w0rk3r's Windows Hacking Library
Detections:
Hunting in Active Directory: Unconstrained Delegation & Forests Trusts
https://posts.specterops.io/hunting-in-active-directory-unconstrained-delegation-forests-trusts-71f2b33688e1
@BlueTeamLibrary
https://posts.specterops.io/hunting-in-active-directory-unconstrained-delegation-forests-trusts-71f2b33688e1
@BlueTeamLibrary
Medium
Hunting in Active Directory: Unconstrained Delegation & Forests Trusts
During DerbyCon 2018 this past October, my teammates @tifkin_, @enigma0x3 and @harmj0y gave an awesome presentation noscriptd “The Unintended…
Forwarded from Security Talks (Jonhnathan Jonhnathan Jonhnathan)
An ACE in the Hole Stealthy Host Persistence via Security Denoscriptors
https://www.youtube.com/watch?v=ExO535CITXs
@SecTalks
https://www.youtube.com/watch?v=ExO535CITXs
@SecTalks
YouTube
An ACE in the Hole Stealthy Host Persistence via Security Denoscriptors [Corrected Audio]
Presented at DerbyCon 7.0: Legacy in Lousville, Kentucky in 2017.
SpecterOps: https://www.specterops.io
SpecterOps: https://www.specterops.io
Pass-the-Cache to Domain Compromise
https://medium.com/@jamie.shaw/pass-the-cache-to-domain-compromise-320b6e2ff7da
@WindowsHackingLibrary
https://medium.com/@jamie.shaw/pass-the-cache-to-domain-compromise-320b6e2ff7da
@WindowsHackingLibrary
Medium
Pass-the-Cache to Domain Compromise
This post is going to go over a very quick domain compromise by abusing cached Kerberos tickets discovered on a Linux-based jump-box…
Microsoft Powerpoint as Malware Dropper
https://marcoramilli.blogspot.com/2018/11/microsoft-powerpoint-as-malware-dropper.html
@WindowsHackingLibrary
https://marcoramilli.blogspot.com/2018/11/microsoft-powerpoint-as-malware-dropper.html
@WindowsHackingLibrary
SharpPack: The Insider Threat Toolkit (Release)
https://www.mdsec.co.uk/2018/12/sharppack-the-insider-threat-toolkit
@WindowsHackingLibrary
https://www.mdsec.co.uk/2018/12/sharppack-the-insider-threat-toolkit
@WindowsHackingLibrary
MDSec
SharpPack: The Insider Threat Toolkit - MDSec
Introduction We recently performed an Insider Threat red team engagement, posing as employees within the company. We were provided with all the benefits of a regular employee (except salary :))...
Windows: VBScript execution policy bypass via MSXML
https://bugs.chromium.org/p/project-zero/issues/detail?id=1669
@WindowsHackingLibrary
https://bugs.chromium.org/p/project-zero/issues/detail?id=1669
@WindowsHackingLibrary
A 9-step recipe to crack a NTLMv2 Hash from a freshly acquired .pcap
https://research.801labs.org/cracking-an-ntlmv2-hash
@WindowsHackingLibrary
https://research.801labs.org/cracking-an-ntlmv2-hash
@WindowsHackingLibrary
Hacking into Palo Alto Networks support site for fun and... no attribution?
https://www.craigdods.com/hacking-into-palo-alto-networks-support-site-for-fun-and-no-attribution
@FromZer0toHero
https://www.craigdods.com/hacking-into-palo-alto-networks-support-site-for-fun-and-no-attribution
@FromZer0toHero
SharpNado - Teaching an old dog evil tricks using .NET Remoting or WCF to host smarter and dynamic payloads
https://blog.redxorblue.com/2018/12/sharpnado-teaching-old-dog-evil-tricks.html
@WindowsHackingLibrary
https://blog.redxorblue.com/2018/12/sharpnado-teaching-old-dog-evil-tricks.html
@WindowsHackingLibrary
Redxorblue
SharpNado - Teaching an old dog evil tricks using .NET Remoting or WCF to host smarter and dynamic payloads
TL;DR: SharpNado is proof of concept tool that demonstrates how one could use .Net Remoting or Windows Communication Foundation (WCF) to h...
Story of my two (but actually three) RCEs in SharePoint in 2018
https://soroush.secproject.com/blog/2018/12/story-of-two-published-rces-in-sharepoint-workflows
@WindowsHackingLibrary
https://soroush.secproject.com/blog/2018/12/story-of-two-published-rces-in-sharepoint-workflows
@WindowsHackingLibrary
Tampering with Windows Event Tracing: Background, Offense, and Defense
https://medium.com/palantir/tampering-with-windows-event-tracing-background-offense-and-defense-4be7ac62ac63
@WindowsHackingLibrary
https://medium.com/palantir/tampering-with-windows-event-tracing-background-offense-and-defense-4be7ac62ac63
@WindowsHackingLibrary
Medium
Tampering with Windows Event Tracing: Background, Offense, and Defense
Event Tracing for Windows (ETW) is the mechanism Windows uses to trace and log system events. Attackers often clear event logs to cover…
OT Network Attack Demonstration
https://ijustwannared.team/2018/12/27/ot-network-attack-demonstration
@WindowsHackingLibrary
https://ijustwannared.team/2018/12/27/ot-network-attack-demonstration
@WindowsHackingLibrary
ijustwannaredteam
OT Network Attack Demonstration
Hey all, Recently we put together an attack demonstration targeting our simulated lab OT network using a few of the tools that have been explored on this site. The video is linked at the bottom. So…
zBang is a risk assessment tool that detects potential privileged account threats
Blog:
https://www.cyberark.com/threat-research-blog/the-big-zbang-theory-a-new-open-source-tool
Tool:
https://github.com/cyberark/zBang
@WindowsHackingLibrary
Blog:
https://www.cyberark.com/threat-research-blog/the-big-zbang-theory-a-new-open-source-tool
Tool:
https://github.com/cyberark/zBang
@WindowsHackingLibrary
Cyberark
The Big zBang Theory – A New Open Source Tool
CyberArk Labs is often asked to run risk assessments of target networks. This is similar to penetration testing, however, we focus primarily on testing threats and risks associated with privileged...
Malicious use of Microsoft LAPS
https://akijosberryblog.wordpress.com/2019/01/01/malicious-use-of-microsoft-laps
@WindowsHackingLibrary
https://akijosberryblog.wordpress.com/2019/01/01/malicious-use-of-microsoft-laps
@WindowsHackingLibrary
Akijosberry
Malicious use of Microsoft LAPS
LAPS Overview: LAPS (Local Administrator Password Solution) is a tool for managing local administrator passwords for domain joined computers. It stores passwords/secrets in a confidential attribute…
Cobalt Strike 3.13 – Why do we argue?
https://blog.cobaltstrike.com/2019/01/02/cobalt-strike-3-13-why-do-we-argue
@WindowsHackingLibrary
https://blog.cobaltstrike.com/2019/01/02/cobalt-strike-3-13-why-do-we-argue
@WindowsHackingLibrary
Cobalt Strike
Blog - Cobalt Strike
The Cobalt Strike Blog. Read new featured content, get updates on the latest patches, and insights into the future of red teaming tools.
Bypassing Palo Alto Traps EDR Solution
https://www.c0d3xpl0it.com/2019/01/bypassing-paloalto-traps-edr-solution.html
@WindowsHackingLibrary
https://www.c0d3xpl0it.com/2019/01/bypassing-paloalto-traps-edr-solution.html
@WindowsHackingLibrary
C0D3Xpl0It
Bypassing PaloAlto Traps EDR Solution
In recent Pentest we encountered PaloAlto Traps (EDR Solution) was installed on the compromised machine with WildFire module integrated ...
COM XSL Transformation: Bypassing Microsoft Application Control Solutions (CVE-2018-8492)
https://bohops.com/2019/01/10/com-xsl-transformation-bypassing-microsoft-application-control-solutions-cve-2018-8492
@WindowsHackingLibrary
https://bohops.com/2019/01/10/com-xsl-transformation-bypassing-microsoft-application-control-solutions-cve-2018-8492
@WindowsHackingLibrary
bohops
COM XSL Transformation: Bypassing Microsoft Application Control Solutions (CVE-2018-8492)
Introduction Greetings, Everyone! It has been several months since I’ve blogged, so it seems fitting to start the New Year off with a post about two topics that I thoroughly enjoy exploring: …