L1TF (Foreshadow) VM guest to host memory read PoC - gregvish/l1tf-poc

SharpBox is a C# tool for compressing, encrypting, and exfiltrating data to DropBox using the DropBox API. - GitHub - P1CKLES/SharpBox: SharpBox is a C# tool for compressing, encrypting, and exfil...

Kekeo, the other big project from Benjamin Delpy after Mimikatz, is an awesome code base with a set of great features. As Benjamin states, it’s external to the Mimikatz codebase because, “I hate to…

New Tokenvator release! Now with more token privilege manipulation, new named pipe token attacks, and File System Minifilter manipulation. Details in the latest blog post: https://blog.netspi.com/tokenvator-release-2

proof-of-concept Windows Driver for injecting DLL into user-mode processes using APC - wbenny/injdrv

Hey all, In the previous post we discussed using Responder with Snarf, this post will be doing the same but through a pivot.  To pivot in we’ll be using Simpletun and a layer 2 pivoting clien…

Systeminfo gives you a perfect overview of your system. But what about the other systems in your domain? Sure, you can use 3rd Party Tools or SCCM. But the number of those who can´t use enterprise …

“Backup Operators” group is an historical Windows built in group. It was designed to allow its members to perform backup and restore operations by granting the SeBackupPrivilege and the…

At DerbyCon 8 (2018) over the weekend Will Schroeder (@Harmj0y), Lee Christensen (@Tifkin_), & Matt Nelson (@enigma0x3), spoke about the unintended risks of trusting AD. They cover a number of interesting persistence and privilege escalation methods, though…

Introduction extremely a splendid Invoke-Confusion is collections of modules Powershell inclusive some researches the modern between them .NET Reflection. Assembly, however, It contains aspects of …

Now that we understand the basics of the DCShadow feature, let’s look at some ways in which attackers can leverage DCShadow in a real world attack scenario.  As we learned, DCShadow requires elevated rights such as Domain Admin, so you can assume an attacker…

Introduction Microsoft Patches for October 2018 included a total of 49 security patches. There were many interesting ones including kernel privilege escalation as well as critical ones which could lead […]

A tool to elevate privilege with Windows Tokens. Contribute to 0xbadjuju/Tokenvator development by creating an account on GitHub.

serviceFu
In a recent assessment our team found itself in a somewhat new situation that resulted in a useful tool we wanted to share with the community. The assessment started with us gaining initial access into a customer's network. This particular customer…

Sysmon is a tool written by Mark Russinovich that I have covered in multiple blog post and even wrote a PowerShell module called Posh-Sysmon to help with the generation of configuration files for it. Its main purpose is for the tracking of potentially malicious…

Persisting in the Windows registry "invisibly". Contribute to ewhitehats/InvisiblePersistence development by creating an account on GitHub.