Clientside Exploitation - Tricks of the Trade 0x01 - Sharpshooter + SquibblyTwo
https://0x00sec.org/t/clientside-exploitation-tricks-of-the-trade-0x01-sharpshooter-squibblytwo/8178
@WindowsHackingLibrary
https://0x00sec.org/t/clientside-exploitation-tricks-of-the-trade-0x01-sharpshooter-squibblytwo/8178
@WindowsHackingLibrary
0x00sec - The Home of the Hacker
Clientside Exploitation - Tricks of the Trade 0x01 - Sharpshooter + SquibblyTwo
Clientside Exploitation - Tricks of the Trade 0x01 - Sharpshooter + SquibblyTwo Hi! I hope you’re well, today I am going to show you something that is common knowledge in the red teaming community, people use this kind of thing every day without thinking…
Task Scheduler ALPC exploit (unpatched) && PoC by SandboxEscaper
https://github.com/SandboxEscaper/randomrepo/blob/master/PoC-LPE.rar
@WindowsHackingLibrary
https://github.com/SandboxEscaper/randomrepo/blob/master/PoC-LPE.rar
@WindowsHackingLibrary
Remote NTLM relaying through meterpreter on Windows port 445
https://diablohorn.com/2018/08/25/remote-ntlm-relaying-through-meterpreter-on-windows-port-445
@WindowsHackingLibrary
https://diablohorn.com/2018/08/25/remote-ntlm-relaying-through-meterpreter-on-windows-port-445
@WindowsHackingLibrary
DiabloHorn
Remote NTLM relaying through meterpreter on Windows port 445
The hijacking of port 445 to perform relay attacks or hash capturing attacks has been a recurring topic for a while now. When you infect a target with meterpreter, how do you listen on port 445? A …
Microsoft.Workflow.Compiler.exe, Veil, and Cobalt Strike
https://www.fortynorthsecurity.com/microsoft-workflow-compiler-exe-veil-and-cobalt-strike
@WindowsHackingLibrary
https://www.fortynorthsecurity.com/microsoft-workflow-compiler-exe-veil-and-cobalt-strike
@WindowsHackingLibrary
Bypassing Workflows Protection Mechanisms - Remote Code Execution on SharePoint
https://www.nccgroup.trust/uk/our-research/technical-advisory-bypassing-workflows-protection-mechanisms-remote-code-execution-on-sharepoint
@WindowsHackingLibrary
https://www.nccgroup.trust/uk/our-research/technical-advisory-bypassing-workflows-protection-mechanisms-remote-code-execution-on-sharepoint
@WindowsHackingLibrary
Having Fun with ActiveX Controls in Microsoft Word
https://www.blackhillsinfosec.com/having-fun-with-activex-controls-in-microsoft-word
@WindowsHackingLibrary
https://www.blackhillsinfosec.com/having-fun-with-activex-controls-in-microsoft-word
@WindowsHackingLibrary
Black Hills Information Security
Having Fun with ActiveX Controls in Microsoft Word - Black Hills Information Security
Marcello Salvati// During Red Team and penetration tests, it’s always important and valuable to test assumptions. One major assumption I hear from Pentesters, Red teamers and clients alike is that […]
Invoke-AtomicTest - Automating MITRE ATT&CK with Atomic Red Team
http://subt0x11.blogspot.com/2018/08/invoke-atomictest-automating-mitre-att.html
@WindowsHackingLibrary
http://subt0x11.blogspot.com/2018/08/invoke-atomictest-automating-mitre-att.html
@WindowsHackingLibrary
AppLocker Bypass - CMSTP
https://pentestlab.blog/2018/05/10/applocker-bypass-cmstp
@WindowsHackingLibrary
https://pentestlab.blog/2018/05/10/applocker-bypass-cmstp
@WindowsHackingLibrary
Penetration Testing Lab
AppLocker Bypass – CMSTP
CMSTP is a binary which is associated with the Microsoft Connection Manager Profile Installer. It accepts INF files which can be weaponised with malicious commands in order to execute arbitrary cod…
Red Teaming Microsoft: Part 1 – Active Directory Leaks via Azure
https://www.blackhillsinfosec.com/red-teaming-microsoft-part-1-active-directory-leaks-via-azure
@WindowsHackingLibrary
https://www.blackhillsinfosec.com/red-teaming-microsoft-part-1-active-directory-leaks-via-azure
@WindowsHackingLibrary
Black Hills Information Security, Inc.
Red Teaming Microsoft: Part 1 - Active Directory Leaks via Azure - Black Hills Information Security, Inc.
Mike Felch // With so many Microsoft technologies, services, integrations, applications, and configurations it can create a great deal of difficulty just to manage everything. Now imagine trying to secure […]
Walk-through Mimikatz sekurlsa module
https://jetsecurity.github.io/post/mimikatz/walk-through_sekurlsa
@WindowsHackingLibrary
https://jetsecurity.github.io/post/mimikatz/walk-through_sekurlsa
@WindowsHackingLibrary
windows-privesc-check - Standalone Executable to Check for Simple Privilege Escalation Vectors on Windows Systems
https://github.com/pentestmonkey/windows-privesc-check
@FromZer0toHero
https://github.com/pentestmonkey/windows-privesc-check
@FromZer0toHero
GitHub
GitHub - pentestmonkey/windows-privesc-check: Standalone Executable to Check for Simple Privilege Escalation Vectors on Windows…
Standalone Executable to Check for Simple Privilege Escalation Vectors on Windows Systems - pentestmonkey/windows-privesc-check
Understanding how DLL Hijacking works
https://astr0baby.wordpress.com/2018/09/08/understanding-how-dll-hijacking-works
@WindowsHackingLibrary
https://astr0baby.wordpress.com/2018/09/08/understanding-how-dll-hijacking-works
@WindowsHackingLibrary
Astr0baby's not so random thoughts _____ rand() % 100;
Understanding how DLL Hijacking works
It is vital to understand how these vulnerabilities in fact work (DLL Hijacking from valid Windows PE32 executables) So we will prepare a real world scenario and will use an outdated piece of softw…
Playing with Relayed Credentials
https://www.coresecurity.com/blog/playing-relayed-credentials
@WindowsHackingLibrary
https://www.coresecurity.com/blog/playing-relayed-credentials
@WindowsHackingLibrary
Coresecurity
Advanced Pen-Testing Tricks: Building a Lure to Collect High Value Credentials
Here’s the scenario: You’ve compromised a system but it hasn’t been logged into recently by an administrator, so you’re quite disappointed by your Mimikatz results. You’ve got local system credentials but nothing that’s on the domain except the machine account.…
DDE Downloaders, Excel Abuse, and a PowerShell Backdoor
http://rinseandrepeatanalysis.blogspot.com/2018/09/dde-downloaders-excel-abuse-and.html
@WindowsHackingLibrary
http://rinseandrepeatanalysis.blogspot.com/2018/09/dde-downloaders-excel-abuse-and.html
@WindowsHackingLibrary
Blogspot
DDE Downloaders, Excel Abuse, and a PowerShell Backdoor
DDE or Dynamic Data Exchange is a Microsoft protocol used to transmit data/messages between applications. This sounds harmless and useful, b...
A detailed technical explanation of CVE-2018-8120
https://xiaodaozhi.com/exploit/156.html
@WindowsHackingLibrary
https://xiaodaozhi.com/exploit/156.html
@WindowsHackingLibrary
A PowerShell example of the Windows zero day priv esc
https://github.com/OneLogicalMyth/zeroday-powershell/blob/master/README.md
@WindowsHackingLibrary
https://github.com/OneLogicalMyth/zeroday-powershell/blob/master/README.md
@WindowsHackingLibrary
GitHub
zeroday-powershell/README.md at master · OneLogicalMyth/zeroday-powershell
A PowerShell example of the Windows zero day priv esc - zeroday-powershell/README.md at master · OneLogicalMyth/zeroday-powershell
You can't contain me! :: Analyzing and Exploiting an Elevation of Privilege Vulnerability in Docker for Windows
https://srcincite.io/blog/2018/08/31/you-cant-contain-me-analyzing-and-exploiting-an-elevation-of-privilege-in-docker-for-windows.html
@WindowsHackingLibrary
https://srcincite.io/blog/2018/08/31/you-cant-contain-me-analyzing-and-exploiting-an-elevation-of-privilege-in-docker-for-windows.html
@WindowsHackingLibrary
CVE-2018-8420 - Microsoft XML Core Services MSXML RCE through web browser PoC
https://github.com/Theropord/CVE-2018-8420
@WindowsHackingLibrary
https://github.com/Theropord/CVE-2018-8420
@WindowsHackingLibrary
Bypassing AppLocker Custom Rules
https://0x09al.github.io/security/applocker/bypass/custom/rules/windows/2018/09/13/applocker-custom-rules-bypass.html
@WindowsHackingLibrary
https://0x09al.github.io/security/applocker/bypass/custom/rules/windows/2018/09/13/applocker-custom-rules-bypass.html
@WindowsHackingLibrary
0x09AL Security blog
Bypassing AppLocker Custom Rules
Introduction Applocker is becoming one of the most implemented security features in big organizations. Implementing AppLocker reduces your risk dramatically especially for workstations. Unfortunately for the blue-team, there are a lot of custom configurations…
Exploiting STOPzilla AntiMalware Arbitrary Write Vulnerability using SeCreateTokenPrivilege
http://www.greyhathacker.net/?p=1025
@WindowsHackingLibrary
http://www.greyhathacker.net/?p=1025
@WindowsHackingLibrary