Using Custom Covenant Listener Profiles & Grunt Templates to Elude AV
https://offensivedefence.co.uk/posts/covenant-profiles-templates
@WindowsHackingLibrary
https://offensivedefence.co.uk/posts/covenant-profiles-templates
@WindowsHackingLibrary
offensivedefence.co.uk
Using Custom Covenant Listener Profiles & Grunt Templates to Elude AV
Whenever we download an offensive tool from the Internet, it comes as no surprise when it gets snapped up by an anti-virus solution. AV vendors are certainly keeping a keen eye on tools posted publicly (insert conspiracy theory about Microsoft owning GitHub)…
WOW64!Hooks: WOW64 Subsystem Internals and Hooking Techniques
https://www.fireeye.com/blog/threat-research/2020/11/wow64-subsystem-internals-and-hooking-techniques.html
@WindowsHackingLibrary
https://www.fireeye.com/blog/threat-research/2020/11/wow64-subsystem-internals-and-hooking-techniques.html
@WindowsHackingLibrary
Google Cloud Blog
WOW64!Hooks: WOW64 Subsystem Internals and Hooking Techniques | Mandiant | Google Cloud Blog
Windows RpcEptMapper Service Insecure Registry Permissions EoP
https://itm4n.github.io/windows-registry-rpceptmapper-eop
@WindowsHackingLibrary
https://itm4n.github.io/windows-registry-rpceptmapper-eop
@WindowsHackingLibrary
itm4n’s blog
Windows RpcEptMapper Service Insecure Registry Permissions EoP
If you follow me on Twitter, you probably know that I developed my own Windows privilege escalation enumeration noscript - PrivescCheck - which is a sort of updated and extended version of the famous PowerUp. If you have ever run this noscript on Windows 7 or…
Gnome is a module to load your signed driver stealthily. The driver is extracted from the Gnome loader, dropped to disk and loaded using NtLoadDriver instead of the usual service creation driver loading which can be noisy and leaves large forensic artefacts behind such as service creation, service start/stop logs etc.
https://github.com/slaeryan/AQUARMOURY/tree/master/Gnome
@WindowsHackingLibrary
https://github.com/slaeryan/AQUARMOURY/tree/master/Gnome
@WindowsHackingLibrary
GitHub
AQUARMOURY/Gnome at master · slaeryan/AQUARMOURY
My musings in C and offensive tooling. Contribute to slaeryan/AQUARMOURY development by creating an account on GitHub.
Exploiting a “Simple” Vulnerability – In 35 Easy Steps or Less!
https://windows-internals.com/exploiting-a-simple-vulnerability-in-35-easy-steps-or-less
@WindowsHackingLibrary
https://windows-internals.com/exploiting-a-simple-vulnerability-in-35-easy-steps-or-less
@WindowsHackingLibrary
Forging malicious DOC, undetected by all VirusTotal static engines
https://arielkoren.com/blog/2020/12/24/forging-malicious-doc
@WindowsHackingLibrary
https://arielkoren.com/blog/2020/12/24/forging-malicious-doc
@WindowsHackingLibrary
A Modern Exploration of Windows Memory Corruption Exploits - Part I: Stack Overflows
https://www.forrest-orr.net/post/a-modern-exploration-of-windows-memory-corruption-exploits-part-i-stack-overflows
@WindowsHackingLibrary
https://www.forrest-orr.net/post/a-modern-exploration-of-windows-memory-corruption-exploits-part-i-stack-overflows
@WindowsHackingLibrary
ForrestOrr
A Modern Exploration of Windows Memory Corruption Exploits - Part I: Stack Overflows
IntroductionThe topic of memory corruption exploits can be a difficult one to initially break in to. When I first began to explore this topic on the Windows OS I was immediately struck by the surprising shortage of modern and publicly available information…
R.I.P ROP: CET Internals in Windows 20H1
http://windows-internals.com/cet-on-windows
@WindowsHackingLibrary
http://windows-internals.com/cet-on-windows
@WindowsHackingLibrary
Breaking The Browser – A tale of IPC, credentials and backdoors
https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors
@WindowsHackingLibrary
https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors
@WindowsHackingLibrary
Offensive Windows IPC Internals 1: Named Pipes
https://csandker.io/2021/01/10/Offensive-Windows-IPC-1-NamedPipes.html
@WindowsHackingLibrary
https://csandker.io/2021/01/10/Offensive-Windows-IPC-1-NamedPipes.html
@WindowsHackingLibrary
Using Spotify Playlists as Malware CDN | C2Tify
https://kaganisildak.com/2021/01/14/using-spotify-playlists-as-malware-cdn-c2tify
Github repo: https://github.com/kaganisildak/c2tify
@WindowsHackingLibrary
https://kaganisildak.com/2021/01/14/using-spotify-playlists-as-malware-cdn-c2tify
Github repo: https://github.com/kaganisildak/c2tify
@WindowsHackingLibrary
BitLocker Lockscreen bypass
https://secret.club/2021/01/15/bitlocker-bypass.html
@WindowsHackingLibrary
https://secret.club/2021/01/15/bitlocker-bypass.html
@WindowsHackingLibrary
secret club
BitLocker Lockscreen bypass
BitLocker is a modern data protection feature that is deeply integrated in the Windows kernel. It is used by many corporations as a means of protecting company secrets in case of theft. Microsoft recommends that you have a Trusted Platform Module which can…
Active Directory forest trusts part 1 - How does SID filtering work?
https://dirkjanm.io/active-directory-forest-trusts-part-one-how-does-sid-filtering-work
@WindowsHackingLibrary
https://dirkjanm.io/active-directory-forest-trusts-part-one-how-does-sid-filtering-work
@WindowsHackingLibrary
dirkjanm.io
Active Directory forest trusts part 1 - How does SID filtering work?
This is the first post in a series on cross-forest Active Directory trusts. It will explain what exactly Forest trusts are and how they are protected with SID filtering. If you’re new to Active Directory trusts, I recommend you start by reading harmj0y’s…
Offensive Windows IPC Internals 1: Named Pipes
https://csandker.io/2021/01/10/Offensive-Windows-IPC-1-NamedPipes.html
@WindowsHackingLibrary
https://csandker.io/2021/01/10/Offensive-Windows-IPC-1-NamedPipes.html
@WindowsHackingLibrary
Endpoint Detection and Response: How Hackers Have Evolved
https://www.optiv.com/explore-optiv-insights/source-zero/endpoint-detection-and-response-how-hackers-have-evolved
@WindowsHackingLibrary
https://www.optiv.com/explore-optiv-insights/source-zero/endpoint-detection-and-response-how-hackers-have-evolved
@WindowsHackingLibrary
w0rk3r's Windows Hacking Library
Endpoint Detection and Response: How Hackers Have Evolved https://www.optiv.com/explore-optiv-insights/source-zero/endpoint-detection-and-response-how-hackers-have-evolved @WindowsHackingLibrary
EDR and Blending In: How Attackers Avoid Getting Caught
Part 2 of the series
https://www.optiv.com/explore-optiv-insights/source-zero/edr-and-blending-how-attackers-avoid-getting-caught
@WindowsHackingLibrary
Part 2 of the series
https://www.optiv.com/explore-optiv-insights/source-zero/edr-and-blending-how-attackers-avoid-getting-caught
@WindowsHackingLibrary
Farming for Red Teams: Harvesting NetNTLM
https://www.mdsec.co.uk/2021/02/farming-for-red-teams-harvesting-netntlm
@WindowsHackingLibrary
https://www.mdsec.co.uk/2021/02/farming-for-red-teams-harvesting-netntlm
@WindowsHackingLibrary
MDSec
Farming for Red Teams: Harvesting NetNTLM - MDSec
Overview In the ActiveBreach red team, we’re always looking for innovative approaches for lateral movement and privilege escalation. For many of the environments we operate in, focusing on the classic...
Trust Direction: An Enabler for Active Directory Enumeration and Trust Exploitation
https://bohops.com/2017/12/02/trust-direction-an-enabler-for-active-directory-enumeration-and-trust-exploitation
@WindowsHackingLibrary
https://bohops.com/2017/12/02/trust-direction-an-enabler-for-active-directory-enumeration-and-trust-exploitation
@WindowsHackingLibrary
bohops
Trust Direction: An Enabler for Active Directory Enumeration and Trust Exploitation
Introduction Active Directory (AD) Trusts have been a hot topic as of late. @harmj0y posted a recent entry about domain trusts [A Guide to Attacking Domain Trusts]. It provides a great understand…
Anatomy of an Exploit: RCE with CVE-2020-1350 SIGRed
https://www.graplsecurity.com/post/anatomy-of-an-exploit-rce-with-cve-2020-1350-sigred
@WindowsHackingLibrary
https://www.graplsecurity.com/post/anatomy-of-an-exploit-rce-with-cve-2020-1350-sigred
@WindowsHackingLibrary