Powercat
Netcat: The powershell version.
https://github.com/besimorhino/powercat
@WindowsHackingLibrary
Netcat: The powershell version.
https://github.com/besimorhino/powercat
@WindowsHackingLibrary
GitHub
GitHub - besimorhino/powercat: netshell features all in version 2 powershell
netshell features all in version 2 powershell. Contribute to besimorhino/powercat development by creating an account on GitHub.
Windows Privilege Escalation Methods for Pentesters
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
@WindowsHackingLibrary
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
@WindowsHackingLibrary
Getting Domain Admin with Kerberos Unconstrained Delegation
http://www.labofapenetrationtester.com/2016/02/getting-domain-admin-with-kerberos-unconstrained-delegation.html
@WindowsHackingLibrary
http://www.labofapenetrationtester.com/2016/02/getting-domain-admin-with-kerberos-unconstrained-delegation.html
@WindowsHackingLibrary
Labofapenetrationtester
Getting Domain Admin with Kerberos Unconstrained Delegation
Home of Nikhil SamratAshok Mittal. Posts about Red Teaming, Offensive PowerShell, Active Directory and Pen Testing.
Scanning for Active Directory Privileges & Privileged Accounts
https://adsecurity.org/?p=3658
@WindowsHackingLibrary
https://adsecurity.org/?p=3658
@WindowsHackingLibrary
Automated AD and Windows test lab deployments with Invoke-ADLabDeployer
https://outflank.nl/blog/2018/03/30/automated-ad-and-windows-test-lab-deployments-with-invoke-adlabdeployer/
@WindowsHackingLibrary
https://outflank.nl/blog/2018/03/30/automated-ad-and-windows-test-lab-deployments-with-invoke-adlabdeployer/
@WindowsHackingLibrary
w0rk3r's Windows Hacking Library
Simplifying Password Spraying https://www.trustwave.com/Resources/SpiderLabs-Blog/Simplifying-Password-Spraying/ @WindowsHackingLibrary
A Password Spraying tool for Active Directory Credentials
https://github.com/SpiderLabs/Spray
@WindowsHackingLibrary
https://github.com/SpiderLabs/Spray
@WindowsHackingLibrary
GitHub
GitHub - Greenwolf/Spray: A Password Spraying tool for Active Directory Credentials by Jacob Wilkin(Greenwolf)
A Password Spraying tool for Active Directory Credentials by Jacob Wilkin(Greenwolf) - GitHub - Greenwolf/Spray: A Password Spraying tool for Active Directory Credentials by Jacob Wilkin(Greenwolf)
Abusing SeLoadDriverPrivilege for privilege escalation
https://www.tarlogic.com/en/blog/abusing-seloaddriverprivilege-for-privilege-escalation/
@WindowsHackingLibrary
https://www.tarlogic.com/en/blog/abusing-seloaddriverprivilege-for-privilege-escalation/
@WindowsHackingLibrary
Tarlogic Security
Abusing SeLoadDriverPrivilege for privilege escalation
Analysis of the "Load and unload device drivers" policy (SeLoadDriverPrivilege), which specifies users allowed to load device drivers.
Exploring PowerShell AMSI and Logging Evasion
https://www.mdsec.co.uk/2018/06/exploring-powershell-amsi-and-logging-evasion/
@WindowsHackingLibrary
https://www.mdsec.co.uk/2018/06/exploring-powershell-amsi-and-logging-evasion/
@WindowsHackingLibrary
Weaponizing .SettingContent-ms Extensions for Code Execution
https://www.trustedsec.com/2018/06/weaponizing-settingcontent
@WindowsHackingLibrary
https://www.trustedsec.com/2018/06/weaponizing-settingcontent
@WindowsHackingLibrary
TrustedSec
Cybersecurity Education from the Experts | TrustedSec Blog Posts
Learn more about how to safeguard your company through our educational blog posts on everything from updated tech to the newest scams infiltrating organizations today.
WMImplant Post-Exploitation – An Introduction
https://www.fortynorthsecurity.com/wmimplant-post-exploitation-an-introduction
@WindowsHackingLibrary
https://www.fortynorthsecurity.com/wmimplant-post-exploitation-an-introduction
@WindowsHackingLibrary
FortyNorth Security Blog
An Introduction to WMImplant Post-Exploitation
Up to this point in time, I’ve explained in previous talks how WMImplant can be useful when attempting to operate on Device Guard protected systems. If the entire environment is Device Guard protected, you will first need to get code execution, but once you…
Pentester Windows NTFS tricks collection
https://sec-consult.com/en/blog/2018/06/pentesters-windows-ntfs-tricks-collection/
@WindowsHackingLibrary
https://sec-consult.com/en/blog/2018/06/pentesters-windows-ntfs-tricks-collection/
@WindowsHackingLibrary
SEC Consult
Pentester’S Windows NTFS Tricks Collection
In this blog post René Freingruber (@ReneFreingruber) from the SEC Consult Vulnerability Lab shares different filesystem tricks which were collected over the last years from various blog posts or found by himself.
PowerShell: How to get a list of all installed Software on Remote Computers
https://sid-500.com/2018/04/02/powershell-how-to-get-a-list-of-all-installed-software-on-remote-computers
@WindowsHackingLibrary
https://sid-500.com/2018/04/02/powershell-how-to-get-a-list-of-all-installed-software-on-remote-computers
@WindowsHackingLibrary
Tokenvator: A Tool to Elevate Privilege using Windows Tokens
https://blog.netspi.com/tokenvator-a-tool-to-elevate-privilege-using-windows-tokens
@WindowsHackingLibrary
https://blog.netspi.com/tokenvator-a-tool-to-elevate-privilege-using-windows-tokens
@WindowsHackingLibrary
NetSPI
Tokenvator: A Tool to Elevate Privilege using Windows Tokens
Tokenvator: A Tool to Elevate Privilege using Windows Tokens – It works by impersonating or altering authentication tokens in processes that the executing process has the appropriate level of permissions to.
Disabling AMSI in JScript with One Simple Trick
https://tyranidslair.blogspot.com/2018/06/disabling-amsi-in-jnoscript-with-one.html
@WindowsHackingLibrary
https://tyranidslair.blogspot.com/2018/06/disabling-amsi-in-jnoscript-with-one.html
@WindowsHackingLibrary
www.tiraniddo.dev
Disabling AMSI in JScript with One Simple Trick
This blog contains a very quick and dirty way to disable AMSI in the context of Windows Scripting Host which doesn't require admin privilege...
Inveigh is a PowerShell LLMNR/mDNS/NBNS spoofer and man-in-the-middle tool designed to assist penetration testers/red teamers that find themselves limited to a Windows system.
https://github.com/Kevin-Robertson/Inveigh/blob/master/README.md
@WindowsHackingLibrary
https://github.com/Kevin-Robertson/Inveigh/blob/master/README.md
@WindowsHackingLibrary
GitHub
Inveigh/README.md at master · Kevin-Robertson/Inveigh
.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers - Inveigh/README.md at master · Kevin-Robertson/Inveigh
A multithreaded tool designed to identify if credentials are valid, invalid, or local admin valid credentials within a network at-scale via SMB, plus now with a user hunter
https://github.com/Raikia/CredNinja
@WindowsHackingLibrary
https://github.com/Raikia/CredNinja
@WindowsHackingLibrary
GitHub
GitHub - Raikia/CredNinja: A multithreaded tool designed to identify if credentials are valid, invalid, or local admin valid credentials…
A multithreaded tool designed to identify if credentials are valid, invalid, or local admin valid credentials within a network at-scale via SMB, plus now with a user hunter - Raikia/CredNinja
PSScriptAnalyzer is a static code checker for Windows PowerShell modules and noscripts. PSScriptAnalyzer checks the quality of Windows PowerShell code by running a set of rules. The rules are based on PowerShell best practices identified by PowerShell Team and the community. It generates DiagnosticResults (errors and warnings) to inform users about potential code defects and suggests possible solutions for improvements.
https://github.com/PowerShell/PSScriptAnalyzer
@WindowsHackingLibrary
https://github.com/PowerShell/PSScriptAnalyzer
@WindowsHackingLibrary
GitHub
GitHub - PowerShell/PSScriptAnalyzer: Download ScriptAnalyzer from PowerShellGallery
Download ScriptAnalyzer from PowerShellGallery. Contribute to PowerShell/PSScriptAnalyzer development by creating an account on GitHub.
Bypassing SQL Server Logon Trigger Restrictions
https://blog.netspi.com/bypass-sql-logon-triggers/
@WindowsHackingLibrary
https://blog.netspi.com/bypass-sql-logon-triggers/
@WindowsHackingLibrary
NetSPI Blog
Bypassing SQL Server Logon Trigger Restrictions
This shows how to bypass SQL Server logon trigger restrictions by spoofing hostnames and application names using lesser known connection string properties.
Spoof SSDP replies to phish for NTLM hashes on a network. Creates a fake UPNP device, tricking users into visiting a malicious phishing page.
https://gitlab.com/initstring/evil-ssdp
@WindowsHackingLibrary
https://gitlab.com/initstring/evil-ssdp
@WindowsHackingLibrary
GitLab
initstring / evil-ssdp · GitLab
Spoof SSDP replies to phish for credentials and NetNTLM challenge/response. Creates a fake UPNP device, tricking users into visiting a malicious phishing page. Also detects and exploits XXE...