CVE-2018-8420 - Microsoft XML Core Services MSXML RCE through web browser PoC
https://github.com/Theropord/CVE-2018-8420
@WindowsHackingLibrary
https://github.com/Theropord/CVE-2018-8420
@WindowsHackingLibrary
Bypassing AppLocker Custom Rules
https://0x09al.github.io/security/applocker/bypass/custom/rules/windows/2018/09/13/applocker-custom-rules-bypass.html
@WindowsHackingLibrary
https://0x09al.github.io/security/applocker/bypass/custom/rules/windows/2018/09/13/applocker-custom-rules-bypass.html
@WindowsHackingLibrary
0x09AL Security blog
Bypassing AppLocker Custom Rules
Introduction Applocker is becoming one of the most implemented security features in big organizations. Implementing AppLocker reduces your risk dramatically especially for workstations. Unfortunately for the blue-team, there are a lot of custom configurations…
Exploiting STOPzilla AntiMalware Arbitrary Write Vulnerability using SeCreateTokenPrivilege
http://www.greyhathacker.net/?p=1025
@WindowsHackingLibrary
http://www.greyhathacker.net/?p=1025
@WindowsHackingLibrary
How to add a module in Mimikatz?
https://littlesecurityprince.com/security/2018/03/18/ModuleMimikatz.html
@WindowsHackingLibrary
https://littlesecurityprince.com/security/2018/03/18/ModuleMimikatz.html
@WindowsHackingLibrary
From OSINT to Internal: Gaining Domain Admin from Outside the Perimeter
https://www.coalfire.com/The-Coalfire-Blog/Sept-2018/From-OSINT-to-Internal-Gaining-Domain-Admin
@WindowsHackingLibrary
https://www.coalfire.com/The-Coalfire-Blog/Sept-2018/From-OSINT-to-Internal-Gaining-Domain-Admin
@WindowsHackingLibrary
Coalfire.com
From OSINT to Internal: Gaining Domain Admin from Outside the Perimeter
While the techniques presented here no longer work on current software versions, it does go to show that by looking beyond the scan results, a determined attacker can quickly turn a relatively “clean” vulnerability scan into complete domain compromise.
Multiple Ways to Bypass UAC using Metasploit
http://www.hackingarticles.in/multiple-ways-to-bypass-uac-using-metasploit
@WindowsHackingLibrary
http://www.hackingarticles.in/multiple-ways-to-bypass-uac-using-metasploit
@WindowsHackingLibrary
Hacking Articles
Multiple Ways to Bypass UAC using Metasploit
In this Post, we are shedding light on User Account Control shortly known as UAC. We will also look at how it can potentially protect
Using Mimikatz From a JSP shell
https://blog.securitycompass.com/whiteboard-wednesday-using-mimikatz-from-a-jsp-shell-54f8a21693cc
@WindowsHackingLibrary
https://blog.securitycompass.com/whiteboard-wednesday-using-mimikatz-from-a-jsp-shell-54f8a21693cc
@WindowsHackingLibrary
Securitycompass
Whiteboard Wednesday: Using Mimikatz From a JSP shell
A while back I was messing around with Tomcat and it got me thinking when I come across Tomcat during assessments it is normally running as system or some kind of admin account. Sometimes I don’t...
Poking Around With 2 lsass Protection Options
https://medium.com/red-teaming-with-a-blue-team-mentaility/poking-around-with-2-lsass-protection-options-880590a72b1a
@WindowsHackingLibrary
https://medium.com/red-teaming-with-a-blue-team-mentaility/poking-around-with-2-lsass-protection-options-880590a72b1a
@WindowsHackingLibrary
Medium
Poking Around With 2 lsass Protection Options
Welcome to my first post! I am a career blue teamer turned red teamer a few years back. My blue team background includes incident response…
Introducing SharpSploit: A C# Post-Exploitation Library
https://posts.specterops.io/introducing-sharpsploit-a-c-post-exploitation-library-5c7be5f16c51
@WindowsHackingLibrary
https://posts.specterops.io/introducing-sharpsploit-a-c-post-exploitation-library-5c7be5f16c51
@WindowsHackingLibrary
Medium
Introducing SharpSploit: A C# Post-Exploitation Library
Today, I’m releasing SharpSploit, the first in a series of offensive C# tools I have been writing over the past several months. SharpSploit…
Faster Domain Escalation using LDAP
https://blog.netspi.com/faster-domain-escalation-using-ldap
@WindowsHackingLibrary
https://blog.netspi.com/faster-domain-escalation-using-ldap
@WindowsHackingLibrary
NetSPI Blog
Faster Domain Escalation using LDAP
If you’re a penetration tester, then you probably already know that escalating from a local administrator to a Domain Admin only requires a few steps. Those steps typically involve stealing Domain Admin passwords, password hashes, or authentication tokens…
Command and Control Using Active Directory
http://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory
@WindowsHackingLibrary
http://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory
@WindowsHackingLibrary
SMB hash hijacking & user tracking in MS Outlook
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/may/smb-hash-hijacking-and-user-tracking-in-ms-outlook
@WindowsHackingLibrary
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/may/smb-hash-hijacking-and-user-tracking-in-ms-outlook
@WindowsHackingLibrary
SharpBox is a C# tool for compressing, encrypting, and exfiltrating data to DropBox using the DropBox API
https://github.com/P1CKLES/SharpBox
@WindowsHackingLibrary
https://github.com/P1CKLES/SharpBox
@WindowsHackingLibrary
GitHub
GitHub - P1CKLES/SharpBox: SharpBox is a C# tool for compressing, encrypting, and exfiltrating data to DropBox using the DropBox…
SharpBox is a C# tool for compressing, encrypting, and exfiltrating data to DropBox using the DropBox API. - GitHub - P1CKLES/SharpBox: SharpBox is a C# tool for compressing, encrypting, and exfil...
From Kekeo to Rubeus
https://posts.specterops.io/from-kekeo-to-rubeus-86d2ec501c14
https://github.com/GhostPack/Rubeus
@WindowsHackingLibrary
https://posts.specterops.io/from-kekeo-to-rubeus-86d2ec501c14
https://github.com/GhostPack/Rubeus
@WindowsHackingLibrary
Medium
From Kekeo to Rubeus
Kekeo, the other big project from Benjamin Delpy after Mimikatz, is an awesome code base with a set of great features. As Benjamin states, it’s external to the Mimikatz codebase because, “I hate to…
AppLocker CLM Bypass via COM
https://www.mdsec.co.uk/2018/09/applocker-clm-bypass-via-com
@WindowsHackingLibrary
https://www.mdsec.co.uk/2018/09/applocker-clm-bypass-via-com
@WindowsHackingLibrary
Injdrv is a proof-of-concept Windows Driver for injecting DLL into user-mode processes using APC
https://github.com/wbenny/injdrv
@WindowsHackingLibrary
https://github.com/wbenny/injdrv
@WindowsHackingLibrary
GitHub
GitHub - wbenny/injdrv: proof-of-concept Windows Driver for injecting DLL into user-mode processes using APC
proof-of-concept Windows Driver for injecting DLL into user-mode processes using APC - wbenny/injdrv
Responder and Layer 2 Pivots
https://ijustwannared.team/2017/05/27/responder-and-layer-2-pivots
@WindowsHackingLibrary
https://ijustwannared.team/2017/05/27/responder-and-layer-2-pivots
@WindowsHackingLibrary
ijustwannaredteam
Responder and Layer 2 Pivots
Hey all, In the previous post we discussed using Responder with Snarf, this post will be doing the same but through a pivot. To pivot in we’ll be using Simpletun and a layer 2 pivoting clien…