Introduction

Hello Everyone,

An Example in Getting Around CrowdStrike Endpoint Protection

Virtualization technology is fast becoming the backbone of the security strategy for modern computing platforms. Hyper-V, Microsoft's virtualization stack, is no exception and is therefore held to a high security standard, as is demonstrated by its $250,000…

While security products are a great supplement to the defensive posture of an enterprise, to well-funded nation-state actors, they are an impediment to achieving their objectives. As pentesters argue the efficacy of a product because it doesn't detect their…

Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation. CVE-2018-8550 . local exploit for Windows platform

For years Microsoft has stated that the forest was the security boundary in Active Directory. For example, Microsoft’s “What Are Domains and Forests?” document (last updated in 2014) has a “Forests…

During DerbyCon 2018 this past October, my teammates @tifkin_, @enigma0x3 and @harmj0y gave an awesome presentation titled “The Unintended…

Presented at DerbyCon 7.0: Legacy in Lousville, Kentucky in 2017.

SpecterOps: https://www.specterops.io

This post is going to go over a very quick domain compromise by abusing cached Kerberos tickets discovered on a Linux-based jump-box…

Introduction We recently performed an Insider Threat red team engagement, posing as employees within the company. We were provided with all the benefits of a regular employee (except salary :))...

Feel free to follow me on Twitter at @_markmo_ (yes with the underscores)