Updating adconnectdump - a journey into DPAPI
https://dirkjanm.io/updating-adconnectdump-a-journey-into-dpapi
@WindowsHackingLibrary
https://dirkjanm.io/updating-adconnectdump-a-journey-into-dpapi
@WindowsHackingLibrary
dirkjanm.io
Updating adconnectdump - a journey into DPAPI
Last year when I started playing with Azure I looked into Azure AD connect and how it stores its high privilege credentials. When I was revisiting this topic a few weeks ago, it turned out that some things had changed and my previous method of dumping credentials…
From iPhone to NT AUTHORITY\SYSTEM
https://decoder.cloud/2019/12/12/from-iphone-to-nt-authoritysystem
@WindowsHackingLibrary
https://decoder.cloud/2019/12/12/from-iphone-to-nt-authoritysystem
@WindowsHackingLibrary
Decoder's Blog
From iPhone to NT AUTHORITY\SYSTEM
As promised in my previous post , I will show you how to exploit the “Printconfig” dll with a real world example. But what does Apple’s iPhone have to do with it?? Well, keep on r…
SysWhispers helps with AV/EDR evasion by generating header/ASM files implants can use to make direct system calls, all core syscalls are supported from Windows XP to 10.
https://github.com/jthuraisamy/SysWhispers
@WindowsHackingLibrary
https://github.com/jthuraisamy/SysWhispers
@WindowsHackingLibrary
GitHub
GitHub - jthuraisamy/SysWhispers: AV/EDR evasion via direct system calls.
AV/EDR evasion via direct system calls. Contribute to jthuraisamy/SysWhispers development by creating an account on GitHub.
No Shells Required - a Walkthrough on Using Impacket and Kerberos to Delegate Your Way to DA
http://blog.redxorblue.com/2019/12/no-shells-required-using-impacket-to.html
@WindowsHackingLibrary
http://blog.redxorblue.com/2019/12/no-shells-required-using-impacket-to.html
@WindowsHackingLibrary
Redxorblue
No Shells Required - a Walkthrough on Using Impacket and Kerberos to Delegate Your Way to DA
There are a ton of great resources that have been released in the past few years on a multitude of Kerberos delegation abuse avenues. Howe...
Mimidrv In Depth: Exploring Mimikatz’s Kernel Driver
https://posts.specterops.io/mimidrv-in-depth-4d273d19e148
@WindowsHackingLibrary
https://posts.specterops.io/mimidrv-in-depth-4d273d19e148
@WindowsHackingLibrary
Medium
Mimidrv In Depth: Exploring Mimikatz’s Kernel Driver
Mimikatz provides the opportunity to leverage kernel mode functions through the included driver, Mimidrv. Mimidrv is a signed Windows…
SpecterOps' Adversary Tactics - PowerShell Training course material
https://github.com/specterops/at-ps
@WindowsHackingLibrary
https://github.com/specterops/at-ps
@WindowsHackingLibrary
GitHub
GitHub - SpecterOps/at-ps: Adversary Tactics - PowerShell Training
Adversary Tactics - PowerShell Training. Contribute to SpecterOps/at-ps development by creating an account on GitHub.
Attacking Azure, Azure AD, and Introducing PowerZure
https://posts.specterops.io/attacking-azure-azure-ad-and-introducing-powerzure-ca70b330511a
@WindowsHackingLibrary
https://posts.specterops.io/attacking-azure-azure-ad-and-introducing-powerzure-ca70b330511a
@WindowsHackingLibrary
Medium
Attacking Azure, Azure AD, and Introducing PowerZure
Interacting with Azure, offensively
(Ab)using Kerberos from Linux
https://www.onsecurity.co.uk/blog/abusing-kerberos-from-linux
@WindowsHackingLibrary
https://www.onsecurity.co.uk/blog/abusing-kerberos-from-linux
@WindowsHackingLibrary
www.onsecurity.io
Abusing Kerberos From Linux - An Overview of Available Tools
Explore Kerberos abuse techniques on Linux with our comprehensive guide. Delve into the available tools and methods for effective Kerberos exploitation.
Rethinking Credential Theft
https://labs.f-secure.com/blog/rethinking-credential-theft
@WindowsHackingLibrary
https://labs.f-secure.com/blog/rethinking-credential-theft
@WindowsHackingLibrary
CVE-2020-0618: RCE in SQL Server Reporting Services (SSRS)
https://www.mdsec.co.uk/2020/02/cve-2020-0618-rce-in-sql-server-reporting-services-ssrs
@WindowsHackingLibrary
https://www.mdsec.co.uk/2020/02/cve-2020-0618-rce-in-sql-server-reporting-services-ssrs
@WindowsHackingLibrary
MDSec
CVE-2020-0618: RCE in SQL Server Reporting Services (SSRS) - MDSec
SQL Server Reporting Services (SSRS) provides a set of on-premises tools and services that create, deploy, and manage mobile and paginated reports. Functionality within the SSRS web application allowed low privileged...
Bypass Windows 10 User Group Policy (and more) with this One Weird Trick
https://medium.com/tenable-techblog/bypass-windows-10-user-group-policy-and-more-with-this-one-weird-trick-552d4bc5cc1b
@WindowsHackingLibrary
https://medium.com/tenable-techblog/bypass-windows-10-user-group-policy-and-more-with-this-one-weird-trick-552d4bc5cc1b
@WindowsHackingLibrary
Medium
Bypass Windows 10 User Group Policy (and more) with this One Weird Trick
I‘m going to share an (ab)use of a Windows feature which can result in bypassing User Group Policy (as well as a few other interesting…
[PT-BR]
CVE-2020-0668 Windows LPE - Análise e Exploração
https://youtu.be/KiqvlIc-cxY
@WindowsHackingLibrary
CVE-2020-0668 Windows LPE - Análise e Exploração
https://youtu.be/KiqvlIc-cxY
@WindowsHackingLibrary
YouTube
CVE-2020-0668 - Windows LPE - Análise e Exploração
A CVE-2020-0668, divulgada 11/02/2020, é uma vulnerabilidade que explora o Windows Service Tracing, possibilitando a Escalação de Privilégio Local (LPE). Nesse vídeo é possível entender como a falha funciona e como explorá-la.
Coloquei todos os comandos…
Coloquei todos os comandos…
Kerberosity Killed the Domain: An Offensive Kerberos Overview
https://posts.specterops.io/kerberosity-killed-the-domain-an-offensive-kerberos-overview-eb04b1402c61
@WindowsHackingLibrary
https://posts.specterops.io/kerberosity-killed-the-domain-an-offensive-kerberos-overview-eb04b1402c61
@WindowsHackingLibrary
Medium
Kerberosity Killed the Domain: An Offensive Kerberos Overview
Kerberos is the preferred way of authentication in a Windows domain, with NTLM being the alternative. Kerberos authentication is a very…
LDAPFragger: Command and Control over LDAP attributes
https://blog.fox-it.com/2020/03/19/ldapfragger-command-and-control-over-ldap-attributes
@WindowsHackingLibrary
https://blog.fox-it.com/2020/03/19/ldapfragger-command-and-control-over-ldap-attributes
@WindowsHackingLibrary
Fox-IT International blog
LDAPFragger: Command and Control over LDAP attributes
Written by Rindert Kramer Introduction A while back during a penetration test of an internal network, we encountered physically segmented networks. These networks contained workstations joined to t…
Windows Server 2008R2-2019 NetMan DLL Hijacking
https://itm4n.github.io/windows-server-netman-dll-hijacking
@WindowsHackingLibrary
https://itm4n.github.io/windows-server-netman-dll-hijacking
@WindowsHackingLibrary
itm4n’s blog
Windows Server 2008R2-2019 NetMan DLL Hijacking
What if I told you that all editions of Windows Server, from 2008R2 to 2019, are prone to a DLL Hijacking in the %PATH% directories? What if I also told you that the impacted service runs as NT AUTHORITY\SYSTEM and that the DLL loading can be triggered by…
Process Injection Part 1 | CreateRemoteThread()
https://sevrosecurity.com/2020/04/08/process-injection-part-1-createremotethread
Process Injection Part 2 | QueueUserAPC()
https://sevrosecurity.com/2020/04/13/process-injection-part-2-queueuserapc
@WindowsHackingLibrary
https://sevrosecurity.com/2020/04/08/process-injection-part-1-createremotethread
Process Injection Part 2 | QueueUserAPC()
https://sevrosecurity.com/2020/04/13/process-injection-part-2-queueuserapc
@WindowsHackingLibrary
I'm back in da booth...posting more frequently now on ;)
Invoking System Calls and Windows Debugger Engine
https://modexp.wordpress.com/2020/06/01/syscalls-disassembler/
@WindowsHackingLibrary
https://modexp.wordpress.com/2020/06/01/syscalls-disassembler/
@WindowsHackingLibrary
modexp
Invoking System Calls and Windows Debugger Engine
Introduction Quick post about Windows System calls that I forgot about working on after the release of Dumpert by Cn33liz last year, which is described in this post. Typically, EDR and AV set hooks…
Chimichurri Reloaded - Giving a Second Life to a 10-year old Windows Vulnerability
https://itm4n.github.io/chimichurri-reloaded
@WindowsHackingLibrary
https://itm4n.github.io/chimichurri-reloaded
@WindowsHackingLibrary
itm4n’s blog
Chimichurri Reloaded - Giving a Second Life to a 10-year old Windows Vulnerability
This is a kind of follow-up to my last post, in which I discussed a technique that can be used for elevating privileges to SYSTEM when you have impersonation capabilities. In the last part, I explained how this type of vulnerability could be fixed and I even…