Designing Peer-To-Peer Command and Control
https://posts.specterops.io/designing-peer-to-peer-command-and-control-ad2c61740456
@WindowsHackingLibrary
https://posts.specterops.io/designing-peer-to-peer-command-and-control-ad2c61740456
@WindowsHackingLibrary
Medium
Designing Peer-To-Peer Command and Control
In this post we will discuss the design and implementation of peer-to-peer command and control protocols in general, as well as the…
Evil Clippy: MS Office maldoc assistant
https://outflank.nl/blog/2019/05/05/evil-clippy-ms-office-maldoc-assistant
@WindowsHackingLibrary
https://outflank.nl/blog/2019/05/05/evil-clippy-ms-office-maldoc-assistant
@WindowsHackingLibrary
T1093: Process Hollowing and Portable Executable Relocations
https://ired.team/offensive-security/t1055-process-injection/process-hollowing-and-pe-image-relocations
@WindowsHackingLibrary
https://ired.team/offensive-security/t1055-process-injection/process-hollowing-and-pe-image-relocations
@WindowsHackingLibrary
www.ired.team
Process Hollowing and Portable Executable Relocations
Code injection, evasion
Bypassing Windows Defender: One TCP Socket Away From Meterpreter and Beacon Sessions
https://ired.team/offensive-security/bypassing-windows-defender-one-tcp-socket-away-from-meterpreter-and-cobalt-strike-beacon
@WindowsHackingLibrary
https://ired.team/offensive-security/bypassing-windows-defender-one-tcp-socket-away-from-meterpreter-and-cobalt-strike-beacon
@WindowsHackingLibrary
ired.team
Bypassing Windows Defender: One TCP Socket Away From Meterpreter and Beacon Sessions
Forwarded from w0rk3r's Blue team Library (Jonhnathan Jonhnathan Jonhnathan)
Malicious Payloads vs Deep Visibility: A PowerShell Story
https://www.slideshare.net/DanielBohannon2/malicious-payloads-vs-deep-visibility-a-powershell-story
@BlueTeamLibrary
https://www.slideshare.net/DanielBohannon2/malicious-payloads-vs-deep-visibility-a-powershell-story
@BlueTeamLibrary
Slideshare
Malicious Payloads vs Deep Visibility: A PowerShell Story
This document summarizes a presentation on malicious payloads using PowerShell. It discusses how attackers often use PowerShell due to its native Windows capabilities and offensive tradecraft possibilities. The presentation provides examples of PowerShell…
Dynamic Microsoft Office 365 AMSI In Memory Bypass Using VBA
https://secureyourit.co.uk/wp/2019/05/10/dynamic-microsoft-office-365-amsi-in-memory-bypass-using-vba
@WindowsHackingLibrary
https://secureyourit.co.uk/wp/2019/05/10/dynamic-microsoft-office-365-amsi-in-memory-bypass-using-vba
@WindowsHackingLibrary
Choose Your Own Red Team Adventure
https://medium.com/@malcomvetter/choose-your-own-red-team-adventure-f87d6a3b0b76
@WindowsHackingLibrary
https://medium.com/@malcomvetter/choose-your-own-red-team-adventure-f87d6a3b0b76
@WindowsHackingLibrary
Medium
Choose Your Own Red Team Adventure
The following story is your opportunity to pretend you’re going up against a world-class security program’s defenses. You get to decide…
Forwarded from Security Talks (Jonhnathan Jonhnathan Jonhnathan)
Breach: From Recon to penetrating the perimeter, to actions on the target
https://youtu.be/e99iQC-dod8
@SecTalks
https://youtu.be/e99iQC-dod8
@SecTalks
YouTube
May 2019 Pwn School - TinkerSec "Breach"
Breach: From recon to penetrating the perimeter, to actions on target.
SharpLocker
SharpLocker helps get current user credentials by popping a fake Windows lock screen, all output is sent to Console which works perfect for Cobalt Strike.
https://github.com/Pickfordmatt/SharpLocker
@WindowsHackingLibrary
SharpLocker helps get current user credentials by popping a fake Windows lock screen, all output is sent to Console which works perfect for Cobalt Strike.
https://github.com/Pickfordmatt/SharpLocker
@WindowsHackingLibrary
GitHub
GitHub - Pickfordmatt/SharpLocker
Contribute to Pickfordmatt/SharpLocker development by creating an account on GitHub.
Osquery for Windows access right misconfiguration Elevation of Privilege (CVE-2019-3567)
https://offsec.provadys.com/osquery-windows-acl-misconfiguration-eop.html
@WindowsHackingLibrary
https://offsec.provadys.com/osquery-windows-acl-misconfiguration-eop.html
@WindowsHackingLibrary
How Red Teams Bypass AMSI and WLDP for .NET Dynamic Code
https://modexp.wordpress.com/2019/06/03/disable-amsi-wldp-dotnet
@WindowsHackingLibrary
https://modexp.wordpress.com/2019/06/03/disable-amsi-wldp-dotnet
@WindowsHackingLibrary
modexp
How Red Teams Bypass AMSI and WLDP for .NET Dynamic Code
Introduction Previous Research AMSI Example in C AMSI Context AMSI Initialization AMSI Scanning CLR Implementation of AMSI AMSI Bypass A (Patching Data) AMSI Bypass B (Patching Code 1) AMSI Bypass …
Syncing yourself to Global Administrator in Azure Active Directory
https://blog.fox-it.com/2019/06/06/syncing-yourself-to-global-administrator-in-azure-active-directory
@WindowsHackingLibrary
https://blog.fox-it.com/2019/06/06/syncing-yourself-to-global-administrator-in-azure-active-directory
@WindowsHackingLibrary
Fox-IT International blog
Syncing yourself to Global Administrator in Azure Active Directory
This blog describes a vulnerability discovered by Fox-IT last year in Azure AD Connect, which would allow anyone with account creation privileges in the on-premise Active Directory directory to mod…
Cylance Bypass Method
(Renaming CyMemDef64.dll to something else to dump from lsass.exe)
https://www.dru1d.ninja/2018/11/02/Cylance-Bypass
@WindowsHackingLibrary
(Renaming CyMemDef64.dll to something else to dump from lsass.exe)
https://www.dru1d.ninja/2018/11/02/Cylance-Bypass
@WindowsHackingLibrary
dru1d's Security Bonanza!
Cylance Bypass Method
OverviewDuring a penetration test, I had encountered some issues with Cylance PROTECT snagging a lot of my tooling (both public and private). After a bit of research and some client misconfiguration e
Bloodhound walkthrough. A Tool for Many Tradecrafts
https://www.pentestpartners.com/security-blog/bloodhound-walkthrough-a-tool-for-many-tradecrafts
@WindowsHackingLibrary
https://www.pentestpartners.com/security-blog/bloodhound-walkthrough-a-tool-for-many-tradecrafts
@WindowsHackingLibrary
Pen Test Partners
Bloodhound walkthrough. A Tool for Many Tradecrafts | Pen Test Partners
A walkthrough on how to set up and use BloodHound BloodHound (https://github.com/BloodHoundAD/BloodHound) is an application used to visualize active directory environments. The front-end is built on electron and the back-end is a Neo4j database, the data…
Your Session Key is My Session Key: How to Retrieve the Session Key for Any Authentication
https://blog.preempt.com/your-session-key-is-my-session-key
@WindowsHackingLibrary
https://blog.preempt.com/your-session-key-is-my-session-key
@WindowsHackingLibrary
Visualizing BloodHound Data with PowerBI — Part 1
https://posts.specterops.io/visualizing-bloodhound-data-with-powerbi-part-1-ba8ea4908422
@WindowsHackingLibrary
https://posts.specterops.io/visualizing-bloodhound-data-with-powerbi-part-1-ba8ea4908422
@WindowsHackingLibrary
Medium
Visualizing BloodHound Data with PowerBI — Part 1
In this blog post, I’ll show you how you can use BloodHound data, the Cypher query language, and Microsoft’s PowerBI to create…
Coding a reliable CVE-2019-084 bypass
https://0x00-0x00.github.io/research/2019/05/30/Coding-a-reliable-CVE-2019-0841-Bypass.html
@WindowsHackingLibrary
https://0x00-0x00.github.io/research/2019/05/30/Coding-a-reliable-CVE-2019-0841-Bypass.html
@WindowsHackingLibrary
zc00l blog
Coding a reliable CVE-2019-084 bypass
Hi all. It’s been some time. I apologize for my absence, but I need to carry on with life and work and, sometimes, there’s no time for this blog.