Using Kerberos for Authentication Relay Attacks
https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html
@WindowsHackingLibrary
https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html
@WindowsHackingLibrary
Blogspot
Using Kerberos for Authentication Relay Attacks
Posted by James Forshaw, Project Zero This blog post is a summary of some research I've been doing into relaying Kerberos authentica...
Windows Exploitation Tricks: Relaying DCOM Authentication
https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html
@WindowsHackingLibrary
https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html
@WindowsHackingLibrary
Blogspot
Windows Exploitation Tricks: Relaying DCOM Authentication
Posted by James Forshaw, Project Zero In my previous blog post I discussed the possibility of relaying Kerberos authentication from a...
CVE-2021-42287/CVE-2021-42278 Weaponisation
https://exploit.ph/cve-2021-42287-cve-2021-42278-weaponisation.html
@WindowsHackingLibrary
https://exploit.ph/cve-2021-42287-cve-2021-42278-weaponisation.html
@WindowsHackingLibrary
Exploit samAccountName spoofing with Kerberos
https://cloudbrothers.info/en/exploit-kerberos-samaccountname-spoofing
@WindowsHackingLibrary
https://cloudbrothers.info/en/exploit-kerberos-samaccountname-spoofing
@WindowsHackingLibrary
cloudbrothers.info
Exploit samAccountName spoofing with Kerberos
When Microsoft released the November 2021 patches, the following CVEs caught the eye of many security professionals because they allow impersonation of a domain controller in an Active Directory environment.
CVE-2021-42278 - KB5008102 Active Directory Security…
CVE-2021-42278 - KB5008102 Active Directory Security…
Windows Drivers Reverse Engineering Methodology
https://voidsec.com/windows-drivers-reverse-engineering-methodology
@WindowsHackingLibrary
https://voidsec.com/windows-drivers-reverse-engineering-methodology
@WindowsHackingLibrary
VoidSec
Windows Drivers Reverse Engineering Methodology
Methodology for reverse engineering Windows drivers, finding vulnerabilities and understanding their exploitability.
Sandboxing Antimalware Products for Fun and Profit
https://elastic.github.io/security-research/whitepapers/2022/02/02.sandboxing-antimalware-products-for-fun-and-profit/article
@WindowsHackingLibrary
https://elastic.github.io/security-research/whitepapers/2022/02/02.sandboxing-antimalware-products-for-fun-and-profit/article
@WindowsHackingLibrary
Forwarded from w0rk3r's Blue team Library (Jonhnathan Jonhnathan Jonhnathan)
Exploring Windows UAC Bypasses: Techniques and Detection Strategies
https://elastic.github.io/security-research/whitepapers/2022/02/03.exploring-windows-uac-bypass-techniques-detection-strategies/article/
@BlueTeamLibrary
https://elastic.github.io/security-research/whitepapers/2022/02/03.exploring-windows-uac-bypass-techniques-detection-strategies/article/
@BlueTeamLibrary
Introducing the Golden GMSA Attack
https://www.semperis.com/blog/golden-gmsa-attack
@WindowsHackingLibrary
https://www.semperis.com/blog/golden-gmsa-attack
@WindowsHackingLibrary
Semperis
gMSA Active Directory Attacks | Semperis AD Guides
Group Managed Service Accounts (gMSAs) are vulverable to attacks called a "Golden gMSA". Learn more about GMSA Active Directory attacks on our blog.
Group Policy Folder Redirection CVE-2021-26887
https://decoder.cloud/2022/04/27/group-policy-folder-redirection-cve-2021-26887
@WindowsHackingLibrary
https://decoder.cloud/2022/04/27/group-policy-folder-redirection-cve-2021-26887
@WindowsHackingLibrary
Decoder's Blog
Group Policy Folder Redirection CVE-2021-26887
Two years ago (march 2020), I found this sort of “vulnerability” in Folder Redirection policy and reported it to MSRC. They acknowledged it with CVE-2021-26887 even if they did not real…
KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
https://github.com/Dec0ne/KrbRelayUp
@WindowsHackingLibrary
https://github.com/Dec0ne/KrbRelayUp
@WindowsHackingLibrary
GitHub
GitHub - Dec0ne/KrbRelayUp: KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP…
KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings). - Dec0ne/KrbRelayUp
Analysing LastPass, Part 1
https://www.mdsec.co.uk/2022/10/analysing-lastpass-part-1
@WindowsHackingLibrary
https://www.mdsec.co.uk/2022/10/analysing-lastpass-part-1
@WindowsHackingLibrary
MDSec
Analysing LastPass, Part 1 - MDSec
Having been in IT longer than I care to remember, one issue keeps coming up. It doesn’t matter how well you have implemented <insert security mechanism> what really matters is...
Fantastic Rootkits: And Where to Find Them (Part 1)
https://www.cyberark.com/resources/threat-research-blog/fantastic-rootkits-and-where-to-find-them-part-1
@WindowsHackingLibrary
https://www.cyberark.com/resources/threat-research-blog/fantastic-rootkits-and-where-to-find-them-part-1
@WindowsHackingLibrary
Cyberark
Fantastic Rootkits: And Where to Find Them (Part 1)
Introduction In this blog series, we will cover the topic of rootkits — how they are built and the basics of kernel driver analysis — specifically on the Windows platform. In this first part, we...
At the Edge of Tier Zero: The Curious Case of the RODC
https://posts.specterops.io/at-the-edge-of-tier-zero-the-curious-case-of-the-rodc-ef5f1799ca06
@WindowsHackingLibrary
https://posts.specterops.io/at-the-edge-of-tier-zero-the-curious-case-of-the-rodc-ef5f1799ca06
@WindowsHackingLibrary
Medium
At the Edge of Tier Zero: The Curious Case of the RODC
At the Edge of Tier Zero: The Curious Case of the RODC The read-only Domain Controller (RODC) is a solution that Microsoft introduced for physical locations that don’t have adequate security to …
External Trusts Are Evil // Breaking Trust Transitivity
https://exploit.ph/external-trusts-are-evil.html
@WindowsHackingLibrary
https://exploit.ph/external-trusts-are-evil.html
@WindowsHackingLibrary
I’ve Got a Golden Twinkle in My Eye
The Kerberos Ticket Granting Ticket (KRBTGT) account is one of the most important accounts in a Windows Active Directory (AD) domain. Once the KRBTGT account has been exposed to an attacker this can allow them to conduct the Golden Ticket (GT) attack, which can grant them persistence, unfettered access, and may allow for privilege escalation in AD. This talk will stress the importance of the KRBTGT account and why it is often a high value target (HVT) for attackers. A detailed examination of the GT attack and defence techniques will be demonstrated.
https://www.youtube.com/watch?v=ABd0dm8MbDo
@WindowsHackingLibrary
The Kerberos Ticket Granting Ticket (KRBTGT) account is one of the most important accounts in a Windows Active Directory (AD) domain. Once the KRBTGT account has been exposed to an attacker this can allow them to conduct the Golden Ticket (GT) attack, which can grant them persistence, unfettered access, and may allow for privilege escalation in AD. This talk will stress the importance of the KRBTGT account and why it is often a high value target (HVT) for attackers. A detailed examination of the GT attack and defence techniques will be demonstrated.
https://www.youtube.com/watch?v=ABd0dm8MbDo
@WindowsHackingLibrary
YouTube
I’ve Got a Golden Twinkle in My Eye
SANS PenTest HackFest 2022
Speakers: Andrew Schwartz, Practice Lead, TrustedSec & Charlie Clark, Security Researcher, Semperis
The Kerberos Ticket Granting Ticket (KRBTGT) account is one of the most important accounts in a Windows Active Directory (AD)…
Speakers: Andrew Schwartz, Practice Lead, TrustedSec & Charlie Clark, Security Researcher, Semperis
The Kerberos Ticket Granting Ticket (KRBTGT) account is one of the most important accounts in a Windows Active Directory (AD)…
Windows Secrets Extraction: A Summary
https://www.synacktiv.com/publications/windows-secrets-extraction-a-summary
@WindowsHackingLibrary
https://www.synacktiv.com/publications/windows-secrets-extraction-a-summary
@WindowsHackingLibrary
Synacktiv
Windows secrets extraction: a summary
CVE-2023-38146: Arbitrary Code Execution via Windows Themes
https://exploits.forsale/themebleed/
@WindowsHackingLibrary
https://exploits.forsale/themebleed/
@WindowsHackingLibrary
Inside Microsoft's plan to kill PPLFault
"In this research publication, we'll learn about upcoming improvements to the Windows Code Integrity subsystem that will make it harder for malware to tamper with Anti-Malware processes and other important security features."
https://www.elastic.co/security-labs/inside-microsofts-plan-to-kill-pplfault
@WindowsHackingLibrary
"In this research publication, we'll learn about upcoming improvements to the Windows Code Integrity subsystem that will make it harder for malware to tamper with Anti-Malware processes and other important security features."
https://www.elastic.co/security-labs/inside-microsofts-plan-to-kill-pplfault
@WindowsHackingLibrary
www.elastic.co
Inside Microsoft's plan to kill PPLFault — Elastic Security Labs
In this research publication, we'll learn about upcoming improvements to the Windows Code Integrity subsystem that will make it harder for malware to tamper with Anti-Malware processes and other important security features.