Updated PoC Mimikatz Loader for 2018
PoC: https://gist.github.com/caseysmithrc/87f6572547f633f13a8482a0c91fb7b7
One-Liner: https://gist.github.com/xillwillx/96e2c5011577d8583635ad7bf6d4fb58
@WindowsHackingLibrary
Via: @SubTee
PoC: https://gist.github.com/caseysmithrc/87f6572547f633f13a8482a0c91fb7b7
One-Liner: https://gist.github.com/xillwillx/96e2c5011577d8583635ad7bf6d4fb58
@WindowsHackingLibrary
Via: @SubTee
Gist
Updated Katz.cs - Latest Mimikatz, I mean honestly it is 2018...
Updated Katz.cs - Latest Mimikatz, I mean honestly it is 2018... - katz.cs
Domain Penetration Testing: Using BloodHound, Crackmapexec, & Mimikatz to get Domain Admin
https://hausec.com/2017/10/21/domain-penetration-testing-using-bloodhound-crackmapexec-mimikatz-to-get-domain-admin
@WindowsHackingLibrary
https://hausec.com/2017/10/21/domain-penetration-testing-using-bloodhound-crackmapexec-mimikatz-to-get-domain-admin
@WindowsHackingLibrary
hausec
Domain Penetration Testing: Using BloodHound, Crackmapexec, & Mimikatz to get Domain Admin
In the previous two articles, I gathered local user credentials and escalated to local administrator, with my next step is getting to domain admin. Since I have local admin, I’ll be using a t…
Ultimate AppLocker ByPass List: The goal of this repository is to document the most common techniques to bypass AppLocker.
https://github.com/api0cradle/UltimateAppLockerByPassList/tree/Dev
@WindowsHackingLibrary
https://github.com/api0cradle/UltimateAppLockerByPassList/tree/Dev
@WindowsHackingLibrary
GitHub
GitHub - api0cradle/UltimateAppLockerByPassList at Dev
The goal of this repository is to document the most common techniques to bypass AppLocker. - GitHub - api0cradle/UltimateAppLockerByPassList at Dev
LDAP Injection Cheat Sheet, Attack Examples & Protection
https://www.checkmarx.com/knowledge/knowledgebase/LDAP
@WindowsHackingLibrary
https://www.checkmarx.com/knowledge/knowledgebase/LDAP
@WindowsHackingLibrary
PowerShell script which allows pausing\unpausing Win32/64 exes
https://github.com/besimorhino/Pause-Process
@WindowsHackingLibrary
https://github.com/besimorhino/Pause-Process
@WindowsHackingLibrary
GitHub
GitHub - besimorhino/Pause-Process: PowerShell script which allows pausing\unpausing Win32/64 exes
PowerShell script which allows pausing\unpausing Win32/64 exes - besimorhino/Pause-Process
ASP.NET resource files (.RESX) and deserialisation issues
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/august/aspnet-resource-files-resx-and-deserialisation-issues/
@WindowsHackingLibrary
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/august/aspnet-resource-files-resx-and-deserialisation-issues/
@WindowsHackingLibrary
Exploiting XXE Vulnerabilities in IIS/.NET
https://pen-testing.sans.org/blog/2017/12/08/entity-inception-exploiting-iis-net-with-xxe-vulnerabilities
@WindowsHackingLibrary
https://pen-testing.sans.org/blog/2017/12/08/entity-inception-exploiting-iis-net-with-xxe-vulnerabilities
@WindowsHackingLibrary
pen-testing.sans.org
SANS Penetration Testing | Exploiting XXE Vulnerabilities in IIS/.NET | SANS Institute
SANS Penetration Testing blog pertaining to Exploiting XXE Vulnerabilities in IIS/.NET
When "ASLR" Is Not Really ASLR - The Case of Incorrect Assumptions and Bad Defaults
https://insights.sei.cmu.edu/cert/2018/08/when-aslr-is-not-really-aslr---the-case-of-incorrect-assumptions-and-bad-defaults.html
@WindowsHackingLibrary
https://insights.sei.cmu.edu/cert/2018/08/when-aslr-is-not-really-aslr---the-case-of-incorrect-assumptions-and-bad-defaults.html
@WindowsHackingLibrary
SEI Blog
When
As a vulnerability analyst at the CERT Coordination Center, I am interested not only in software vulnerabilities themselves, but also exploits and exploit mitigations....
Capturing NetNTLM Hashes with Office [DOT] XML Documents
https://bohops.com/2018/08/04/capturing-netntlm-hashes-with-office-dot-xml-documents
@WindowsHackingLibrary
https://bohops.com/2018/08/04/capturing-netntlm-hashes-with-office-dot-xml-documents
@WindowsHackingLibrary
bohops
Capturing NetNTLM Hashes with Office [DOT] XML Documents
TL;DR An Office XML (.xml) document can call a remote XSL stylesheet over SMB. If this occurs against an attacker controlled server, the net-NTLM authentication hash (challenge/response) of t…
Copying Files via WMI and PowerShell
https://www.fortynorthsecurity.com/copying-files-via-wmi-and-powershell
@WindowsHackingLibrary
https://www.fortynorthsecurity.com/copying-files-via-wmi-and-powershell
@WindowsHackingLibrary
Using WinRM Through Meterpreter
https://www.trustedsec.com/2017/09/using-winrm-meterpreter
@WindowsHackingLibrary
https://www.trustedsec.com/2017/09/using-winrm-meterpreter
@WindowsHackingLibrary
TrustedSec
Cybersecurity Education from the Experts | TrustedSec Blog Posts
Learn more about how to safeguard your company through our educational blog posts on everything from updated tech to the newest scams infiltrating organizations today.
Forwarded from w0rk3r's Blue team Library (Jonhnathan Jonhnathan Jonhnathan)
TBAL: an (accidental?) DPAPI Backdoor for local users
https://vztekoverflow.com/2018/07/31/tbal-dpapi-backdoor
@BlueTeamLibrary
https://vztekoverflow.com/2018/07/31/tbal-dpapi-backdoor
@BlueTeamLibrary
VztekOverflow
TBAL: an (accidental?) DPAPI Backdoor for local users
a.k.a how a convenience feature undermined a security feature
Forwarded from w0rk3r's Blue team Library (Jonhnathan Jonhnathan Jonhnathan)
YouTube
TBAL: an (accidental?) DPAPI Backdoor for local users
The Data Protection API (DPAPI) provided by Windows is a way of protecting secrets used by a lot of popular software solutions, most famously by Google Chrome when storing passwords and cookies. A lot has been said recently about the security of this API…
P0wnedShell:
PowerShell Runspace Post Exploitation Toolkit
https://github.com/Cn33liz/p0wnedShell
@WindowsHackingLibrary
PowerShell Runspace Post Exploitation Toolkit
https://github.com/Cn33liz/p0wnedShell
@WindowsHackingLibrary
GitHub
GitHub - Cn33liz/p0wnedShell: PowerShell Runspace Post Exploitation Toolkit
PowerShell Runspace Post Exploitation Toolkit. Contribute to Cn33liz/p0wnedShell development by creating an account on GitHub.
mimiDbg:
PowerShell oneliner to retrieve wdigest passwords from the memory
https://github.com/giMini/mimiDbg
@WindowsHackingLibrary
PowerShell oneliner to retrieve wdigest passwords from the memory
https://github.com/giMini/mimiDbg
@WindowsHackingLibrary
GitHub
GitHub - giMini/mimiDbg: PowerShell oneliner to retrieve wdigest passwords from the memory
PowerShell oneliner to retrieve wdigest passwords from the memory - giMini/mimiDbg
Golden Ticket Attack Execution Against AD-Integrated SSO providers
https://www.fractalindustries.com/newsroom/blog/gt-attacks-and-sso
@WindowsHackingLibrary
https://www.fractalindustries.com/newsroom/blog/gt-attacks-and-sso
@WindowsHackingLibrary
Fractalindustries
GT Attacks and SSO - Fractal Industries
Cloud and SaaS offerings have accelerated the need to understand Golden Ticket Attacks and Single Sign-On issues, as well as the ways to quickly solve these problems at scale
BloodHound 2.0 released!
https://github.com/BloodHoundAD/BloodHound/releases/tag/2.0
@WindowsHackingLibrary
https://github.com/BloodHoundAD/BloodHound/releases/tag/2.0
@WindowsHackingLibrary
GitHub
Release BloodHound 2.0 · BloodHoundAD/BloodHound
This is a major feature release for BloodHound, introducing several new features, optimizations, and bugfixes. For a full changelog, see the blog post at https://blog.cptjesus.com/posts/bloodhound2...