Gnome is a module to load your signed driver stealthily. The driver is extracted from the Gnome loader, dropped to disk and loaded using NtLoadDriver instead of the usual service creation driver loading which can be noisy and leaves large forensic artefacts behind such as service creation, service start/stop logs etc.
https://github.com/slaeryan/AQUARMOURY/tree/master/Gnome
@WindowsHackingLibrary
https://github.com/slaeryan/AQUARMOURY/tree/master/Gnome
@WindowsHackingLibrary
GitHub
AQUARMOURY/Gnome at master · slaeryan/AQUARMOURY
My musings in C and offensive tooling. Contribute to slaeryan/AQUARMOURY development by creating an account on GitHub.
Exploiting a “Simple” Vulnerability – In 35 Easy Steps or Less!
https://windows-internals.com/exploiting-a-simple-vulnerability-in-35-easy-steps-or-less
@WindowsHackingLibrary
https://windows-internals.com/exploiting-a-simple-vulnerability-in-35-easy-steps-or-less
@WindowsHackingLibrary
Forging malicious DOC, undetected by all VirusTotal static engines
https://arielkoren.com/blog/2020/12/24/forging-malicious-doc
@WindowsHackingLibrary
https://arielkoren.com/blog/2020/12/24/forging-malicious-doc
@WindowsHackingLibrary
A Modern Exploration of Windows Memory Corruption Exploits - Part I: Stack Overflows
https://www.forrest-orr.net/post/a-modern-exploration-of-windows-memory-corruption-exploits-part-i-stack-overflows
@WindowsHackingLibrary
https://www.forrest-orr.net/post/a-modern-exploration-of-windows-memory-corruption-exploits-part-i-stack-overflows
@WindowsHackingLibrary
ForrestOrr
A Modern Exploration of Windows Memory Corruption Exploits - Part I: Stack Overflows
IntroductionThe topic of memory corruption exploits can be a difficult one to initially break in to. When I first began to explore this topic on the Windows OS I was immediately struck by the surprising shortage of modern and publicly available information…
R.I.P ROP: CET Internals in Windows 20H1
http://windows-internals.com/cet-on-windows
@WindowsHackingLibrary
http://windows-internals.com/cet-on-windows
@WindowsHackingLibrary
Breaking The Browser – A tale of IPC, credentials and backdoors
https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors
@WindowsHackingLibrary
https://www.mdsec.co.uk/2021/01/breaking-the-browser-a-tale-of-ipc-credentials-and-backdoors
@WindowsHackingLibrary
Offensive Windows IPC Internals 1: Named Pipes
https://csandker.io/2021/01/10/Offensive-Windows-IPC-1-NamedPipes.html
@WindowsHackingLibrary
https://csandker.io/2021/01/10/Offensive-Windows-IPC-1-NamedPipes.html
@WindowsHackingLibrary
Using Spotify Playlists as Malware CDN | C2Tify
https://kaganisildak.com/2021/01/14/using-spotify-playlists-as-malware-cdn-c2tify
Github repo: https://github.com/kaganisildak/c2tify
@WindowsHackingLibrary
https://kaganisildak.com/2021/01/14/using-spotify-playlists-as-malware-cdn-c2tify
Github repo: https://github.com/kaganisildak/c2tify
@WindowsHackingLibrary
BitLocker Lockscreen bypass
https://secret.club/2021/01/15/bitlocker-bypass.html
@WindowsHackingLibrary
https://secret.club/2021/01/15/bitlocker-bypass.html
@WindowsHackingLibrary
secret club
BitLocker Lockscreen bypass
BitLocker is a modern data protection feature that is deeply integrated in the Windows kernel. It is used by many corporations as a means of protecting company secrets in case of theft. Microsoft recommends that you have a Trusted Platform Module which can…
Active Directory forest trusts part 1 - How does SID filtering work?
https://dirkjanm.io/active-directory-forest-trusts-part-one-how-does-sid-filtering-work
@WindowsHackingLibrary
https://dirkjanm.io/active-directory-forest-trusts-part-one-how-does-sid-filtering-work
@WindowsHackingLibrary
dirkjanm.io
Active Directory forest trusts part 1 - How does SID filtering work?
This is the first post in a series on cross-forest Active Directory trusts. It will explain what exactly Forest trusts are and how they are protected with SID filtering. If you’re new to Active Directory trusts, I recommend you start by reading harmj0y’s…
Offensive Windows IPC Internals 1: Named Pipes
https://csandker.io/2021/01/10/Offensive-Windows-IPC-1-NamedPipes.html
@WindowsHackingLibrary
https://csandker.io/2021/01/10/Offensive-Windows-IPC-1-NamedPipes.html
@WindowsHackingLibrary
Endpoint Detection and Response: How Hackers Have Evolved
https://www.optiv.com/explore-optiv-insights/source-zero/endpoint-detection-and-response-how-hackers-have-evolved
@WindowsHackingLibrary
https://www.optiv.com/explore-optiv-insights/source-zero/endpoint-detection-and-response-how-hackers-have-evolved
@WindowsHackingLibrary
w0rk3r's Windows Hacking Library
Endpoint Detection and Response: How Hackers Have Evolved https://www.optiv.com/explore-optiv-insights/source-zero/endpoint-detection-and-response-how-hackers-have-evolved @WindowsHackingLibrary
EDR and Blending In: How Attackers Avoid Getting Caught
Part 2 of the series
https://www.optiv.com/explore-optiv-insights/source-zero/edr-and-blending-how-attackers-avoid-getting-caught
@WindowsHackingLibrary
Part 2 of the series
https://www.optiv.com/explore-optiv-insights/source-zero/edr-and-blending-how-attackers-avoid-getting-caught
@WindowsHackingLibrary
Farming for Red Teams: Harvesting NetNTLM
https://www.mdsec.co.uk/2021/02/farming-for-red-teams-harvesting-netntlm
@WindowsHackingLibrary
https://www.mdsec.co.uk/2021/02/farming-for-red-teams-harvesting-netntlm
@WindowsHackingLibrary
MDSec
Farming for Red Teams: Harvesting NetNTLM - MDSec
Overview In the ActiveBreach red team, we’re always looking for innovative approaches for lateral movement and privilege escalation. For many of the environments we operate in, focusing on the classic...
Trust Direction: An Enabler for Active Directory Enumeration and Trust Exploitation
https://bohops.com/2017/12/02/trust-direction-an-enabler-for-active-directory-enumeration-and-trust-exploitation
@WindowsHackingLibrary
https://bohops.com/2017/12/02/trust-direction-an-enabler-for-active-directory-enumeration-and-trust-exploitation
@WindowsHackingLibrary
bohops
Trust Direction: An Enabler for Active Directory Enumeration and Trust Exploitation
Introduction Active Directory (AD) Trusts have been a hot topic as of late. @harmj0y posted a recent entry about domain trusts [A Guide to Attacking Domain Trusts]. It provides a great understand…
Anatomy of an Exploit: RCE with CVE-2020-1350 SIGRed
https://www.graplsecurity.com/post/anatomy-of-an-exploit-rce-with-cve-2020-1350-sigred
@WindowsHackingLibrary
https://www.graplsecurity.com/post/anatomy-of-an-exploit-rce-with-cve-2020-1350-sigred
@WindowsHackingLibrary
Forwarded from Security Talks (Jonhnathan Jonhnathan Jonhnathan)
YouTube
[English] You Do (Not) Understand Kerberos
Understanding how Kerberos works, but also WHY it works the way it does
From the creator of AdFind, AdMod!
https://blog.joeware.net/2021/03/17/6030
Tool Link: http://www.joeware.net/freetools/tools/admod
@WindowsHackingLibrary
https://blog.joeware.net/2021/03/17/6030
Tool Link: http://www.joeware.net/freetools/tools/admod
@WindowsHackingLibrary
The Power of SeImpersonation
https://micahvandeusen.com/the-power-of-seimpersonation
@WindowsHackingLibrary
https://micahvandeusen.com/the-power-of-seimpersonation
@WindowsHackingLibrary
Micah Van Deusen’s Blog
The Power of SeImpersonation
SeImpersonate is a powerful privilege that allows the ability to impersonate any token it can acquire a handle on. This is an already well researched privilege as there are a whole slew of privilege escalations that utilize this privilege and amazing articles…