Kerberoasting and SharpRoast output parsing!
https://grumpy-sec.blogspot.com/2018/08/kerberoasting-and-sharproast-output.html
@WindowsHackingLibrary
https://grumpy-sec.blogspot.com/2018/08/kerberoasting-and-sharproast-output.html
@WindowsHackingLibrary
Blogspot
Kerberoasting and SharpRoast output parsing!
Hey everyone, so harmj0y released a bunch of cool C# tools about a month ago here: https://www.harmj0y.net/blog/redteaming/ghostpack/ . ...
whitelist_bypass_server
This module is designed to be a platform to test an endpoints application whitelisting effectiveness by providing bypasses to solutions such as software restriction policies and applocker.
https://github.com/rapid7/metasploit-framework/pull/8783
@WindowsHackingLibrary
This module is designed to be a platform to test an endpoints application whitelisting effectiveness by providing bypasses to solutions such as software restriction policies and applocker.
https://github.com/rapid7/metasploit-framework/pull/8783
@WindowsHackingLibrary
GitHub
Add whitelist_bypass_server module by NickTyrer · Pull Request #8783 · rapid7/metasploit-framework
Intro
This module is designed to be a platform to test an endpoints application whitelisting effectiveness by providing bypasses to solutions such as software restriction policies and applocker.
T...
This module is designed to be a platform to test an endpoints application whitelisting effectiveness by providing bypasses to solutions such as software restriction policies and applocker.
T...
Clientside Exploitation - Tricks of the Trade 0x01 - Sharpshooter + SquibblyTwo
https://0x00sec.org/t/clientside-exploitation-tricks-of-the-trade-0x01-sharpshooter-squibblytwo/8178
@WindowsHackingLibrary
https://0x00sec.org/t/clientside-exploitation-tricks-of-the-trade-0x01-sharpshooter-squibblytwo/8178
@WindowsHackingLibrary
0x00sec - The Home of the Hacker
Clientside Exploitation - Tricks of the Trade 0x01 - Sharpshooter + SquibblyTwo
Clientside Exploitation - Tricks of the Trade 0x01 - Sharpshooter + SquibblyTwo Hi! I hope you’re well, today I am going to show you something that is common knowledge in the red teaming community, people use this kind of thing every day without thinking…
Task Scheduler ALPC exploit (unpatched) && PoC by SandboxEscaper
https://github.com/SandboxEscaper/randomrepo/blob/master/PoC-LPE.rar
@WindowsHackingLibrary
https://github.com/SandboxEscaper/randomrepo/blob/master/PoC-LPE.rar
@WindowsHackingLibrary
Remote NTLM relaying through meterpreter on Windows port 445
https://diablohorn.com/2018/08/25/remote-ntlm-relaying-through-meterpreter-on-windows-port-445
@WindowsHackingLibrary
https://diablohorn.com/2018/08/25/remote-ntlm-relaying-through-meterpreter-on-windows-port-445
@WindowsHackingLibrary
DiabloHorn
Remote NTLM relaying through meterpreter on Windows port 445
The hijacking of port 445 to perform relay attacks or hash capturing attacks has been a recurring topic for a while now. When you infect a target with meterpreter, how do you listen on port 445? A …
Microsoft.Workflow.Compiler.exe, Veil, and Cobalt Strike
https://www.fortynorthsecurity.com/microsoft-workflow-compiler-exe-veil-and-cobalt-strike
@WindowsHackingLibrary
https://www.fortynorthsecurity.com/microsoft-workflow-compiler-exe-veil-and-cobalt-strike
@WindowsHackingLibrary
Bypassing Workflows Protection Mechanisms - Remote Code Execution on SharePoint
https://www.nccgroup.trust/uk/our-research/technical-advisory-bypassing-workflows-protection-mechanisms-remote-code-execution-on-sharepoint
@WindowsHackingLibrary
https://www.nccgroup.trust/uk/our-research/technical-advisory-bypassing-workflows-protection-mechanisms-remote-code-execution-on-sharepoint
@WindowsHackingLibrary
Having Fun with ActiveX Controls in Microsoft Word
https://www.blackhillsinfosec.com/having-fun-with-activex-controls-in-microsoft-word
@WindowsHackingLibrary
https://www.blackhillsinfosec.com/having-fun-with-activex-controls-in-microsoft-word
@WindowsHackingLibrary
Black Hills Information Security
Having Fun with ActiveX Controls in Microsoft Word - Black Hills Information Security
Marcello Salvati// During Red Team and penetration tests, it’s always important and valuable to test assumptions. One major assumption I hear from Pentesters, Red teamers and clients alike is that […]
Invoke-AtomicTest - Automating MITRE ATT&CK with Atomic Red Team
http://subt0x11.blogspot.com/2018/08/invoke-atomictest-automating-mitre-att.html
@WindowsHackingLibrary
http://subt0x11.blogspot.com/2018/08/invoke-atomictest-automating-mitre-att.html
@WindowsHackingLibrary
AppLocker Bypass - CMSTP
https://pentestlab.blog/2018/05/10/applocker-bypass-cmstp
@WindowsHackingLibrary
https://pentestlab.blog/2018/05/10/applocker-bypass-cmstp
@WindowsHackingLibrary
Penetration Testing Lab
AppLocker Bypass – CMSTP
CMSTP is a binary which is associated with the Microsoft Connection Manager Profile Installer. It accepts INF files which can be weaponised with malicious commands in order to execute arbitrary cod…
Red Teaming Microsoft: Part 1 – Active Directory Leaks via Azure
https://www.blackhillsinfosec.com/red-teaming-microsoft-part-1-active-directory-leaks-via-azure
@WindowsHackingLibrary
https://www.blackhillsinfosec.com/red-teaming-microsoft-part-1-active-directory-leaks-via-azure
@WindowsHackingLibrary
Black Hills Information Security
Red Teaming Microsoft: Part 1 - Active Directory Leaks via Azure - Black Hills Information Security
Mike Felch // With so many Microsoft technologies, services, integrations, applications, and configurations it can create a great deal of difficulty just to manage everything. Now imagine trying to secure […]
Walk-through Mimikatz sekurlsa module
https://jetsecurity.github.io/post/mimikatz/walk-through_sekurlsa
@WindowsHackingLibrary
https://jetsecurity.github.io/post/mimikatz/walk-through_sekurlsa
@WindowsHackingLibrary
windows-privesc-check - Standalone Executable to Check for Simple Privilege Escalation Vectors on Windows Systems
https://github.com/pentestmonkey/windows-privesc-check
@FromZer0toHero
https://github.com/pentestmonkey/windows-privesc-check
@FromZer0toHero
GitHub
GitHub - pentestmonkey/windows-privesc-check: Standalone Executable to Check for Simple Privilege Escalation Vectors on Windows…
Standalone Executable to Check for Simple Privilege Escalation Vectors on Windows Systems - pentestmonkey/windows-privesc-check
Understanding how DLL Hijacking works
https://astr0baby.wordpress.com/2018/09/08/understanding-how-dll-hijacking-works
@WindowsHackingLibrary
https://astr0baby.wordpress.com/2018/09/08/understanding-how-dll-hijacking-works
@WindowsHackingLibrary
Astr0baby's not so random thoughts _____ rand() % 100;
Understanding how DLL Hijacking works
It is vital to understand how these vulnerabilities in fact work (DLL Hijacking from valid Windows PE32 executables) So we will prepare a real world scenario and will use an outdated piece of softw…
Playing with Relayed Credentials
https://www.coresecurity.com/blog/playing-relayed-credentials
@WindowsHackingLibrary
https://www.coresecurity.com/blog/playing-relayed-credentials
@WindowsHackingLibrary
Coresecurity
Advanced Pen-Testing Tricks: Building a Lure to Collect High Value Credentials
Here’s the scenario: You’ve compromised a system but it hasn’t been logged into recently by an administrator, so you’re quite disappointed by your Mimikatz results. You’ve got local system credentials but nothing that’s on the domain except the machine account.…
DDE Downloaders, Excel Abuse, and a PowerShell Backdoor
http://rinseandrepeatanalysis.blogspot.com/2018/09/dde-downloaders-excel-abuse-and.html
@WindowsHackingLibrary
http://rinseandrepeatanalysis.blogspot.com/2018/09/dde-downloaders-excel-abuse-and.html
@WindowsHackingLibrary
Blogspot
DDE Downloaders, Excel Abuse, and a PowerShell Backdoor
DDE or Dynamic Data Exchange is a Microsoft protocol used to transmit data/messages between applications. This sounds harmless and useful, b...
A detailed technical explanation of CVE-2018-8120
https://xiaodaozhi.com/exploit/156.html
@WindowsHackingLibrary
https://xiaodaozhi.com/exploit/156.html
@WindowsHackingLibrary
A PowerShell example of the Windows zero day priv esc
https://github.com/OneLogicalMyth/zeroday-powershell/blob/master/README.md
@WindowsHackingLibrary
https://github.com/OneLogicalMyth/zeroday-powershell/blob/master/README.md
@WindowsHackingLibrary
GitHub
zeroday-powershell/README.md at master · OneLogicalMyth/zeroday-powershell
A PowerShell example of the Windows zero day priv esc - zeroday-powershell/README.md at master · OneLogicalMyth/zeroday-powershell
You can't contain me! :: Analyzing and Exploiting an Elevation of Privilege Vulnerability in Docker for Windows
https://srcincite.io/blog/2018/08/31/you-cant-contain-me-analyzing-and-exploiting-an-elevation-of-privilege-in-docker-for-windows.html
@WindowsHackingLibrary
https://srcincite.io/blog/2018/08/31/you-cant-contain-me-analyzing-and-exploiting-an-elevation-of-privilege-in-docker-for-windows.html
@WindowsHackingLibrary