Creating Persistence with DCShadow
https://blog.stealthbits.com/creating-persistence-with-dcshadow
@WindowsHackingLibrary
https://blog.stealthbits.com/creating-persistence-with-dcshadow
@WindowsHackingLibrary
Insider Threat Security Blog
Creating Persistence with DCShadow | Insider Threat Security Blog
Now that we understand the basics of the DCShadow feature, let’s look at some ways in which attackers can leverage DCShadow in a real world attack scenario. As we learned, DCShadow requires elevated rights such as Domain Admin, so you can assume an attacker…
Time Travel Debugging: finding Windows GDI flaws
https://www.pentestpartners.com/security-blog/time-travel-debugging-finding-windows-gdi-flaws
@WindowsHackingLibrary
https://www.pentestpartners.com/security-blog/time-travel-debugging-finding-windows-gdi-flaws
@WindowsHackingLibrary
Pentestpartners
Time Travel Debugging: finding Windows GDI flaws | Pen Test Partners
Introduction Microsoft Patches for October 2018 included a total of 49 security patches. There were many interesting ones including kernel privilege escalation as well as critical ones which could lead […]
Malicious use of Microsoft “Local Administrator Password Solution”
http://archive.hack.lu/2017/HackLU_2017_Malicious_use_LAPS_Clementz_Goichot.pdf
@WindowsHackingLibrary
http://archive.hack.lu/2017/HackLU_2017_Malicious_use_LAPS_Clementz_Goichot.pdf
@WindowsHackingLibrary
ServiceFu: Harvesting Service Account Credentials Remotely
https://www.securifera.com/blog/2018/10/07/servicefu
@WindowsHackingLibrary
https://www.securifera.com/blog/2018/10/07/servicefu
@WindowsHackingLibrary
Securifera
serviceFu
serviceFu
In a recent assessment our team found itself in a somewhat new situation that resulted in a useful tool we wanted to share with the community. The assessment started with us gaining initial access into a customer's network. This particular customer…
In a recent assessment our team found itself in a somewhat new situation that resulted in a useful tool we wanted to share with the community. The assessment started with us gaining initial access into a customer's network. This particular customer…
Operating Offensively Against Sysmon
https://www.darkoperator.com/blog/2018/10/5/operating-offensively-against-sysmon
@WindowsHackingLibrary
https://www.darkoperator.com/blog/2018/10/5/operating-offensively-against-sysmon
@WindowsHackingLibrary
Shell is Only the Beginning
Operating Offensively Against Sysmon
Sysmon is a tool written by Mark Russinovich that I have covered in multiple blog post and even wrote a PowerShell module called Posh-Sysmon to help with the generation of configuration files for it. Its main purpose is for the tracking of potentially malicious…
Forwarded from Security papers (Jonhnathan Jonhnathan Jonhnathan)
Exploiting Regedit: Invisible Persistence & Binary Storage
https://github.com/ewhitehats/InvisiblePersistence/blob/master/InvisibleRegValues_Whitepaper.pdf
@CyberWhitePapers
https://github.com/ewhitehats/InvisiblePersistence/blob/master/InvisibleRegValues_Whitepaper.pdf
@CyberWhitePapers
GitHub
InvisiblePersistence/InvisibleRegValues_Whitepaper.pdf at master · ewhitehats/InvisiblePersistence
Persisting in the Windows registry "invisibly". Contribute to ewhitehats/InvisiblePersistence development by creating an account on GitHub.
Security papers
Exploiting Regedit: Invisible Persistence & Binary Storage https://github.com/ewhitehats/InvisiblePersistence/blob/master/InvisibleRegValues_Whitepaper.pdf @CyberWhitePapers
GitHub
InvisiblePersistence/InvisibleKeys at master · ewhitehats/InvisiblePersistence
Persisting in the Windows registry "invisibly". Contribute to ewhitehats/InvisiblePersistence development by creating an account on GitHub.
Forwarded from Security Talks (Jonhnathan Jonhnathan Jonhnathan)
YouTube
Stable 34 Attacking Azure Environments with PowerShell Karl Fosaaen
These are the videos from Derbycon 2018:
http://www.irongeek.com/i.php?page=videos/derbycon8/mainlist
Patreon:
https://www.patreon.com/irongeek
http://www.irongeek.com/i.php?page=videos/derbycon8/mainlist
Patreon:
https://www.patreon.com/irongeek
Security Talks
Attacking Azure Environments with PowerShell https://youtu.be/IdORwgxDpkw @SecTalks
MicroBurst: A collection of noscripts for assessing Microsoft Azure security
https://github.com/NetSPI/MicroBurst
@WindowsHackingLibrary
https://github.com/NetSPI/MicroBurst
@WindowsHackingLibrary
GitHub
GitHub - NetSPI/MicroBurst: A collection of noscripts for assessing Microsoft Azure security
A collection of noscripts for assessing Microsoft Azure security - NetSPI/MicroBurst
Forwarded from Security Talks (Jonhnathan Jonhnathan Jonhnathan)
Icebreaker.py: Gaining a foothold in Active Directory in one command
Dan McInerney at SaintCon
https://youtu.be/1LR5u8uKO8I
@SecTalks
Dan McInerney at SaintCon
https://youtu.be/1LR5u8uKO8I
@SecTalks
YouTube
SAINTCON 2018 - Dan McInerney - Icebreaker.py Gaining a foothold in Active Directory in one command
Title: Icebreaker.py - Gaining a foothold in Active Directory in one command
Speaker: Dan McInerney
Conference: SAINTCON 2018
Location: Track 2
Date: 2018-09-27
Time: 03:00pm -- 03:30pm
Speaker: Dan McInerney
Conference: SAINTCON 2018
Location: Track 2
Date: 2018-09-27
Time: 03:00pm -- 03:30pm
Security Talks
Icebreaker.py: Gaining a foothold in Active Directory in one command Dan McInerney at SaintCon https://youtu.be/1LR5u8uKO8I @SecTalks
[Tool] Icebreaker:
Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment
https://github.com/DanMcInerney/icebreaker
@WindowsHackingLibrary
Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment
https://github.com/DanMcInerney/icebreaker
@WindowsHackingLibrary
GitHub
GitHub - DanMcInerney/icebreaker: Gets plaintext Active Directory credentials if you're on the internal network but outside the…
Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment - DanMcInerney/icebreaker
Leveraging WSUS – Part One
https://ijustwannared.team/2018/10/15/leveraging-wsus-part-one
@WindowsHackingLibrary
https://ijustwannared.team/2018/10/15/leveraging-wsus-part-one
@WindowsHackingLibrary
ijustwannaredteam
Leveraging WSUS – Part One
Hey all, After an extended hiatus, I’m back. I was waylaid with OSCE training, exam writing, and overall frustration, but I’m going to brag for a second to say I passed :). The material…
Powershell Payload Delivery via DNS using Invoke-PowerCloud
https://how.ired.team/offensive-security-experiments/payload-delivery-via-dns-using-invoke-powercloud
@WindowsHackingLibrary
https://how.ired.team/offensive-security-experiments/payload-delivery-via-dns-using-invoke-powercloud
@WindowsHackingLibrary
ired.team
Powershell Payload Delivery via DNS using Invoke-PowerCloud - Red Teaming Experiments
This lab demos a tool or rather a Powershell noscript I have written to do what the noscript says.
SharpAttack: A console for certain tasks on security assessments. It leverages .NET and the Windows API to perform its work( and cobbr_io SharpSploit). It contains commands for domain enumeration, code execution, and other fun things.
https://github.com/jaredhaight/SharpAttack
@WindowsHackingLibrary
https://github.com/jaredhaight/SharpAttack
@WindowsHackingLibrary
GitHub
GitHub - jaredhaight/SharpAttack: A simple wrapper for C# tools
A simple wrapper for C# tools. Contribute to jaredhaight/SharpAttack development by creating an account on GitHub.
Technical Rundown of WebExec
https://blog.skullsecurity.org/2018/technical-rundown-of-webexec
@WindowsHackingLibrary
https://blog.skullsecurity.org/2018/technical-rundown-of-webexec
@WindowsHackingLibrary
Forwarded from Security Talks (Jonhnathan Jonhnathan Jonhnathan)
Goodbye Obfuscation, Hello Invisi-Shell: Hiding Your Powershell Script in Plain Sight
By Omer Yair at Derbycon
https://youtu.be/Y3oMEiySxcc
@SecTalks
By Omer Yair at Derbycon
https://youtu.be/Y3oMEiySxcc
@SecTalks
YouTube
Track 3 15 Goodbye Obfuscation Hello Invisi Shell Hiding Your Powershell Script in Plain Sight Omer
These are the videos from Derbycon 2018:
http://www.irongeek.com/i.php?page=videos/derbycon8/mainlist
Patreon:
https://www.patreon.com/irongeek
http://www.irongeek.com/i.php?page=videos/derbycon8/mainlist
Patreon:
https://www.patreon.com/irongeek
Security Talks
Goodbye Obfuscation, Hello Invisi-Shell: Hiding Your Powershell Script in Plain Sight By Omer Yair at Derbycon https://youtu.be/Y3oMEiySxcc @SecTalks
Invisi-Shell: Hide your Powershell noscript in plain sight. Bypass all Powershell security features
https://github.com/OmerYa/Invisi-Shell
@WindowsHackingLibrary
https://github.com/OmerYa/Invisi-Shell
@WindowsHackingLibrary
GitHub
GitHub - OmerYa/Invisi-Shell: Hide your Powershell noscript in plain sight. Bypass all Powershell security features
Hide your Powershell noscript in plain sight. Bypass all Powershell security features - OmerYa/Invisi-Shell
Forwarded from w0rk3r's Blue team Library (Jonhnathan Jonhnathan Jonhnathan)
Another Word on Delegation
https://posts.specterops.io/another-word-on-delegation-10bdbe3cd94a
@BlueTeamLibrary
https://posts.specterops.io/another-word-on-delegation-10bdbe3cd94a
@BlueTeamLibrary
Medium
Another Word on Delegation
Every time I think I start to understand Active Directory and Kerberos, a new topic pops up to mess with my head. A few weeks ago, @elad_shamir contacted @tifkin_ and myself with some ideas about…