SharpNado - Teaching an old dog evil tricks using .NET Remoting or WCF to host smarter and dynamic payloads
https://blog.redxorblue.com/2018/12/sharpnado-teaching-old-dog-evil-tricks.html
@WindowsHackingLibrary
https://blog.redxorblue.com/2018/12/sharpnado-teaching-old-dog-evil-tricks.html
@WindowsHackingLibrary
Redxorblue
SharpNado - Teaching an old dog evil tricks using .NET Remoting or WCF to host smarter and dynamic payloads
TL;DR: SharpNado is proof of concept tool that demonstrates how one could use .Net Remoting or Windows Communication Foundation (WCF) to h...
Story of my two (but actually three) RCEs in SharePoint in 2018
https://soroush.secproject.com/blog/2018/12/story-of-two-published-rces-in-sharepoint-workflows
@WindowsHackingLibrary
https://soroush.secproject.com/blog/2018/12/story-of-two-published-rces-in-sharepoint-workflows
@WindowsHackingLibrary
Tampering with Windows Event Tracing: Background, Offense, and Defense
https://medium.com/palantir/tampering-with-windows-event-tracing-background-offense-and-defense-4be7ac62ac63
@WindowsHackingLibrary
https://medium.com/palantir/tampering-with-windows-event-tracing-background-offense-and-defense-4be7ac62ac63
@WindowsHackingLibrary
Medium
Tampering with Windows Event Tracing: Background, Offense, and Defense
Event Tracing for Windows (ETW) is the mechanism Windows uses to trace and log system events. Attackers often clear event logs to cover…
OT Network Attack Demonstration
https://ijustwannared.team/2018/12/27/ot-network-attack-demonstration
@WindowsHackingLibrary
https://ijustwannared.team/2018/12/27/ot-network-attack-demonstration
@WindowsHackingLibrary
ijustwannaredteam
OT Network Attack Demonstration
Hey all, Recently we put together an attack demonstration targeting our simulated lab OT network using a few of the tools that have been explored on this site. The video is linked at the bottom. So…
zBang is a risk assessment tool that detects potential privileged account threats
Blog:
https://www.cyberark.com/threat-research-blog/the-big-zbang-theory-a-new-open-source-tool
Tool:
https://github.com/cyberark/zBang
@WindowsHackingLibrary
Blog:
https://www.cyberark.com/threat-research-blog/the-big-zbang-theory-a-new-open-source-tool
Tool:
https://github.com/cyberark/zBang
@WindowsHackingLibrary
Cyberark
The Big zBang Theory – A New Open Source Tool
CyberArk Labs is often asked to run risk assessments of target networks. This is similar to penetration testing, however, we focus primarily on testing threats and risks associated with privileged...
Malicious use of Microsoft LAPS
https://akijosberryblog.wordpress.com/2019/01/01/malicious-use-of-microsoft-laps
@WindowsHackingLibrary
https://akijosberryblog.wordpress.com/2019/01/01/malicious-use-of-microsoft-laps
@WindowsHackingLibrary
Akijosberry
Malicious use of Microsoft LAPS
LAPS Overview: LAPS (Local Administrator Password Solution) is a tool for managing local administrator passwords for domain joined computers. It stores passwords/secrets in a confidential attribute…
Cobalt Strike 3.13 – Why do we argue?
https://blog.cobaltstrike.com/2019/01/02/cobalt-strike-3-13-why-do-we-argue
@WindowsHackingLibrary
https://blog.cobaltstrike.com/2019/01/02/cobalt-strike-3-13-why-do-we-argue
@WindowsHackingLibrary
Cobalt Strike
Blog - Cobalt Strike
The Cobalt Strike Blog. Read new featured content, get updates on the latest patches, and insights into the future of red teaming tools.
Bypassing Palo Alto Traps EDR Solution
https://www.c0d3xpl0it.com/2019/01/bypassing-paloalto-traps-edr-solution.html
@WindowsHackingLibrary
https://www.c0d3xpl0it.com/2019/01/bypassing-paloalto-traps-edr-solution.html
@WindowsHackingLibrary
C0D3Xpl0It
Bypassing PaloAlto Traps EDR Solution
In recent Pentest we encountered PaloAlto Traps (EDR Solution) was installed on the compromised machine with WildFire module integrated ...
COM XSL Transformation: Bypassing Microsoft Application Control Solutions (CVE-2018-8492)
https://bohops.com/2019/01/10/com-xsl-transformation-bypassing-microsoft-application-control-solutions-cve-2018-8492
@WindowsHackingLibrary
https://bohops.com/2019/01/10/com-xsl-transformation-bypassing-microsoft-application-control-solutions-cve-2018-8492
@WindowsHackingLibrary
bohops
COM XSL Transformation: Bypassing Microsoft Application Control Solutions (CVE-2018-8492)
Introduction Greetings, Everyone! It has been several months since I’ve blogged, so it seems fitting to start the New Year off with a post about two topics that I thoroughly enjoy exploring: …
Bypassing Crowdstrike Falcon detection, from phishing email to reverse shell
https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
@WindowsHackingLibrary
https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
@WindowsHackingLibrary
0x00sec - The Home of the Hacker
Bypassing Crowdstrike Falcon detection, from phishing email to reverse shell
Update 2019/01/14: Crowdstrike asked me to share an official statement: “We appreciate you reporting this detection miss to us and allowing us to rapidly address this gap on January 11th. We do have a bug bounty program www.hackerone.com/crowdstrike or via…
Writing a Hyper-V “Bridge” for Fuzzing — Part 1: WDF
http://www.alex-ionescu.com/?p=377
@WindowsHackingLibrary
http://www.alex-ionescu.com/?p=377
@WindowsHackingLibrary
Hunting the Delegation Access
https://www.notsosecure.com/hunting-the-delegation-access
@WindowsHackingLibrary
https://www.notsosecure.com/hunting-the-delegation-access
@WindowsHackingLibrary
NotSoSecure
Hunting the Delegation Access
Active Directory (AD) delegation is a fascinating subject, and we have previously discussed it in a blog post and later in a webinar. To summarize, Active Directory has a capability to delegate
Bypass EDR’s memory protection, introduction to hooking
https://medium.com/@fsx30/bypass-edrs-memory-protection-introduction-to-hooking-2efb21acffd6
@WindowsHackingLibrary
https://medium.com/@fsx30/bypass-edrs-memory-protection-introduction-to-hooking-2efb21acffd6
@WindowsHackingLibrary
Medium
Bypass EDR’s memory protection, introduction to hooking
Abusing Office Web Add-ins (for fun and limited profit)
https://www.mdsec.co.uk/2019/01/abusing-office-web-add-ins-for-fun-and-limited-profit
@WindowsHackingLibrary
https://www.mdsec.co.uk/2019/01/abusing-office-web-add-ins-for-fun-and-limited-profit
@WindowsHackingLibrary
MDSec
Abusing Office Web Add-ins (for fun and limited profit) - MDSec
Background The Office add-ins platform allows developers to extend Office applications and interact with document content. Add-ins are built using HTML, CSS and JavaScript, with JavaScript being used to interact...
Abusing Exchange: One API call away from Domain Admin
https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin
@WindowsHackingLibrary
https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin
@WindowsHackingLibrary
dirkjanm.io
Abusing Exchange: One API call away from Domain Admin
In most organisations using Active Directory and Exchange, Exchange servers have such high privileges that being an Administrator on an Exchange server is enough to escalate to Domain Admin. Recently I came across a blog from the ZDI, in which they detail…