Offensive P/Invoke: Leveraging the Win32 API from Managed Code
https://posts.specterops.io/offensive-p-invoke-leveraging-the-win32-api-from-managed-code-7eef4fdef16d
@WindowsHackingLibrary
https://posts.specterops.io/offensive-p-invoke-leveraging-the-win32-api-from-managed-code-7eef4fdef16d
@WindowsHackingLibrary
Medium
Offensive P/Invoke: Leveraging the Win32 API from Managed Code
With the rise in offensive .NET, particularly C#, tooling, we are seeing a great expansion in operational capability, especially with…
Offensive Lateral Movement
https://hausec.com/2019/08/12/offensive-lateral-movement
@WindowsHackingLibrary
https://hausec.com/2019/08/12/offensive-lateral-movement
@WindowsHackingLibrary
hausec
Offensive Lateral Movement
Lateral movement is the process of moving from one compromised host to another. Penetration testers and red teamers alike commonly used to accomplish this by executing powershell.exe to run a base6…
Cobalt Strike’s Process Injection: The Details
https://blog.cobaltstrike.com/2019/08/21/cobalt-strikes-process-injection-the-details
@WindowsHackingLibrary
https://blog.cobaltstrike.com/2019/08/21/cobalt-strikes-process-injection-the-details
@WindowsHackingLibrary
Obtaining D.C. Hashes Within Google Cloud In 5 Easy Steps
Without touching the actual domain controller
https://mrtn.no/obtaining-d-c-hashes-within-google-cloud
@WindowsHackingLibrary
Without touching the actual domain controller
https://mrtn.no/obtaining-d-c-hashes-within-google-cloud
@WindowsHackingLibrary
C3: Custom Command and Control
https://labs.mwrinfosecurity.com/tools/c3
Github:
https://github.com/mwrlabs/C3
@WindowsHackingLibrary
https://labs.mwrinfosecurity.com/tools/c3
Github:
https://github.com/mwrlabs/C3
@WindowsHackingLibrary
GitHub
GitHub - WithSecureLabs/C3: Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still…
Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits. - WithSecureLabs/C3
The Art of Becoming TrustedInstaller - Task Scheduler Edition
https://tyranidslair.blogspot.com/2019/09/the-art-of-becoming-trustedinstaller.html
@WindowsHackingLibrary
https://tyranidslair.blogspot.com/2019/09/the-art-of-becoming-trustedinstaller.html
@WindowsHackingLibrary
www.tiraniddo.dev
The Art of Becoming TrustedInstaller - Task Scheduler Edition
2 years ago I wrote a post running a process in the TrustedInstaller group. It was pretty well received, and as others pointed out there's...
Forwarded from w0rk3r's Blue team Library (Jonhnathan Jonhnathan Jonhnathan)
Initial Metasploit Exploit Module for BlueKeep (CVE-2019-0708)
https://blog.rapid7.com/2019/09/06/initial-metasploit-exploit-module-for-bluekeep-cve-2019-0708
@WindowsHackingLibrary
https://blog.rapid7.com/2019/09/06/initial-metasploit-exploit-module-for-bluekeep-cve-2019-0708
@WindowsHackingLibrary
Inter-Realm Key Roasting (well... within the first 30 days)
https://blog.xpnsec.com/inter-realm-key-roasting
@WindowsHackingLibrary
https://blog.xpnsec.com/inter-realm-key-roasting
@WindowsHackingLibrary
XPN InfoSec Blog
@_xpn_ - Inter-Realm Key Roasting (well... within the first 30 days)
In this blog post we will look at a somewhat familiar, but extremely limited window of opportunity which may come in handy when reviewing a fresh Active Directory forest deployment.
Shhmon — Silencing Sysmon via Driver Unload
https://posts.specterops.io/shhmon-silencing-sysmon-via-driver-unload-682b5be57650
@WindowsHackingLibrary
https://posts.specterops.io/shhmon-silencing-sysmon-via-driver-unload-682b5be57650
@WindowsHackingLibrary
Medium
Shhmon — Silencing Sysmon via Driver Unload
Sysmon is an incredibly powerful tool to aide in data collection beyond Windows’ standard event logging capabilities. It presents a…
How to: Kerberoast like a boss
https://www.pentestpartners.com/security-blog/how-to-kerberoast-like-a-boss
@WindowsHackingLibrary
https://www.pentestpartners.com/security-blog/how-to-kerberoast-like-a-boss
@WindowsHackingLibrary
Building and Attacking an Active Directory lab with PowerShell (Because everyone needs a lab)
https://1337red.wordpress.com/building-and-attacking-an-active-directory-lab-with-powershell
@WindowsHackingLibrary
https://1337red.wordpress.com/building-and-attacking-an-active-directory-lab-with-powershell
@WindowsHackingLibrary
1337red
Building and Attacking an Active Directory lab with PowerShell
Let me open this with a few questions Do you have your own penetration testing lab? Have you installed Windows Server 2016 before? Do you have Active Directory at home? What version of PowerShell a…
Understanding and Defending Against Access Token Theft: Finding Alternatives to winlogon.exe
https://posts.specterops.io/understanding-and-defending-against-access-token-theft-finding-alternatives-to-winlogon-exe-80696c8a73b
@WindowsHackingLibrary
https://posts.specterops.io/understanding-and-defending-against-access-token-theft-finding-alternatives-to-winlogon-exe-80696c8a73b
@WindowsHackingLibrary
Medium
Understanding and Defending Against Access Token Theft: Finding Alternatives to winlogon.exe
A dive into Windows processes, access tokens, SACLs, WinAPI and access token manipulation.
Security Descriptor Auditing Methodology: Investigating Event Log Security
https://posts.specterops.io/security-descriptor-auditing-methodology-investigating-event-log-security-d64f4289965d
@WindowsHackingLibrary
https://posts.specterops.io/security-descriptor-auditing-methodology-investigating-event-log-security-d64f4289965d
@WindowsHackingLibrary
Medium
Security Descriptor Auditing Methodology: Investigating Event Log Security
Upon gaining access to a system, what level of access is granted to an attacker who has yet to elevate their privileges?
Staying Hidden on the Endpoint: Evading Detection with Shellcode
https://www.fireeye.com/blog/threat-research/2019/10/staying-hidden-on-the-endpoint-evading-detection-with-shellcode.html
GitHub:
https://github.com/fireeye/DueDLLigence
@WindowsHackingLibrary
https://www.fireeye.com/blog/threat-research/2019/10/staying-hidden-on-the-endpoint-evading-detection-with-shellcode.html
GitHub:
https://github.com/fireeye/DueDLLigence
@WindowsHackingLibrary
Google Cloud Blog
Staying Hidden on the Endpoint: Evading Detection with Shellcode | Mandiant | Google Cloud Blog
Exploiting RegEdit for Invisible Persistence and Binary Storage
https://github.com/ewhitehats/InvisiblePersistence/blob/master/InvisibleRegValues_Whitepaper.pdf
#Repost
@WindowsHackingLibrary
https://github.com/ewhitehats/InvisiblePersistence/blob/master/InvisibleRegValues_Whitepaper.pdf
#Repost
@WindowsHackingLibrary
GitHub
InvisiblePersistence/InvisibleRegValues_Whitepaper.pdf at master · ewhitehats/InvisiblePersistence
Persisting in the Windows registry "invisibly". Contribute to ewhitehats/InvisiblePersistence development by creating an account on GitHub.
w0rk3r's Windows Hacking Library
Exploiting RegEdit for Invisible Persistence and Binary Storage https://github.com/ewhitehats/InvisiblePersistence/blob/master/InvisibleRegValues_Whitepaper.pdf #Repost @WindowsHackingLibrary
SharpHide
Just a nice persistence trick to confuse DFIR investigation. Uses NtSetValueKey native API to create a hidden (null terminated) registry key.
https://github.com/outflanknl/SharpHide
@WindowsHackingLibrary
Just a nice persistence trick to confuse DFIR investigation. Uses NtSetValueKey native API to create a hidden (null terminated) registry key.
https://github.com/outflanknl/SharpHide
@WindowsHackingLibrary
GitHub
GitHub - outflanknl/SharpHide: Tool to create hidden registry keys.
Tool to create hidden registry keys. Contribute to outflanknl/SharpHide development by creating an account on GitHub.