Syncing yourself to Global Administrator in Azure Active Directory
https://blog.fox-it.com/2019/06/06/syncing-yourself-to-global-administrator-in-azure-active-directory
@WindowsHackingLibrary
https://blog.fox-it.com/2019/06/06/syncing-yourself-to-global-administrator-in-azure-active-directory
@WindowsHackingLibrary
Fox-IT International blog
Syncing yourself to Global Administrator in Azure Active Directory
This blog describes a vulnerability discovered by Fox-IT last year in Azure AD Connect, which would allow anyone with account creation privileges in the on-premise Active Directory directory to mod…
Cylance Bypass Method
(Renaming CyMemDef64.dll to something else to dump from lsass.exe)
https://www.dru1d.ninja/2018/11/02/Cylance-Bypass
@WindowsHackingLibrary
(Renaming CyMemDef64.dll to something else to dump from lsass.exe)
https://www.dru1d.ninja/2018/11/02/Cylance-Bypass
@WindowsHackingLibrary
dru1d's Security Bonanza!
Cylance Bypass Method
OverviewDuring a penetration test, I had encountered some issues with Cylance PROTECT snagging a lot of my tooling (both public and private). After a bit of research and some client misconfiguration e
Bloodhound walkthrough. A Tool for Many Tradecrafts
https://www.pentestpartners.com/security-blog/bloodhound-walkthrough-a-tool-for-many-tradecrafts
@WindowsHackingLibrary
https://www.pentestpartners.com/security-blog/bloodhound-walkthrough-a-tool-for-many-tradecrafts
@WindowsHackingLibrary
Pen Test Partners
Bloodhound walkthrough. A Tool for Many Tradecrafts | Pen Test Partners
A walkthrough on how to set up and use BloodHound BloodHound (https://github.com/BloodHoundAD/BloodHound) is an application used to visualize active directory environments. The front-end is built on electron and the back-end is a Neo4j database, the data…
Your Session Key is My Session Key: How to Retrieve the Session Key for Any Authentication
https://blog.preempt.com/your-session-key-is-my-session-key
@WindowsHackingLibrary
https://blog.preempt.com/your-session-key-is-my-session-key
@WindowsHackingLibrary
Visualizing BloodHound Data with PowerBI — Part 1
https://posts.specterops.io/visualizing-bloodhound-data-with-powerbi-part-1-ba8ea4908422
@WindowsHackingLibrary
https://posts.specterops.io/visualizing-bloodhound-data-with-powerbi-part-1-ba8ea4908422
@WindowsHackingLibrary
Medium
Visualizing BloodHound Data with PowerBI — Part 1
In this blog post, I’ll show you how you can use BloodHound data, the Cypher query language, and Microsoft’s PowerBI to create…
Coding a reliable CVE-2019-084 bypass
https://0x00-0x00.github.io/research/2019/05/30/Coding-a-reliable-CVE-2019-0841-Bypass.html
@WindowsHackingLibrary
https://0x00-0x00.github.io/research/2019/05/30/Coding-a-reliable-CVE-2019-0841-Bypass.html
@WindowsHackingLibrary
zc00l blog
Coding a reliable CVE-2019-084 bypass
Hi all. It’s been some time. I apologize for my absence, but I need to carry on with life and work and, sometimes, there’s no time for this blog.
Explaining the inner workings of AMSI and describing a new bypass technique
https://www.contextis.com/en/blog/amsi-bypass
@WindowsHackingLibrary
https://www.contextis.com/en/blog/amsi-bypass
@WindowsHackingLibrary
Heap Overflow Exploitation on Windows 10 Explained
https://blog.rapid7.com/2019/06/12/heap-overflow-exploitation-on-windows-10-explained
@WindowsHackingLibrary
https://blog.rapid7.com/2019/06/12/heap-overflow-exploitation-on-windows-10-explained
@WindowsHackingLibrary
Rapid7
Heap Overflow Exploitation on Windows 10 Explained | Rapid7 Blog
Heap corruption can be a scary topic. In this post, we go through a basic example of a heap overflow on Windows 10.
Bypassing CrowdStrike in an enterprise production network [in 3 different ways]
https://www.komodosec.com/post/bypassing-crowdstrike
@WindowsHackingLibrary
https://www.komodosec.com/post/bypassing-crowdstrike
@WindowsHackingLibrary
KomodoSec
Bypassing CrowdStrike in an Enterprise Production Network
EDR solutions and specifically CrowdStrike Falcon are giving us a hard time recently. It seemed that no matter how covert we tried to be, a well-trained blue team was able to utilize these type of solutions to pick up on our activity relatively fast. That’s…
Analyzing ARP to Discover & Exploit Stale Network Address Configurations
https://www.blackhillsinfosec.com/analyzing-arp-to-discover-exploit-stale-network-address-configurations
@WindowsHackingLibrary
https://www.blackhillsinfosec.com/analyzing-arp-to-discover-exploit-stale-network-address-configurations
@WindowsHackingLibrary
Black Hills Information Security
Analyzing ARP to Discover & Exploit Stale Network Address Configurations - Black Hills Information Security
Justin Angel// Introduction In penetration testing, ARP is most commonly discussed in terms of poisoning attacks where an attacker achieves a man-in-the-middle (MITM) position between victim nodes by contaminating the […]
Exploiting CVE-2019-1040 - Combining relay vulnerabilities for RCE and Domain Admin
https://dirkjanm.io/exploiting-CVE-2019-1040-relay-vulnerabilities-for-rce-and-domain-admin
@WindowsHackingLibrary
https://dirkjanm.io/exploiting-CVE-2019-1040-relay-vulnerabilities-for-rce-and-domain-admin
@WindowsHackingLibrary
dirkjanm.io
Exploiting CVE-2019-1040 - Combining relay vulnerabilities for RCE and Domain Admin
Earlier this week, Microsoft issued patches for CVE-2019-1040, which is a vulnerability that allows for bypassing of NTLM relay mitigations. The vulnerability was discovered by Marina Simakov and Yaron Zinar (as well as several others credited in the Microsoft…
Modern Red Team Infrastructure
https://silentbreaksecurity.com/modern-red-team-infrastructure
@WindowsHackingLibrary
https://silentbreaksecurity.com/modern-red-team-infrastructure
@WindowsHackingLibrary
NetSPI
Modern Red Team Infrastructure
There’s been a lot of talk recently regarding modern strategies for red team infrastructure. The implementations vary greatly, but hopefully, we can provide some insight into how we tackle the challenge of Command and Control.
Hijacking Administrative Templates
https://sdmsoftware.com/group-policy-blog/security-related/hijacking-administrative-templates
@WindowsHackingLibrary
https://sdmsoftware.com/group-policy-blog/security-related/hijacking-administrative-templates
@WindowsHackingLibrary
Evading Sysmon DNS Monitoring
https://blog.xpnsec.com/evading-sysmon-dns-monitoring
@WindowsHackingLibrary
https://blog.xpnsec.com/evading-sysmon-dns-monitoring
@WindowsHackingLibrary
XPN InfoSec Blog
@_xpn_ - Evading Sysmon DNS Monitoring
In a recent update to Sysmon, a new feature was introduced allowing the ability to log DNS events. While this gives an excellent datapoint for defenders (shout out to the SysInternals team for continuing to provide and support these awesome tools for free)…
Sliver: A general purpose cross-platform implant framework that supports C2 over Mutual-TLS, HTTP(S), and DNS.
https://github.com/BishopFox/sliver
@WindowsHackingLibrary
https://github.com/BishopFox/sliver
@WindowsHackingLibrary
GitHub
GitHub - BishopFox/sliver: Adversary Emulation Framework
Adversary Emulation Framework. Contribute to BishopFox/sliver development by creating an account on GitHub.
Anti-VM Techniques with MSAcpi_ThermalZoneTemperature
https://medium.com/@DebugActiveProcess/anti-vm-techniques-with-msacpi-thermalzonetemperature-32cfeecda802
@WindowsHackingLibrary
https://medium.com/@DebugActiveProcess/anti-vm-techniques-with-msacpi-thermalzonetemperature-32cfeecda802
@WindowsHackingLibrary
Medium
Anti-VM Techniques with MSAcpi_ThermalZoneTemperature
The Win32_TemperatureProbe WMI class represents the properties of a temperature sensor (electronic thermometer).
Red Team Tactics: Combining Direct System Calls and sRDI to bypass AV/EDR
https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr
@WindowsHackingLibrary
https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr
@WindowsHackingLibrary