Windows 10 egghunter (wow64) and more
https://www.corelan.be/index.php/2019/04/23/windows-10-egghunter
@WindowsHackingLibrary
https://www.corelan.be/index.php/2019/04/23/windows-10-egghunter
@WindowsHackingLibrary
Corelan Team
Windows 10 egghunter (wow64) and more | Corelan Cybersecurity Research
Introduction Ok, I have a confession to make, I have always been somewhat intrigued by egghunters. That doesn't mean that I like to use (or abuse) an egghunter just because I fancy what it does. In fact, I believe it's a good practise to try to avoid egghunters…
Next Gen Phishing – Leveraging Azure Information Protection
https://www.trustedsec.com/2019/04/next-gen-phishing-leveraging-azure-information-protection
@WindowsHackingLibrary
https://www.trustedsec.com/2019/04/next-gen-phishing-leveraging-azure-information-protection
@WindowsHackingLibrary
TrustedSec
Cybersecurity Education from the Experts | TrustedSec Blog Posts
Learn more about how to safeguard your company through our educational blog posts on everything from updated tech to the newest scams infiltrating organizations today.
Getting in the Zone: dumping Active Directory DNS using adidnsdump
https://dirkjanm.io/getting-in-the-zone-dumping-active-directory-dns-with-adidnsdump
@WindowsHackingLibrary
https://dirkjanm.io/getting-in-the-zone-dumping-active-directory-dns-with-adidnsdump
@WindowsHackingLibrary
dirkjanm.io
Getting in the Zone: dumping Active Directory DNS using adidnsdump
Zone transfers are a classical way of performing reconnaissance in networks (or even from the internet). They require an insecurely configured DNS server that allows anonymous users to transfer all records and gather information about host in the network.…
Weaponizing Privileged File Writes with Windows Collector Service
https://rastamouse.me/2019/04/weaponizing-privileged-file-writes-with-windows-collector-service
@WindowsHackingLibrary
https://rastamouse.me/2019/04/weaponizing-privileged-file-writes-with-windows-collector-service
@WindowsHackingLibrary
Building Meterpreter for the CLR
Part1:
https://vimeo.com/331977092
Part2:
https://vimeo.com/332426022
Part3:
https://vimeo.com/332827701
Part4:
https://vimeo.com/333091819
@WindowsHackingLibrary
Part1:
https://vimeo.com/331977092
Part2:
https://vimeo.com/332426022
Part3:
https://vimeo.com/332827701
Part4:
https://vimeo.com/333091819
@WindowsHackingLibrary
Vimeo
CLR Meterpreter - Part 1
The first in the new series of streams! We're building a .NET Meterpreter implementation from scratch. In this stream, we're just going over what's…
Designing Peer-To-Peer Command and Control
https://posts.specterops.io/designing-peer-to-peer-command-and-control-ad2c61740456
@WindowsHackingLibrary
https://posts.specterops.io/designing-peer-to-peer-command-and-control-ad2c61740456
@WindowsHackingLibrary
Medium
Designing Peer-To-Peer Command and Control
In this post we will discuss the design and implementation of peer-to-peer command and control protocols in general, as well as the…
Evil Clippy: MS Office maldoc assistant
https://outflank.nl/blog/2019/05/05/evil-clippy-ms-office-maldoc-assistant
@WindowsHackingLibrary
https://outflank.nl/blog/2019/05/05/evil-clippy-ms-office-maldoc-assistant
@WindowsHackingLibrary
T1093: Process Hollowing and Portable Executable Relocations
https://ired.team/offensive-security/t1055-process-injection/process-hollowing-and-pe-image-relocations
@WindowsHackingLibrary
https://ired.team/offensive-security/t1055-process-injection/process-hollowing-and-pe-image-relocations
@WindowsHackingLibrary
www.ired.team
Process Hollowing and Portable Executable Relocations
Code injection, evasion
Bypassing Windows Defender: One TCP Socket Away From Meterpreter and Beacon Sessions
https://ired.team/offensive-security/bypassing-windows-defender-one-tcp-socket-away-from-meterpreter-and-cobalt-strike-beacon
@WindowsHackingLibrary
https://ired.team/offensive-security/bypassing-windows-defender-one-tcp-socket-away-from-meterpreter-and-cobalt-strike-beacon
@WindowsHackingLibrary
ired.team
Bypassing Windows Defender: One TCP Socket Away From Meterpreter and Beacon Sessions
Forwarded from w0rk3r's Blue team Library (Jonhnathan Jonhnathan Jonhnathan)
Malicious Payloads vs Deep Visibility: A PowerShell Story
https://www.slideshare.net/DanielBohannon2/malicious-payloads-vs-deep-visibility-a-powershell-story
@BlueTeamLibrary
https://www.slideshare.net/DanielBohannon2/malicious-payloads-vs-deep-visibility-a-powershell-story
@BlueTeamLibrary
www.slideshare.net
Malicious Payloads vs Deep Visibility: A PowerShell Story
Daniel Bohannon (@danielhbohannon) Principal Applied Security Researcher FireEye's Advanced Practices Team Malicious Payloads vs A PowerShell Story https://vic...
Dynamic Microsoft Office 365 AMSI In Memory Bypass Using VBA
https://secureyourit.co.uk/wp/2019/05/10/dynamic-microsoft-office-365-amsi-in-memory-bypass-using-vba
@WindowsHackingLibrary
https://secureyourit.co.uk/wp/2019/05/10/dynamic-microsoft-office-365-amsi-in-memory-bypass-using-vba
@WindowsHackingLibrary
Choose Your Own Red Team Adventure
https://medium.com/@malcomvetter/choose-your-own-red-team-adventure-f87d6a3b0b76
@WindowsHackingLibrary
https://medium.com/@malcomvetter/choose-your-own-red-team-adventure-f87d6a3b0b76
@WindowsHackingLibrary
Medium
Choose Your Own Red Team Adventure
The following story is your opportunity to pretend you’re going up against a world-class security program’s defenses. You get to decide…
Forwarded from Security Talks (Jonhnathan Jonhnathan Jonhnathan)
Breach: From Recon to penetrating the perimeter, to actions on the target
https://youtu.be/e99iQC-dod8
@SecTalks
https://youtu.be/e99iQC-dod8
@SecTalks
YouTube
May 2019 Pwn School - TinkerSec "Breach"
Breach: From recon to penetrating the perimeter, to actions on target.
SharpLocker
SharpLocker helps get current user credentials by popping a fake Windows lock screen, all output is sent to Console which works perfect for Cobalt Strike.
https://github.com/Pickfordmatt/SharpLocker
@WindowsHackingLibrary
SharpLocker helps get current user credentials by popping a fake Windows lock screen, all output is sent to Console which works perfect for Cobalt Strike.
https://github.com/Pickfordmatt/SharpLocker
@WindowsHackingLibrary
GitHub
GitHub - Pickfordmatt/SharpLocker
Contribute to Pickfordmatt/SharpLocker development by creating an account on GitHub.
Osquery for Windows access right misconfiguration Elevation of Privilege (CVE-2019-3567)
https://offsec.provadys.com/osquery-windows-acl-misconfiguration-eop.html
@WindowsHackingLibrary
https://offsec.provadys.com/osquery-windows-acl-misconfiguration-eop.html
@WindowsHackingLibrary
How Red Teams Bypass AMSI and WLDP for .NET Dynamic Code
https://modexp.wordpress.com/2019/06/03/disable-amsi-wldp-dotnet
@WindowsHackingLibrary
https://modexp.wordpress.com/2019/06/03/disable-amsi-wldp-dotnet
@WindowsHackingLibrary
modexp
How Red Teams Bypass AMSI and WLDP for .NET Dynamic Code
Introduction Previous Research AMSI Example in C AMSI Context AMSI Initialization AMSI Scanning CLR Implementation of AMSI AMSI Bypass A (Patching Data) AMSI Bypass B (Patching Code 1) AMSI Bypass …