Hiding Metasploit Shellcode to Evade Windows Defender
https://blog.rapid7.com/2018/05/03/hiding-metasploit-shellcode-to-evade-windows-defender/
https://blog.rapid7.com/2018/05/03/hiding-metasploit-shellcode-to-evade-windows-defender/
Rapid7
Hiding Metasploit Shellcode to Evade Windows Defender | Rapid7 Blog
If malware development is a cat-and-mouse game, then I would say that the industry creates some of the most terrifying hunters. Learn more.
Detecting hypervisor presence on windows 10
https://revers.engineering/detecting-hypervisor-presence-on-windows-10/
@windowshackinglibrary
https://revers.engineering/detecting-hypervisor-presence-on-windows-10/
@windowshackinglibrary
Reverse Engineering
Detecting Hypervisor Presence on Windows 10 - Reverse Engineering
Detecting a hypervisor on Windows 10 is relatively simple, but due to the simplistic nature of the currently published detection vectors it’s likely that they are also relatively simple to spoof or remove. In this article we’ll detail a few ways of detecting…
Blue Cloud of Death: Red Teaming Azure
https://speakerdeck.com/tweekfawkes/blue-cloud-of-death-red-teaming-azure-1
@windowshackinglibrary
https://speakerdeck.com/tweekfawkes/blue-cloud-of-death-red-teaming-azure-1
@windowshackinglibrary
Speaker Deck
Blue Cloud of Death: Red Teaming Azure
BSides Denver Presentation on May 11 2018
On-demand IT services are being publicized as the “new normal”, but often times these services are misunder…
On-demand IT services are being publicized as the “new normal”, but often times these services are misunder…
Ring +3 Malwares: Few tricks
http://www.blackstormsecurity.com/docs/BSIDES_2018_RELEASE.pdf
@windowshackinglibrary
http://www.blackstormsecurity.com/docs/BSIDES_2018_RELEASE.pdf
@windowshackinglibrary
Kerberos Party Tricks: Weaponizing Kerberos Protocol Flaws
http://www.exumbraops.com/blog/2016/6/1/kerberos-party-tricks-weaponizing-kerberos-protocol-flaws
@windowshackinglibrary
http://www.exumbraops.com/blog/2016/6/1/kerberos-party-tricks-weaponizing-kerberos-protocol-flaws
@windowshackinglibrary
Exumbra Operations Group LLC
Kerberos Party Tricks: Weaponizing Kerberos Protocol Flaws — Exumbra Operations Group LLC
This is a quick run-down for anyone who missed my talk at LayerOne this year Background The vulnerabilities and techniques are based on abuse of the Kerberos v5 protocol, but all of this should work on earlier versions too. In my mind, these kinds of…
Executing Commands and Bypassing AppLocker with PowerShell Diagnostic Scripts
https://bohops.com/2018/01/07/executing-commands-and-bypassing-applocker-with-powershell-diagnostic-scripts
@windowshackinglibrary
https://bohops.com/2018/01/07/executing-commands-and-bypassing-applocker-with-powershell-diagnostic-scripts
@windowshackinglibrary
bohops
Executing Commands and Bypassing AppLocker with PowerShell Diagnostic Scripts
Introduction Last week, I was hunting around the Windows Operating System for interesting scripts and binaries that may be useful for future penetration tests and Red Team engagements. With increa…
Forwarded from Security Talks (Jonhnathan Jonhnathan Jonhnathan)
Not a Security Boundary: Bypassing User Account Control
Matt Nelson at Derbycon 2017
Microsoft's User Account Control feature, introduced in Windows Vista, has been a topic of interest to many in the security community. Since UAC was designed to force user approval for administrative actions, attackers (and red teamers) encounter UAC on nearly every engagement. As a result, bypassing this control is a task that an actor often has to overcome, despite its lack of formal designation as a security boundary. This talk highlights what UAC is, previous work by others, research methodology, and details several technical UAC bypasses developed by the author.
https://youtu.be/c8LgqtATAnE
@SecTalks
Matt Nelson at Derbycon 2017
Microsoft's User Account Control feature, introduced in Windows Vista, has been a topic of interest to many in the security community. Since UAC was designed to force user approval for administrative actions, attackers (and red teamers) encounter UAC on nearly every engagement. As a result, bypassing this control is a task that an actor often has to overcome, despite its lack of formal designation as a security boundary. This talk highlights what UAC is, previous work by others, research methodology, and details several technical UAC bypasses developed by the author.
https://youtu.be/c8LgqtATAnE
@SecTalks
YouTube
T114 Not a Security Boundary Bypassing User Account Control Matt Nelson
These are the videos from Derbycon 7 (2017):http://www.irongeek.com/i.php?page=videos/derbycon7/mainlist
Windows Userland Persistence Fundamentals
http://www.fuzzysecurity.com/tutorials/19.html
@WindowsHackingLibrary
http://www.fuzzysecurity.com/tutorials/19.html
@WindowsHackingLibrary
DLL Hijacking via URL files
https://insert-script.blogspot.com.br/2018/05/dll-hijacking-via-url-files.html
@WindowsHackingLibrary
https://insert-script.blogspot.com.br/2018/05/dll-hijacking-via-url-files.html
@WindowsHackingLibrary
Blogspot
DLL Hijacking via URL files
This blogpost describes how I got annoyed by vulnerabilities in 3rd party Windows applications, which allowed to execute local files but wi...
w0rk3r's Windows Hacking Library
Domain user Enumeration Tool https://github.com/sensepost/UserEnum/blob/master/README.md @windowshackinglibrary
A new look at null sessions and user enumeration
https://sensepost.com/blog/2018/a-new-look-at-null-sessions-and-user-enumeration/
@WindowsHackingLibrary
https://sensepost.com/blog/2018/a-new-look-at-null-sessions-and-user-enumeration/
@WindowsHackingLibrary
Sensepost
SensePost | A new look at null sessions and user enumeration
Leaders in Information Security
Enumerating remote access policies through GPO
https://labs.mwrinfosecurity.com/blog/enumerating-remote-access-policies-through-gpo/
@WindowsHackingLibrary
https://labs.mwrinfosecurity.com/blog/enumerating-remote-access-policies-through-gpo/
@WindowsHackingLibrary
MailSniper
MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email, or by an administrator to search the mailboxes of every user in a domain.
https://github.com/dafthack/MailSniper
@WindowsHackingLibrary
MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email, or by an administrator to search the mailboxes of every user in a domain.
https://github.com/dafthack/MailSniper
@WindowsHackingLibrary
GitHub
GitHub - dafthack/MailSniper: MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment…
MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It ca...
DomainPasswordSpray
DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain.
https://github.com/dafthack/DomainPasswordSpray
@WindowsHackingLibrary
DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain.
https://github.com/dafthack/DomainPasswordSpray
@WindowsHackingLibrary
GitHub
GitHub - dafthack/DomainPasswordSpray: DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against…
DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAR...
5 Ways to Find Systems Running Domain Admin Processes
https://blog.netspi.com/5-ways-to-find-systems-running-domain-admin-processes/
@WindowsHackingLibrary
https://blog.netspi.com/5-ways-to-find-systems-running-domain-admin-processes/
@WindowsHackingLibrary
NetSPI
5 Ways to Find Systems Running Domain Admin Processes
Migrating to Domain Admin processes is a common way penetration testers are able to impersonate Domain Admin accounts on the network. However, before a pentester can do that, they need to know what systems those processes are running on. In this blog I’ll…
How to bypass GPO Policy restriction for Powershell usage
https://github.com/p3nt4/PowerShdll
@WindowsHackingLibrary
https://github.com/p3nt4/PowerShdll
@WindowsHackingLibrary
GitHub
GitHub - p3nt4/PowerShdll: Run PowerShell with rundll32. Bypass software restrictions.
Run PowerShell with rundll32. Bypass software restrictions. - p3nt4/PowerShdll
ADAPE - Active Directory Assessment and Privilege Escalation Script
https://github.com/hausec/ADAPE-Script
@WindowsHackingLibrary
https://github.com/hausec/ADAPE-Script
@WindowsHackingLibrary
GitHub
GitHub - hausec/ADAPE-Script: Active Directory Assessment and Privilege Escalation Script
Active Directory Assessment and Privilege Escalation Script - hausec/ADAPE-Script
Kerberoasting, exploiting unpatched systems – a day in the life of a Red Teamer
http://niiconsulting.com/checkmate/2018/05/kerberoasting-exploiting-unpatched-systems-a-day-in-the-life-of-a-red-teamer/
@WindowsHackingLibrary
http://niiconsulting.com/checkmate/2018/05/kerberoasting-exploiting-unpatched-systems-a-day-in-the-life-of-a-red-teamer/
@WindowsHackingLibrary
Network Intelligence
Kerberoasting, exploiting unpatched systems – a day in the life of a Red Teamer - Network Intelligence
The Scope Recently, we conducted a red team assessment for a large enterprise client where the scenarios allowed were to either use the hardened laptop of the client or to try and connect our own laptop to the network (though they did have a Network Access…