Forwarded from w0rk3r's Blue team Library (Jonhnathan Jonhnathan Jonhnathan)
Slides: "If we win, we lose" - Using healthy competition to measure and improve security programs || BlueHat v18
https://www.slideshare.net/MSbluehat/if-we-win-we-lose-using-healthy-competition-to-measure-and-improve-security-programs
@BlueTeamLibrary
https://www.slideshare.net/MSbluehat/if-we-win-we-lose-using-healthy-competition-to-measure-and-improve-security-programs
@BlueTeamLibrary
www.slideshare.net
BlueHat v18 || "If we win, we lose" (using healthy competition to mea…
Tim MalcomVetter, Walmart We have this saying on my red team that we borrowed from the NSA Red Team: “if we win, we lose.” It reveals the dichotomy of excellin…
10 Red Teaming Lessons Learned Over 20 Years
https://www.oodaloop.com/ooda-original/2015/10/22/10-red-teaming-lessons-learned-over-20-years
@WindowsHackingLibrary
https://www.oodaloop.com/ooda-original/2015/10/22/10-red-teaming-lessons-learned-over-20-years
@WindowsHackingLibrary
OODA Loop
10 Red Teaming Lessons Learned Over 20 Years
I've been a red teamer for twenty years now, perhaps even longer, but I didn't know what to call it until 1995 when I started working with the Department of Defense. I've also been fortunate
SMB Named Pipe Pivoting in Meterpreter
https://medium.com/@petergombos/smb-named-pipe-pivoting-in-meterpreter-462580fd41c5
@WindowsHackingLibrary
https://medium.com/@petergombos/smb-named-pipe-pivoting-in-meterpreter-462580fd41c5
@WindowsHackingLibrary
Medium
SMB Named Pipe Pivoting in Meterpreter
A hidden feature of Metasploit, is the ability to add SMB Named Pipe listeners in a meterpreter session to pivot on an internal network…
On-the-Run with Empire
https://posts.specterops.io/on-the-run-with-empire-67ddde01270c
@WindowsHackingLibrary
https://posts.specterops.io/on-the-run-with-empire-67ddde01270c
@WindowsHackingLibrary
Posts By SpecterOps Team Members
On-the-Run with Empire.
During my study time for mobile application testing, I came to the realization that there are a lot of bad coding practices taking place…
Reversing ALPC: Where are your windows bugs and sandbox escapes?
https://sandboxescaper.blogspot.com/2018/10/reversing-alpc-where-are-your-windows.html
@WindowsHackingLibrary
https://sandboxescaper.blogspot.com/2018/10/reversing-alpc-where-are-your-windows.html
@WindowsHackingLibrary
Abusing PowerShell Desired State Configuration for Lateral Movement
https://posts.specterops.io/abusing-powershell-desired-state-configuration-for-lateral-movement-ca42ddbe6f06
@WindowsHackingLibrary
https://posts.specterops.io/abusing-powershell-desired-state-configuration-for-lateral-movement-ca42ddbe6f06
@WindowsHackingLibrary
Medium
Abusing PowerShell Desired State Configuration for Lateral Movement
Lateral Movement Technique Denoscription
How to bypass AMSI and execute ANY malicious Powershell code
https://0x00-0x00.github.io/research/2018/10/28/How-to-bypass-AMSI-and-Execute-ANY-malicious-powershell-code.html
@WindowsHackingLibrary
https://0x00-0x00.github.io/research/2018/10/28/How-to-bypass-AMSI-and-Execute-ANY-malicious-powershell-code.html
@WindowsHackingLibrary
zc00l blog
How to bypass AMSI and execute ANY malicious Powershell code
Hello again. In my previous posts I detailed how to manually get SYSTEM shell from Local Administrators users. That’s interesting but very late game during a penetration assessment as it is presumed that you already owned the target machine.
A C# penetration testing tool to discover low-haning web fruit via web requests
https://github.com/rvrsh3ll/SharpFruit
@WindowsHackingLibrary
https://github.com/rvrsh3ll/SharpFruit
@WindowsHackingLibrary
GitHub
GitHub - rvrsh3ll/SharpFruit: A C# penetration testing tool to discover low-haning web fruit via web requests.
A C# penetration testing tool to discover low-haning web fruit via web requests. - rvrsh3ll/SharpFruit
RunDLL32 your .NET (AKA DLL exports from .NET)
https://blog.xpnsec.com/rundll32-your-dotnet
@WindowsHackingLibrary
https://blog.xpnsec.com/rundll32-your-dotnet
@WindowsHackingLibrary
XPN InfoSec Blog
@_xpn_ - RunDLL32 your .NET (AKA DLL exports from .NET)
In this post I wanted to look at a technique which is by no means new to .NET developers, but may prove useful to redteamers crafting their tools... exporting .NET static methods within a DLL... AKA using RunDLL32 to launch your .NET assembly.
Playing with Relayed Credentials
https://www.secureauth.com/blog/playing-relayed-credentials
@WindowsHackingLibrary
https://www.secureauth.com/blog/playing-relayed-credentials
@WindowsHackingLibrary
Operational Challenges in Offensive C#
https://posts.specterops.io/operational-challenges-in-offensive-c-355bd232a200
@WindowsHackingLibrary
https://posts.specterops.io/operational-challenges-in-offensive-c-355bd232a200
@WindowsHackingLibrary
Medium
Operational Challenges in Offensive C#
As offensive toolsets continue to move towards using C# as the language of choice for post-exploitation, I thought it’d be useful to think…
Recovering Plaintext Domain Credentials from WPA2 Enterprise on a Compromised Host
https://0x00-0x00.github.io/research/2018/11/06/Recovering-Plaintext-Domain-Credentials-From-WPA2-Enterprise-on-a-compromised-host.html
@WindowsHackingLibrary
https://0x00-0x00.github.io/research/2018/11/06/Recovering-Plaintext-Domain-Credentials-From-WPA2-Enterprise-on-a-compromised-host.html
@WindowsHackingLibrary
zc00l blog
Recovering Plaintext Domain Credentials from WPA2 Enterprise on a Compromised Host
Introduction
Oh No! AMSI blocked the AMSI Bypass! What Now?
https://0x00-0x00.github.io/research/2018/11/09/Oh-No!-Amsi-blocked-the-bypass.html
@WindowsHackingLibrary
https://0x00-0x00.github.io/research/2018/11/09/Oh-No!-Amsi-blocked-the-bypass.html
@WindowsHackingLibrary
zc00l blog
Oh No! AMSI blocked the AMSI Bypass! What now?
Introduction
Bypassing Microsoft XOML Workflows Protection Mechanisms using Deserialisation of Untrusted Data
https://www.nccgroup.trust/uk/our-research/technical-advisory-bypassing-microsoft-xoml-workflows-protection-mechanisms-using-deserialisation-of-untrusted-data
@WindowsHackingLibrary
https://www.nccgroup.trust/uk/our-research/technical-advisory-bypassing-microsoft-xoml-workflows-protection-mechanisms-using-deserialisation-of-untrusted-data
@WindowsHackingLibrary
More than One Way to Skin a Hack
An Example in Getting Around CrowdStrike Endpoint Protection
https://link.medium.com/rnyWKqUNOR
@WindowsHackingLibrary
An Example in Getting Around CrowdStrike Endpoint Protection
https://link.medium.com/rnyWKqUNOR
@WindowsHackingLibrary
Medium
More than One Way to Skin a Hack
An Example in Getting Around CrowdStrike Endpoint Protection
Microsoft Build Engine Compromise - Part One
http://subt0x11.blogspot.com/2018/11/microsoft-build-engine-compromise-part_13.html
@WindowsHackingLibrary
http://subt0x11.blogspot.com/2018/11/microsoft-build-engine-compromise-part_13.html
@WindowsHackingLibrary
Forwarded from Security Talks (Jonhnathan Jonhnathan Jonhnathan)
Hardening Hyper-V through Offensive Security Research
https://www.youtube.com/watch?v=025r8_TrV8I
@SecTalks
https://www.youtube.com/watch?v=025r8_TrV8I
@SecTalks
YouTube
Hardening Hyper-V through Offensive Security Research
Virtualization technology is fast becoming the backbone of the security strategy for modern computing platforms. Hyper-V, Microsoft's virtualization stack, is no exception and is therefore held to a high security standard, as is demonstrated by its $250,000…
Forwarded from Security Talks (Jonhnathan Jonhnathan Jonhnathan)
Subverting Sysmon: Application of a Formalized Security Product Evasion Methodology
https://www.youtube.com/watch?v=R5IEyoFpZq0
@SecTalks
https://www.youtube.com/watch?v=R5IEyoFpZq0
@SecTalks
YouTube
Subverting Sysmon: Application of a Formalized Security Product Evasion Methodology
While security products are a great supplement to the defensive posture of an enterprise, to well-funded nation-state actors, they are an impediment to achieving their objectives. As pentesters argue the efficacy of a product because it doesn't detect their…
Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation
https://www.exploit-db.com/exploits/45893
@WindowsHackingLibrary
https://www.exploit-db.com/exploits/45893
@WindowsHackingLibrary
Exploit Database
Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation
Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation. CVE-2018-8550 . local exploit for Windows platform