Systeminfo gives you a perfect overview of your system. But what about the other systems in your domain? Sure, you can use 3rd Party Tools or SCCM. But the number of those who can´t use enterprise …

“Backup Operators” group is an historical Windows built in group. It was designed to allow its members to perform backup and restore operations by granting the SeBackupPrivilege and the…

At DerbyCon 8 (2018) over the weekend Will Schroeder (@Harmj0y), Lee Christensen (@Tifkin_), & Matt Nelson (@enigma0x3), spoke about the unintended risks of trusting AD. They cover a number of interesting persistence and privilege escalation methods, though…

Introduction extremely a splendid Invoke-Confusion is collections of modules Powershell inclusive some researches the modern between them .NET Reflection. Assembly, however, It contains aspects of …

Now that we understand the basics of the DCShadow feature, let’s look at some ways in which attackers can leverage DCShadow in a real world attack scenario.  As we learned, DCShadow requires elevated rights such as Domain Admin, so you can assume an attacker…

Introduction Microsoft Patches for October 2018 included a total of 49 security patches. There were many interesting ones including kernel privilege escalation as well as critical ones which could lead […]

A tool to elevate privilege with Windows Tokens. Contribute to 0xbadjuju/Tokenvator development by creating an account on GitHub.

serviceFu
In a recent assessment our team found itself in a somewhat new situation that resulted in a useful tool we wanted to share with the community. The assessment started with us gaining initial access into a customer's network. This particular customer…

Sysmon is a tool written by Mark Russinovich that I have covered in multiple blog post and even wrote a PowerShell module called Posh-Sysmon to help with the generation of configuration files for it. Its main purpose is for the tracking of potentially malicious…

Persisting in the Windows registry "invisibly". Contribute to ewhitehats/InvisiblePersistence development by creating an account on GitHub.

Persisting in the Windows registry "invisibly". Contribute to ewhitehats/InvisiblePersistence development by creating an account on GitHub.

These are the videos from Derbycon 2018:
http://www.irongeek.com/i.php?page=videos/derbycon8/mainlist

Patreon:
https://www.patreon.com/irongeek

A collection of scripts for assessing Microsoft Azure security - NetSPI/MicroBurst

Title: Icebreaker.py - Gaining a foothold in Active Directory in one command
Speaker: Dan McInerney

Conference: SAINTCON 2018
Location: Track 2
Date: 2018-09-27
Time: 03:00pm -- 03:30pm

Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment - DanMcInerney/icebreaker

Hey all, After an extended hiatus, I’m back. I was waylaid with OSCE training, exam writing, and overall frustration, but I’m going to brag for a second to say I passed :). The material…

This lab demos a tool or rather a Powershell script I have written to do what the title says.

A simple wrapper for C# tools. Contribute to jaredhaight/SharpAttack development by creating an account on GitHub.