Windows Privilege Escalation Fundamentals
http://www.fuzzysecurity.com/tutorials/16.html
@WindowsHackingLibrary
http://www.fuzzysecurity.com/tutorials/16.html
@WindowsHackingLibrary
Disabling AMSI in JScript with One Simple Trick
https://tyranidslair.blogspot.com/2018/06/disabling-amsi-in-jscript-with-one.html
@WindowsHackingLibrary
https://tyranidslair.blogspot.com/2018/06/disabling-amsi-in-jscript-with-one.html
@WindowsHackingLibrary
www.tiraniddo.dev
Disabling AMSI in JScript with One Simple Trick
This blog contains a very quick and dirty way to disable AMSI in the context of Windows Scripting Host which doesn't require admin privilege...
Unstoppable Service:
A pattern for a self-installing Windows service in C# with the unstoppable attributes in C#.
https://github.com/malcomvetter/UnstoppableService
@WindowsHackingLibrary
A pattern for a self-installing Windows service in C# with the unstoppable attributes in C#.
https://github.com/malcomvetter/UnstoppableService
@WindowsHackingLibrary
GitHub
GitHub - malcomvetter/UnstoppableService: A pattern for a self-installing Windows service in C# with the unstoppable attributes…
A pattern for a self-installing Windows service in C# with the unstoppable attributes in C#. - malcomvetter/UnstoppableService
Driver loader for bypassing Windows x64 Driver Signature Enforcement
https://github.com/hfiref0x/TDL
@WindowsHackingLibrary
https://github.com/hfiref0x/TDL
@WindowsHackingLibrary
GitHub
GitHub - hfiref0x/TDL: Driver loader for bypassing Windows x64 Driver Signature Enforcement
Driver loader for bypassing Windows x64 Driver Signature Enforcement - hfiref0x/TDL
Subverting Sysmon:
Application of a Formalized Security Product Evasion Methodology
Code:
https://github.com/mattifestation/BHUSA2018_Sysmon/tree/master/Code
Slides:
https://github.com/mattifestation/BHUSA2018_Sysmon/blob/master/Slides_Subverting_Sysmon.pdf
Whitepaper:
https://github.com/mattifestation/BHUSA2018_Sysmon/blob/master/Whitepaper_Subverting_Sysmon.pdf
@WindowsHackingLibrary
Application of a Formalized Security Product Evasion Methodology
Code:
https://github.com/mattifestation/BHUSA2018_Sysmon/tree/master/Code
Slides:
https://github.com/mattifestation/BHUSA2018_Sysmon/blob/master/Slides_Subverting_Sysmon.pdf
Whitepaper:
https://github.com/mattifestation/BHUSA2018_Sysmon/blob/master/Whitepaper_Subverting_Sysmon.pdf
@WindowsHackingLibrary
GitHub
BHUSA2018_Sysmon/Code at master · mattifestation/BHUSA2018_Sysmon
All materials from our Black Hat 2018 "Subverting Sysmon" talk - mattifestation/BHUSA2018_Sysmon
SMBetray: Backdooring and Breaking Signatures
https://quickbreach.io/2018/08/12/smbetray-backdooring-and-breaking-signatures
https://github.com/QuickBreach/SMBetray.git
@WindowsHackingLibrary
https://quickbreach.io/2018/08/12/smbetray-backdooring-and-breaking-signatures
https://github.com/QuickBreach/SMBetray.git
@WindowsHackingLibrary
ADRecon: Active Directory Recon Blackhat Arsenal 2018
https://www.slideshare.net/mobile/prashant3535/adrecon-bh-usa-2018-arsenal-and-def-con-26-demo-labs-presentation
https://github.com/sense-of-security/adrecon
@WindowsHackingLibrary
https://www.slideshare.net/mobile/prashant3535/adrecon-bh-usa-2018-arsenal-and-def-con-26-demo-labs-presentation
https://github.com/sense-of-security/adrecon
@WindowsHackingLibrary
www.slideshare.net
ADRecon BH USA 2018 : Arsenal and DEF CON 26 Demo Labs Presentation
Demo of ADRecon presented on 08th and 12th August at BlackHat USA 2018 Arsenal and DEF CON 26 Demo Labs. https://www.blackhat.com/us-18/arsenal/schedule/index.…
Ps1jacker:
A tool for generating COM Hijacking payload.
https://github.com/darkw1z/Ps1jacker
@WindowsHackingLibrary
A tool for generating COM Hijacking payload.
https://github.com/darkw1z/Ps1jacker
@WindowsHackingLibrary
GitHub
GitHub - cybercitizen7/Ps1jacker: Ps1jacker is a tool for generating COM Hijacking payload.
Ps1jacker is a tool for generating COM Hijacking payload. - GitHub - cybercitizen7/Ps1jacker: Ps1jacker is a tool for generating COM Hijacking payload.
DEF CON 26 (2018) – Exploiting Active Directory Administrator Insecurities
https://adsecurity.org/wp-content/uploads/2018/08/2018-DEFCON-ExploitingADAdministratorInsecurities-Metcalf.pdf
@WindowsHackingLibrary
https://adsecurity.org/wp-content/uploads/2018/08/2018-DEFCON-ExploitingADAdministratorInsecurities-Metcalf.pdf
@WindowsHackingLibrary
From Workstation to Domain Admin: Why Secure Administration isn’t Secure and How to Fix it
https://adsecurity.org/wp-content/uploads/2018/08/us-18-Metcalf-From-Workstation-To-Domain-Admin-Why-Secure-Administration-Isnt-Secure-Final.pdf
@WindowsHackingLibrary
https://adsecurity.org/wp-content/uploads/2018/08/us-18-Metcalf-From-Workstation-To-Domain-Admin-Why-Secure-Administration-Isnt-Secure-Final.pdf
@WindowsHackingLibrary
Tools for instrumenting Windows Defender's mpengine.dll
https://github.com/0xAlexei/WindowsDefenderTools
@WindowsHackingLibrary
https://github.com/0xAlexei/WindowsDefenderTools
@WindowsHackingLibrary
GitHub
GitHub - 0xAlexei/WindowsDefenderTools: Tools for instrumenting Windows Defender's mpengine.dll
Tools for instrumenting Windows Defender's mpengine.dll - 0xAlexei/WindowsDefenderTools
Art of Anti Detection 1 – Introduction to AV & Detection Techniques
https://pentest.blog/art-of-anti-detection-1-introduction-to-av-detection-techniques
@WindowsHackingLibrary
https://pentest.blog/art-of-anti-detection-1-introduction-to-av-detection-techniques
@WindowsHackingLibrary
Ridrelay: Enumerate usernames on a domain where you have no creds by using SMB Relay with low priv.
https://github.com/skorov/ridrelay
@WindowsHackingLibrary
https://github.com/skorov/ridrelay
@WindowsHackingLibrary
GitHub
GitHub - skorov/ridrelay: Enumerate usernames on a domain where you have no creds by using SMB Relay with low priv.
Enumerate usernames on a domain where you have no creds by using SMB Relay with low priv. - skorov/ridrelay
Remotely Enumerate Anti-Virus Configurations
https://www.fortynorthsecurity.com/remotely-enumerate-anti-virus-configurations
@WindowsHackingLibrary
https://www.fortynorthsecurity.com/remotely-enumerate-anti-virus-configurations
@WindowsHackingLibrary
FortyNorth Security Blog
Remotely Enumerate Anti-Virus Configurations
There are a variety of reasons why a pen tester would want to obtain the anti-virus configurations of the system they are targeting. The ability to capture this information remotely can allow a pen tester to customize their actions for the computer they are…
Juicy Potato (abusing the golden privileges)
https://decoder.cloud/2018/08/10/juicy-potato
@WindowsHackingLibrary
https://decoder.cloud/2018/08/10/juicy-potato
@WindowsHackingLibrary
Decoder's Blog
Juicy Potato (abusing the golden privileges)
Today me and my partner in crime Giuseppe, are releasing our small research with Windows impersonate privileges. The result is a tool named “Juicy Potato”, which is a kind of sequel of …
w0rk3r's Windows Hacking Library
Juicy Potato (abusing the golden privileges) https://decoder.cloud/2018/08/10/juicy-potato @WindowsHackingLibrary
Juicy Potato (abusing the golden privileges)
https://ohpe.github.io/juicy-potato
@WindowsHackingLibrary
https://ohpe.github.io/juicy-potato
@WindowsHackingLibrary
juicy-potato
Juicy Potato (abusing the golden privileges)
A sugared version of RottenPotatoNG, with a bit of juice, i.e. another Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY\SYSTEM.
Koadic C3 COM Command & Control - JScript RAT
https://github.com/zerosum0x0/koadic
@WindowsHackingLibrary
https://github.com/zerosum0x0/koadic
@WindowsHackingLibrary
Phishing – Ask and ye shall receive
https://blog.fox-it.com/2018/08/14/phishing-ask-and-ye-shall-receive
@WindowsHackingLibrary
https://blog.fox-it.com/2018/08/14/phishing-ask-and-ye-shall-receive
@WindowsHackingLibrary
Fox-IT International blog
Phishing – Ask and ye shall receive
During penetration tests, our primary goal is to identify the difference in paths that can be used to obtain the goal(s) as agreed upon with our customers. This often succeeds due to insufficient h…