Forwarded from w0rk3r's Blue team Library (Jonhnathan Jonhnathan Jonhnathan)
Unrestricted Release of Offensive Security Tools
Uncontrolled proliferation of Offensive Security Tools is an unnecessary contribution to real threat actor’s computer network operations.
https://medium.com/@QW5kcmV3/misconceptions-unrestricted-release-of-offensive-security-tools-789299c72afe
@BlueTeamLibrary
Uncontrolled proliferation of Offensive Security Tools is an unnecessary contribution to real threat actor’s computer network operations.
https://medium.com/@QW5kcmV3/misconceptions-unrestricted-release-of-offensive-security-tools-789299c72afe
@BlueTeamLibrary
Medium
Misconceptions: Unrestricted Release of Offensive Security Tools
Uncontrolled proliferation of Offensive Security Tools is an unnecessary contribution to real threat actor’s computer network operations.
Evading WinDefender ATP credential-theft: a hit after a hit-and-miss start
https://www.matteomalvica.com/blog/2019/12/02/win-defender-atp-cred-bypass
@WindowsHackingLibrary
https://www.matteomalvica.com/blog/2019/12/02/win-defender-atp-cred-bypass
@WindowsHackingLibrary
Matteomalvica
Evading WinDefender ATP credential-theft: a hit after a hit-and-miss start
Cobalt Strike 4.0 – Bring Your Own Weaponization
https://blog.cobaltstrike.com/2019/12/05/cobalt-strike-4-0-bring-your-own-weaponization
@WindowsHackingLibrary
https://blog.cobaltstrike.com/2019/12/05/cobalt-strike-4-0-bring-your-own-weaponization
@WindowsHackingLibrary
Cobalt Strike
Resources - Cobalt Strike
[...]Read More... from Resources
SCshell: Fileless Lateral Movement Using Service Manager
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/scshell-fileless-lateral-movement-using-service-manager/
[Github]
https://github.com/SpiderLabs/SCShell
@WindowsHackingLibrary
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/scshell-fileless-lateral-movement-using-service-manager/
[Github]
https://github.com/SpiderLabs/SCShell
@WindowsHackingLibrary
Trustwave
SCshell: Fileless Lateral Movement Using Service Manager
During red team engagements, lateral movement in a network is crucial. In addition, as a critical part of exploit chains, security solutions put a lot of effort to detect this movement. Techniques such as remote WMI and PsExec are fairly well detected. In…
Reversing Windows Internals (Part 1) – Digging Into Handles, Callbacks & ObjectTypes
https://rayanfam.com/topics/reversing-windows-internals-part1
@WindowsHackingLibrary
https://rayanfam.com/topics/reversing-windows-internals-part1
@WindowsHackingLibrary
Rayanfam Blog
Reversing Windows Internals (Part 1) - Digging Into Handles, Callbacks & ObjectTypes
We write about Windows Internals, Hypervisors, Linux, and Networks.
Updating adconnectdump - a journey into DPAPI
https://dirkjanm.io/updating-adconnectdump-a-journey-into-dpapi
@WindowsHackingLibrary
https://dirkjanm.io/updating-adconnectdump-a-journey-into-dpapi
@WindowsHackingLibrary
dirkjanm.io
Updating adconnectdump - a journey into DPAPI
Last year when I started playing with Azure I looked into Azure AD connect and how it stores its high privilege credentials. When I was revisiting this topic a few weeks ago, it turned out that some things had changed and my previous method of dumping credentials…
From iPhone to NT AUTHORITY\SYSTEM
https://decoder.cloud/2019/12/12/from-iphone-to-nt-authoritysystem
@WindowsHackingLibrary
https://decoder.cloud/2019/12/12/from-iphone-to-nt-authoritysystem
@WindowsHackingLibrary
Decoder's Blog
From iPhone to NT AUTHORITY\SYSTEM
As promised in my previous post , I will show you how to exploit the “Printconfig” dll with a real world example. But what does Apple’s iPhone have to do with it?? Well, keep on r…
SysWhispers helps with AV/EDR evasion by generating header/ASM files implants can use to make direct system calls, all core syscalls are supported from Windows XP to 10.
https://github.com/jthuraisamy/SysWhispers
@WindowsHackingLibrary
https://github.com/jthuraisamy/SysWhispers
@WindowsHackingLibrary
GitHub
GitHub - jthuraisamy/SysWhispers: AV/EDR evasion via direct system calls.
AV/EDR evasion via direct system calls. Contribute to jthuraisamy/SysWhispers development by creating an account on GitHub.
No Shells Required - a Walkthrough on Using Impacket and Kerberos to Delegate Your Way to DA
http://blog.redxorblue.com/2019/12/no-shells-required-using-impacket-to.html
@WindowsHackingLibrary
http://blog.redxorblue.com/2019/12/no-shells-required-using-impacket-to.html
@WindowsHackingLibrary
Redxorblue
No Shells Required - a Walkthrough on Using Impacket and Kerberos to Delegate Your Way to DA
There are a ton of great resources that have been released in the past few years on a multitude of Kerberos delegation abuse avenues. Howe...
Mimidrv In Depth: Exploring Mimikatz’s Kernel Driver
https://posts.specterops.io/mimidrv-in-depth-4d273d19e148
@WindowsHackingLibrary
https://posts.specterops.io/mimidrv-in-depth-4d273d19e148
@WindowsHackingLibrary
Medium
Mimidrv In Depth: Exploring Mimikatz’s Kernel Driver
Mimikatz provides the opportunity to leverage kernel mode functions through the included driver, Mimidrv. Mimidrv is a signed Windows…
SpecterOps' Adversary Tactics - PowerShell Training course material
https://github.com/specterops/at-ps
@WindowsHackingLibrary
https://github.com/specterops/at-ps
@WindowsHackingLibrary
GitHub
GitHub - SpecterOps/at-ps: Adversary Tactics - PowerShell Training
Adversary Tactics - PowerShell Training. Contribute to SpecterOps/at-ps development by creating an account on GitHub.
Attacking Azure, Azure AD, and Introducing PowerZure
https://posts.specterops.io/attacking-azure-azure-ad-and-introducing-powerzure-ca70b330511a
@WindowsHackingLibrary
https://posts.specterops.io/attacking-azure-azure-ad-and-introducing-powerzure-ca70b330511a
@WindowsHackingLibrary
Medium
Attacking Azure, Azure AD, and Introducing PowerZure
Interacting with Azure, offensively
(Ab)using Kerberos from Linux
https://www.onsecurity.co.uk/blog/abusing-kerberos-from-linux
@WindowsHackingLibrary
https://www.onsecurity.co.uk/blog/abusing-kerberos-from-linux
@WindowsHackingLibrary
www.onsecurity.io
Abusing Kerberos From Linux - An Overview of Available Tools
Explore Kerberos abuse techniques on Linux with our comprehensive guide. Delve into the available tools and methods for effective Kerberos exploitation.
Rethinking Credential Theft
https://labs.f-secure.com/blog/rethinking-credential-theft
@WindowsHackingLibrary
https://labs.f-secure.com/blog/rethinking-credential-theft
@WindowsHackingLibrary
CVE-2020-0618: RCE in SQL Server Reporting Services (SSRS)
https://www.mdsec.co.uk/2020/02/cve-2020-0618-rce-in-sql-server-reporting-services-ssrs
@WindowsHackingLibrary
https://www.mdsec.co.uk/2020/02/cve-2020-0618-rce-in-sql-server-reporting-services-ssrs
@WindowsHackingLibrary
MDSec
CVE-2020-0618: RCE in SQL Server Reporting Services (SSRS) - MDSec
SQL Server Reporting Services (SSRS) provides a set of on-premises tools and services that create, deploy, and manage mobile and paginated reports. Functionality within the SSRS web application allowed low privileged...
Bypass Windows 10 User Group Policy (and more) with this One Weird Trick
https://medium.com/tenable-techblog/bypass-windows-10-user-group-policy-and-more-with-this-one-weird-trick-552d4bc5cc1b
@WindowsHackingLibrary
https://medium.com/tenable-techblog/bypass-windows-10-user-group-policy-and-more-with-this-one-weird-trick-552d4bc5cc1b
@WindowsHackingLibrary
Medium
Bypass Windows 10 User Group Policy (and more) with this One Weird Trick
I‘m going to share an (ab)use of a Windows feature which can result in bypassing User Group Policy (as well as a few other interesting…
[PT-BR]
CVE-2020-0668 Windows LPE - Análise e Exploração
https://youtu.be/KiqvlIc-cxY
@WindowsHackingLibrary
CVE-2020-0668 Windows LPE - Análise e Exploração
https://youtu.be/KiqvlIc-cxY
@WindowsHackingLibrary
YouTube
CVE-2020-0668 - Windows LPE - Análise e Exploração
A CVE-2020-0668, divulgada 11/02/2020, é uma vulnerabilidade que explora o Windows Service Tracing, possibilitando a Escalação de Privilégio Local (LPE). Nesse vídeo é possível entender como a falha funciona e como explorá-la.
Coloquei todos os comandos…
Coloquei todos os comandos…
Kerberosity Killed the Domain: An Offensive Kerberos Overview
https://posts.specterops.io/kerberosity-killed-the-domain-an-offensive-kerberos-overview-eb04b1402c61
@WindowsHackingLibrary
https://posts.specterops.io/kerberosity-killed-the-domain-an-offensive-kerberos-overview-eb04b1402c61
@WindowsHackingLibrary
Medium
Kerberosity Killed the Domain: An Offensive Kerberos Overview
Kerberos is the preferred way of authentication in a Windows domain, with NTLM being the alternative. Kerberos authentication is a very…
LDAPFragger: Command and Control over LDAP attributes
https://blog.fox-it.com/2020/03/19/ldapfragger-command-and-control-over-ldap-attributes
@WindowsHackingLibrary
https://blog.fox-it.com/2020/03/19/ldapfragger-command-and-control-over-ldap-attributes
@WindowsHackingLibrary
Fox-IT International blog
LDAPFragger: Command and Control over LDAP attributes
Written by Rindert Kramer Introduction A while back during a penetration test of an internal network, we encountered physically segmented networks. These networks contained workstations joined to t…
Windows Server 2008R2-2019 NetMan DLL Hijacking
https://itm4n.github.io/windows-server-netman-dll-hijacking
@WindowsHackingLibrary
https://itm4n.github.io/windows-server-netman-dll-hijacking
@WindowsHackingLibrary
itm4n’s blog
Windows Server 2008R2-2019 NetMan DLL Hijacking
What if I told you that all editions of Windows Server, from 2008R2 to 2019, are prone to a DLL Hijacking in the %PATH% directories? What if I also told you that the impacted service runs as NT AUTHORITY\SYSTEM and that the DLL loading can be triggered by…