-trade-0x01-sharpshooter-squibblytwo/8178
@WindowsHackingLibrary
https://0x00sec.org/t/clientside-exploitation-tricks-of-the-trade-0x01-sharpshooter-squibblytwo/8178
@WindowsHackingLibrary
0x00sec - The Home of the Hacker
Clientside Exploitation - Tricks of the Trade 0x01 - Sharpshooter + SquibblyTwo
Clientside Exploitation - Tricks of the Trade 0x01 - Sharpshooter + SquibblyTwo Hi! I hope you’re well, today I am going to show you something that is common knowledge in the red teaming community, people use this kind of thing every day without thinking…
Task Scheduler ALPC exploit (unpatched) && PoC by SandboxEscaper
https://github.com/SandboxEscaper/randomrepo/blob/master/PoC-LPE.rar
@WindowsHackingLibrary
https://github.com/SandboxEscaper/randomrepo/blob/master/PoC-LPE.rar
@WindowsHackingLibrary
Remote NTLM relaying through meterpreter on Windows port 445
https://diablohorn.com/2018/08/25/remote-ntlm-relaying-through-meterpreter-on-windows-port-445
@WindowsHackingLibrary
https://diablohorn.com/2018/08/25/remote-ntlm-relaying-through-meterpreter-on-windows-port-445
@WindowsHackingLibrary
DiabloHorn
Remote NTLM relaying through meterpreter on Windows port 445
The hijacking of port 445 to perform relay attacks or hash capturing attacks has been a recurring topic for a while now. When you infect a target with meterpreter, how do you listen on port 445? A …
Microsoft.Workflow.Compiler.exe, Veil, and Cobalt Strike
https://www.fortynorthsecurity.com/microsoft-workflow-compiler-exe-veil-and-cobalt-strike
@WindowsHackingLibrary
https://www.fortynorthsecurity.com/microsoft-workflow-compiler-exe-veil-and-cobalt-strike
@WindowsHackingLibrary
Bypassing Workflows Protection Mechanisms - Remote Code Execution on SharePoint
https://www.nccgroup.trust/uk/our-research/technical-advisory-bypassing-workflows-protection-mechanisms-remote-code-execution-on-sharepoint
@WindowsHackingLibrary
https://www.nccgroup.trust/uk/our-research/technical-advisory-bypassing-workflows-protection-mechanisms-remote-code-execution-on-sharepoint
@WindowsHackingLibrary
Having Fun with ActiveX Controls in Microsoft Word
https://www.blackhillsinfosec.com/having-fun-with-activex-controls-in-microsoft-word
@WindowsHackingLibrary
https://www.blackhillsinfosec.com/having-fun-with-activex-controls-in-microsoft-word
@WindowsHackingLibrary
Black Hills Information Security
Having Fun with ActiveX Controls in Microsoft Word - Black Hills Information Security
Marcello Salvati// During Red Team and penetration tests, it’s always important and valuable to test assumptions. One major assumption I hear from Pentesters, Red teamers and clients alike is that […]
Invoke-AtomicTest - Automating MITRE ATT&CK with Atomic Red Team
http://subt0x11.blogspot.com/2018/08/invoke-atomictest-automating-mitre-att.html
@WindowsHackingLibrary
http://subt0x11.blogspot.com/2018/08/invoke-atomictest-automating-mitre-att.html
@WindowsHackingLibrary