Choose Your Own Red Team Adventure
https://medium.com/@malcomvetter/choose-your-own-red-team-adventure-f87d6a3b0b76
@WindowsHackingLibrary
https://medium.com/@malcomvetter/choose-your-own-red-team-adventure-f87d6a3b0b76
@WindowsHackingLibrary
Medium
Choose Your Own Red Team Adventure
The following story is your opportunity to pretend you’re going up against a world-class security program’s defenses. You get to decide…
Forwarded from Security Talks (Jonhnathan Jonhnathan Jonhnathan)
Breach: From Recon to penetrating the perimeter, to actions on the target
https://youtu.be/e99iQC-dod8
@SecTalks
https://youtu.be/e99iQC-dod8
@SecTalks
YouTube
May 2019 Pwn School - TinkerSec "Breach"
Breach: From recon to penetrating the perimeter, to actions on target.
SharpLocker
SharpLocker helps get current user credentials by popping a fake Windows lock screen, all output is sent to Console which works perfect for Cobalt Strike.
https://github.com/Pickfordmatt/SharpLocker
@WindowsHackingLibrary
SharpLocker helps get current user credentials by popping a fake Windows lock screen, all output is sent to Console which works perfect for Cobalt Strike.
https://github.com/Pickfordmatt/SharpLocker
@WindowsHackingLibrary
GitHub
GitHub - Pickfordmatt/SharpLocker
Contribute to Pickfordmatt/SharpLocker development by creating an account on GitHub.
Osquery for Windows access right misconfiguration Elevation of Privilege (CVE-2019-3567)
https://offsec.provadys.com/osquery-windows-acl-misconfiguration-eop.html
@WindowsHackingLibrary
https://offsec.provadys.com/osquery-windows-acl-misconfiguration-eop.html
@WindowsHackingLibrary
How Red Teams Bypass AMSI and WLDP for .NET Dynamic Code
https://modexp.wordpress.com/2019/06/03/disable-amsi-wldp-dotnet
@WindowsHackingLibrary
https://modexp.wordpress.com/2019/06/03/disable-amsi-wldp-dotnet
@WindowsHackingLibrary
modexp
How Red Teams Bypass AMSI and WLDP for .NET Dynamic Code
Introduction Previous Research AMSI Example in C AMSI Context AMSI Initialization AMSI Scanning CLR Implementation of AMSI AMSI Bypass A (Patching Data) AMSI Bypass B (Patching Code 1) AMSI Bypass …
Syncing yourself to Global Administrator in Azure Active Directory
https://blog.fox-it.com/2019/06/06/syncing-yourself-to-global-administrator-in-azure-active-directory
@WindowsHackingLibrary
https://blog.fox-it.com/2019/06/06/syncing-yourself-to-global-administrator-in-azure-active-directory
@WindowsHackingLibrary
Fox-IT International blog
Syncing yourself to Global Administrator in Azure Active Directory
This blog describes a vulnerability discovered by Fox-IT last year in Azure AD Connect, which would allow anyone with account creation privileges in the on-premise Active Directory directory to mod…
Cylance Bypass Method
(Renaming CyMemDef64.dll to something else to dump from lsass.exe)
https://www.dru1d.ninja/2018/11/02/Cylance-Bypass
@WindowsHackingLibrary
(Renaming CyMemDef64.dll to something else to dump from lsass.exe)
https://www.dru1d.ninja/2018/11/02/Cylance-Bypass
@WindowsHackingLibrary
dru1d's Security Bonanza!
Cylance Bypass Method
OverviewDuring a penetration test, I had encountered some issues with Cylance PROTECT snagging a lot of my tooling (both public and private). After a bit of research and some client misconfiguration e
Bloodhound walkthrough. A Tool for Many Tradecrafts
https://www.pentestpartners.com/security-blog/bloodhound-walkthrough-a-tool-for-many-tradecrafts
@WindowsHackingLibrary
https://www.pentestpartners.com/security-blog/bloodhound-walkthrough-a-tool-for-many-tradecrafts
@WindowsHackingLibrary
Pen Test Partners
Bloodhound walkthrough. A Tool for Many Tradecrafts | Pen Test Partners
A walkthrough on how to set up and use BloodHound BloodHound (https://github.com/BloodHoundAD/BloodHound) is an application used to visualize active directory environments. The front-end is built on electron and the back-end is a Neo4j database, the data…
Your Session Key is My Session Key: How to Retrieve the Session Key for Any Authentication
https://blog.preempt.com/your-session-key-is-my-session-key
@WindowsHackingLibrary
https://blog.preempt.com/your-session-key-is-my-session-key
@WindowsHackingLibrary
Visualizing BloodHound Data with PowerBI — Part 1
https://posts.specterops.io/visualizing-bloodhound-data-with-powerbi-part-1-ba8ea4908422
@WindowsHackingLibrary
https://posts.specterops.io/visualizing-bloodhound-data-with-powerbi-part-1-ba8ea4908422
@WindowsHackingLibrary
Medium
Visualizing BloodHound Data with PowerBI — Part 1
In this blog post, I’ll show you how you can use BloodHound data, the Cypher query language, and Microsoft’s PowerBI to create…
Coding a reliable CVE-2019-084 bypass
https://0x00-0x00.github.io/research/2019/05/30/Coding-a-reliable-CVE-2019-0841-Bypass.html
@WindowsHackingLibrary
https://0x00-0x00.github.io/research/2019/05/30/Coding-a-reliable-CVE-2019-0841-Bypass.html
@WindowsHackingLibrary
zc00l blog
Coding a reliable CVE-2019-084 bypass
Hi all. It’s been some time. I apologize for my absence, but I need to carry on with life and work and, sometimes, there’s no time for this blog.
Explaining the inner workings of AMSI and describing a new bypass technique
https://www.contextis.com/en/blog/amsi-bypass
@WindowsHackingLibrary
https://www.contextis.com/en/blog/amsi-bypass
@WindowsHackingLibrary
Heap Overflow Exploitation on Windows 10 Explained
https://blog.rapid7.com/2019/06/12/heap-overflow-exploitation-on-windows-10-explained
@WindowsHackingLibrary
https://blog.rapid7.com/2019/06/12/heap-overflow-exploitation-on-windows-10-explained
@WindowsHackingLibrary
Bypassing CrowdStrike in an enterprise production network [in 3 different ways]
https://www.komodosec.com/post/bypassing-crowdstrike
@WindowsHackingLibrary
https://www.komodosec.com/post/bypassing-crowdstrike
@WindowsHackingLibrary
KomodoSec
Bypassing CrowdStrike in an Enterprise Production Network
EDR solutions and specifically CrowdStrike Falcon are giving us a hard time recently. It seemed that no matter how covert we tried to be, a well-trained blue team was able to utilize these type of solutions to pick up on our activity relatively fast. That’s…
Analyzing ARP to Discover & Exploit Stale Network Address Configurations
https://www.blackhillsinfosec.com/analyzing-arp-to-discover-exploit-stale-network-address-configurations
@WindowsHackingLibrary
https://www.blackhillsinfosec.com/analyzing-arp-to-discover-exploit-stale-network-address-configurations
@WindowsHackingLibrary
Black Hills Information Security, Inc.
Analyzing ARP to Discover & Exploit Stale Network Address Configurations - Black Hills Information Security, Inc.
Justin Angel// Introduction In penetration testing, ARP is most commonly discussed in terms of poisoning attacks where an attacker achieves a man-in-the-middle (MITM) position between victim nodes by contaminating the […]
Exploiting CVE-2019-1040 - Combining relay vulnerabilities for RCE and Domain Admin
https://dirkjanm.io/exploiting-CVE-2019-1040-relay-vulnerabilities-for-rce-and-domain-admin
@WindowsHackingLibrary
https://dirkjanm.io/exploiting-CVE-2019-1040-relay-vulnerabilities-for-rce-and-domain-admin
@WindowsHackingLibrary
dirkjanm.io
Exploiting CVE-2019-1040 - Combining relay vulnerabilities for RCE and Domain Admin
Earlier this week, Microsoft issued patches for CVE-2019-1040, which is a vulnerability that allows for bypassing of NTLM relay mitigations. The vulnerability was discovered by Marina Simakov and Yaron Zinar (as well as several others credited in the Microsoft…