Forwarded from w0rk3r's Blue team Library (Jonhnathan Jonhnathan Jonhnathan)
Malware researchers - Beware of GetProcAddress spoofing via manipulation of PE format in memory
https://dennisbabkin.com/blog/?t=malware-researchers-beware-of-getprocaddress-spoofing
@BlueTeamLibrary
https://dennisbabkin.com/blog/?t=malware-researchers-beware-of-getprocaddress-spoofing
@BlueTeamLibrary
www.dennisbabkin.com
Deep Dive Into Windows PE Format - GetProcAddress Spoofing
Deep Dive Into Windows PE Format - GetProcAddress Spoofing - Malware researchers - Beware of GetProcAddress spoofing via manipulation of PE format in memory.
How to Exploit Active Directory ACL Attack Paths Through LDAP Relaying Attacks
https://www.praetorian.com/blog/how-to-exploit-active-directory-acl-attack-paths-through-ldap-relaying-attacks
@WindowsHackingLibrary
https://www.praetorian.com/blog/how-to-exploit-active-directory-acl-attack-paths-through-ldap-relaying-attacks
@WindowsHackingLibrary
Praetorian
How to Exploit Active Directory ACL Attack Paths Through LDAP Relaying Attacks
Overview This article describes methods by which an attacker can induce a victim user into authenticating using the NT Lan Manager (NTLM) Authentication Protocol to an attacker-controlled “Intranet” site, even in instances where that site points to an external…
Dumping Stored Credentials with SeTrustedCredmanAccessPrivilege
https://www.tiraniddo.dev/2021/05/dumping-stored-credentials-with.html
@WindowsHackingLibrary
https://www.tiraniddo.dev/2021/05/dumping-stored-credentials-with.html
@WindowsHackingLibrary
www.tiraniddo.dev
Dumping Stored Credentials with SeTrustedCredmanAccessPrivilege
I've been going through the various token privileges on Windows trying to find where they're used. One which looked interesting is SeTruste...
Primer to DInvokes Injection API and a tale of token duplication and command-line spoofing on the cheap
https://redteamer.tips/primer-to-dinvokes-injection-api-and-a-tale-of-token-duplication-and-command-line-spoofing-on-the-cheap
@WindowsHackingLibrary
https://redteamer.tips/primer-to-dinvokes-injection-api-and-a-tale-of-token-duplication-and-command-line-spoofing-on-the-cheap
@WindowsHackingLibrary
Leveraging from PE parsing technique to write x86 shellcode
https://mohamed-fakroud.gitbook.io/t3nb3w/shellcoding/leveraging-from-pe-parsing-technique-to-write-x86-shellcode
@WindowsHackingLibrary
https://mohamed-fakroud.gitbook.io/t3nb3w/shellcoding/leveraging-from-pe-parsing-technique-to-write-x86-shellcode
@WindowsHackingLibrary
mohamed-fakroud.gitbook.io
Leveraging from PE parsing technique to write x86 shellcode | Red Teaming's Dojo
The Much Misunderstood SeRelabelPrivilege
https://www.tiraniddo.dev/2021/06/the-much-misunderstood.html
@WindowsHackingLibrary
https://www.tiraniddo.dev/2021/06/the-much-misunderstood.html
@WindowsHackingLibrary
www.tiraniddo.dev
The Much Misunderstood SeRelabelPrivilege
Based on my previous blog post I recently had a conversation with a friend and well-known Windows security researcher about token privilege...
Reading Your Way Around UAC
Part 1:
https://www.tiraniddo.dev/2017/05/reading-your-way-around-uac-part-1.html
Part 2:
https://www.tiraniddo.dev/2017/05/reading-your-way-around-uac-part-2.html
Part 3:
https://www.tiraniddo.dev/2017/05/reading-your-way-around-uac-part-3.html
@WindowsHackingLibrary
Part 1:
https://www.tiraniddo.dev/2017/05/reading-your-way-around-uac-part-1.html
Part 2:
https://www.tiraniddo.dev/2017/05/reading-your-way-around-uac-part-2.html
Part 3:
https://www.tiraniddo.dev/2017/05/reading-your-way-around-uac-part-3.html
@WindowsHackingLibrary
www.tiraniddo.dev
Reading Your Way Around UAC (Part 1)
I'm currently in the process of trying to do some improvements to the Chrome sandbox. As part of that I'm doing updates to my Sandbox Attack...
Attacking Active Directory: 0 to 0.9
https://zer1t0.gitlab.io/posts/attacking_ad
@WindowsHackingLibrary
https://zer1t0.gitlab.io/posts/attacking_ad
@WindowsHackingLibrary
Forwarded from Security Talks (Jonhnathan Jonhnathan Jonhnathan)
YouTube
Mimicking Evil, Alex Manners
Bypassing Image Load Kernel Callbacks
https://www.mdsec.co.uk/2021/06/bypassing-image-load-kernel-callbacks
@WindowsHackingLibrary
https://www.mdsec.co.uk/2021/06/bypassing-image-load-kernel-callbacks
@WindowsHackingLibrary
MDSec
Bypassing Image Load Kernel Callbacks - MDSec
As security teams continue to advance, it has become essential for attacker’s to have complete control over every part of their operation, from the infrastructure down to individual actions that...
Certified Pre-Owned: Abusing Active Directory Certificate Services
https://posts.specterops.io/certified-pre-owned-d95910965cd2
Paper: https://www.specterops.io/assets/resources/Certified_Pre-Owned.pdf
@WindowsHackingLibrary
https://posts.specterops.io/certified-pre-owned-d95910965cd2
Paper: https://www.specterops.io/assets/resources/Certified_Pre-Owned.pdf
@WindowsHackingLibrary
Medium
Certified Pre-Owned
Active Directory Certificate Services has a lot of attack potential!
AD CS relay attack - Practical Guide
https://www.exandroid.dev/2021/06/23/ad-cs-relay-attack-practical-guide
@WindowsHackingLibrary
https://www.exandroid.dev/2021/06/23/ad-cs-relay-attack-practical-guide
@WindowsHackingLibrary
Ex Android Dev
AD CS relay attack - practical guide
Unless you are living under the rock, you have seen that recently @harmj0y and @tifkin_ published their amazing research on Active Directory Certificate Services (AD CS). If you haven’t checked it out already read their post first.
Shadow Credentials: Abusing Key Trust Account Mapping for Account Takeover
https://posts.specterops.io/shadow-credentials-abusing-key-trust-account-mapping-for-takeover-8ee1a53566ab
@WindowsHackingLibrary
https://posts.specterops.io/shadow-credentials-abusing-key-trust-account-mapping-for-takeover-8ee1a53566ab
@WindowsHackingLibrary
Medium
Shadow Credentials: Abusing Key Trust Account Mapping for Takeover
The techniques for DACL-based attacks against User and Computer objects in Active Directory have been established for years. If we…
Forwarded from r0 Crew (Channel)
The new OpenSecurityTraining2 site has been launched at http://ost2.fyi The public betas of refreshed classes on x86-64 assembly, x86-64 OS internals and coreboot are now open #security #hardware #reverse #dukeBarman
Fantastic Windows Logon types and Where to Find Credentials in Them
https://www.alteredsecurity.com/post/fantastic-windows-logon-types-and-where-to-find-credentials-in-them
@WindowsHackingLibrary
https://www.alteredsecurity.com/post/fantastic-windows-logon-types-and-where-to-find-credentials-in-them
@WindowsHackingLibrary
Altered Security
Fantastic Windows Logon types and Where to Find Credentials in Them
Hello All,In this blog post we will explore and learn about various Windows Logon Types and understand how are these logon type events are generated. We will also see if we can extract credentials from individual logon types. We will be using our Active Directory…
Windows Command-Line Obfuscation
https://www.wietzebeukema.nl/blog/windows-command-line-obfuscation
@WindowsHackingLibrary
https://www.wietzebeukema.nl/blog/windows-command-line-obfuscation
@WindowsHackingLibrary
www.wietzebeukema.nl
Windows Command-Line Obfuscation
Many Windows applications have multiple ways in which the same command line can be expressed, usually for compatibility or ease-of-use reasons. As a result, command-line arguments are implemented inconsistently making detecting specific commands harder due…
Hijacking DLLs in Windows
https://www.wietzebeukema.nl/blog/hijacking-dlls-in-windows
@WindowsHackingLibrary
https://www.wietzebeukema.nl/blog/hijacking-dlls-in-windows
@WindowsHackingLibrary
www.wietzebeukema.nl
Hijacking DLLs in Windows
DLL Hijacking is a popular technique for executing malicious payloads. This post lists nearly 300 executables vulnerable to relative path DLL Hijacking on Windows 10 (1909), and shows how with a few lines of VBScript some of the DLL hijacks can be executed…
Forwarded from w0rk3r's Blue team Library (Jonhnathan Jonhnathan Jonhnathan)
Cobalt Strike and Tradecraft
https://hausec.com/2021/07/26/cobalt-strike-and-tradecraft
@BlueTeamLibrary
https://hausec.com/2021/07/26/cobalt-strike-and-tradecraft
@BlueTeamLibrary
hausec
Cobalt Strike and Tradecraft
It’s been known that some built-in commands in Cobalt Strike are major op-sec no-no’s, but why are they bad? The goal of this post isn’t to teach you “good” op-sec, as I feel that is a bit subjecti…