Hidden Administrative Accounts: BloodHound to the Rescue
https://www.crowdstrike.com/blog/hidden-administrative-accounts-bloodhound-to-the-rescue/
@WindowsHackingLibrary
https://www.crowdstrike.com/blog/hidden-administrative-accounts-bloodhound-to-the-rescue/
@WindowsHackingLibrary
crowdstrike.com
Hidden Administrative Accounts: BloodHound to the Rescue
Learn how cybercriminals use hidden administrative accounts to access your data and why BloodHound is the tool red teams use to find them.
Extracting Service Account Passwords with Kerberoasting
https://blog.stealthbits.com/extracting-service-account-passwords-with-kerberoasting/
@WindowsHackingLibrary
https://blog.stealthbits.com/extracting-service-account-passwords-with-kerberoasting/
@WindowsHackingLibrary
Netwrix
Extracting Service Account Passwords with Kerberoasting
This article describes the Kerberoasting attack for extracting service account credentials from A?tive Directory.
MSDAT (Microsoft SQL Database Attacking Tool) is an open source penetration testing tool that tests the security of Microsoft SQL Databases remotely.
https://github.com/quentinhardy/msdat
@WindowsHackingLibrary
https://github.com/quentinhardy/msdat
@WindowsHackingLibrary
GitHub
GitHub - quentinhardy/msdat: MSDAT: Microsoft SQL Database Attacking Tool
MSDAT: Microsoft SQL Database Attacking Tool. Contribute to quentinhardy/msdat development by creating an account on GitHub.
Powercat
Netcat: The powershell version.
https://github.com/besimorhino/powercat
@WindowsHackingLibrary
Netcat: The powershell version.
https://github.com/besimorhino/powercat
@WindowsHackingLibrary
GitHub
GitHub - besimorhino/powercat: netshell features all in version 2 powershell
netshell features all in version 2 powershell. Contribute to besimorhino/powercat development by creating an account on GitHub.
Windows Privilege Escalation Methods for Pentesters
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
@WindowsHackingLibrary
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
@WindowsHackingLibrary
Getting Domain Admin with Kerberos Unconstrained Delegation
http://www.labofapenetrationtester.com/2016/02/getting-domain-admin-with-kerberos-unconstrained-delegation.html
@WindowsHackingLibrary
http://www.labofapenetrationtester.com/2016/02/getting-domain-admin-with-kerberos-unconstrained-delegation.html
@WindowsHackingLibrary
Labofapenetrationtester
Getting Domain Admin with Kerberos Unconstrained Delegation
Home of Nikhil SamratAshok Mittal. Posts about Red Teaming, Offensive PowerShell, Active Directory and Pen Testing.
Scanning for Active Directory Privileges & Privileged Accounts
https://adsecurity.org/?p=3658
@WindowsHackingLibrary
https://adsecurity.org/?p=3658
@WindowsHackingLibrary
Automated AD and Windows test lab deployments with Invoke-ADLabDeployer
https://outflank.nl/blog/2018/03/30/automated-ad-and-windows-test-lab-deployments-with-invoke-adlabdeployer/
@WindowsHackingLibrary
https://outflank.nl/blog/2018/03/30/automated-ad-and-windows-test-lab-deployments-with-invoke-adlabdeployer/
@WindowsHackingLibrary
w0rk3r's Windows Hacking Library
Simplifying Password Spraying https://www.trustwave.com/Resources/SpiderLabs-Blog/Simplifying-Password-Spraying/ @WindowsHackingLibrary
A Password Spraying tool for Active Directory Credentials
https://github.com/SpiderLabs/Spray
@WindowsHackingLibrary
https://github.com/SpiderLabs/Spray
@WindowsHackingLibrary
GitHub
GitHub - Greenwolf/Spray: A Password Spraying tool for Active Directory Credentials by Jacob Wilkin(Greenwolf)
A Password Spraying tool for Active Directory Credentials by Jacob Wilkin(Greenwolf) - GitHub - Greenwolf/Spray: A Password Spraying tool for Active Directory Credentials by Jacob Wilkin(Greenwolf)
Abusing SeLoadDriverPrivilege for privilege escalation
https://www.tarlogic.com/en/blog/abusing-seloaddriverprivilege-for-privilege-escalation/
@WindowsHackingLibrary
https://www.tarlogic.com/en/blog/abusing-seloaddriverprivilege-for-privilege-escalation/
@WindowsHackingLibrary
Tarlogic Security
Abusing SeLoadDriverPrivilege for privilege escalation
Analysis of the "Load and unload device drivers" policy (SeLoadDriverPrivilege), which specifies users allowed to load device drivers.
Exploring PowerShell AMSI and Logging Evasion
https://www.mdsec.co.uk/2018/06/exploring-powershell-amsi-and-logging-evasion/
@WindowsHackingLibrary
https://www.mdsec.co.uk/2018/06/exploring-powershell-amsi-and-logging-evasion/
@WindowsHackingLibrary
Weaponizing .SettingContent-ms Extensions for Code Execution
https://www.trustedsec.com/2018/06/weaponizing-settingcontent
@WindowsHackingLibrary
https://www.trustedsec.com/2018/06/weaponizing-settingcontent
@WindowsHackingLibrary
TrustedSec
Cybersecurity Education from the Experts | TrustedSec Blog Posts
Learn more about how to safeguard your company through our educational blog posts on everything from updated tech to the newest scams infiltrating organizations today.
WMImplant Post-Exploitation – An Introduction
https://www.fortynorthsecurity.com/wmimplant-post-exploitation-an-introduction
@WindowsHackingLibrary
https://www.fortynorthsecurity.com/wmimplant-post-exploitation-an-introduction
@WindowsHackingLibrary
FortyNorth Security Blog
An Introduction to WMImplant Post-Exploitation
Up to this point in time, I’ve explained in previous talks how WMImplant can be useful when attempting to operate on Device Guard protected systems. If the entire environment is Device Guard protected, you will first need to get code execution, but once you…
Pentester Windows NTFS tricks collection
https://sec-consult.com/en/blog/2018/06/pentesters-windows-ntfs-tricks-collection/
@WindowsHackingLibrary
https://sec-consult.com/en/blog/2018/06/pentesters-windows-ntfs-tricks-collection/
@WindowsHackingLibrary
SEC Consult
Pentester’S Windows NTFS Tricks Collection
In this blog post René Freingruber (@ReneFreingruber) from the SEC Consult Vulnerability Lab shares different filesystem tricks which were collected over the last years from various blog posts or found by himself.
PowerShell: How to get a list of all installed Software on Remote Computers
https://sid-500.com/2018/04/02/powershell-how-to-get-a-list-of-all-installed-software-on-remote-computers
@WindowsHackingLibrary
https://sid-500.com/2018/04/02/powershell-how-to-get-a-list-of-all-installed-software-on-remote-computers
@WindowsHackingLibrary
Tokenvator: A Tool to Elevate Privilege using Windows Tokens
https://blog.netspi.com/tokenvator-a-tool-to-elevate-privilege-using-windows-tokens
@WindowsHackingLibrary
https://blog.netspi.com/tokenvator-a-tool-to-elevate-privilege-using-windows-tokens
@WindowsHackingLibrary
NetSPI
Tokenvator: A Tool to Elevate Privilege using Windows Tokens
Tokenvator: A Tool to Elevate Privilege using Windows Tokens – It works by impersonating or altering authentication tokens in processes that the executing process has the appropriate level of permissions to.
Disabling AMSI in JScript with One Simple Trick
https://tyranidslair.blogspot.com/2018/06/disabling-amsi-in-jscript-with-one.html
@WindowsHackingLibrary
https://tyranidslair.blogspot.com/2018/06/disabling-amsi-in-jscript-with-one.html
@WindowsHackingLibrary
www.tiraniddo.dev
Disabling AMSI in JScript with One Simple Trick
This blog contains a very quick and dirty way to disable AMSI in the context of Windows Scripting Host which doesn't require admin privilege...
Inveigh is a PowerShell LLMNR/mDNS/NBNS spoofer and man-in-the-middle tool designed to assist penetration testers/red teamers that find themselves limited to a Windows system.
https://github.com/Kevin-Robertson/Inveigh/blob/master/README.md
@WindowsHackingLibrary
https://github.com/Kevin-Robertson/Inveigh/blob/master/README.md
@WindowsHackingLibrary
GitHub
Inveigh/README.md at master · Kevin-Robertson/Inveigh
.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers - Inveigh/README.md at master · Kevin-Robertson/Inveigh
A multithreaded tool designed to identify if credentials are valid, invalid, or local admin valid credentials within a network at-scale via SMB, plus now with a user hunter
https://github.com/Raikia/CredNinja
@WindowsHackingLibrary
https://github.com/Raikia/CredNinja
@WindowsHackingLibrary
GitHub
GitHub - Raikia/CredNinja: A multithreaded tool designed to identify if credentials are valid, invalid, or local admin valid credentials…
A multithreaded tool designed to identify if credentials are valid, invalid, or local admin valid credentials within a network at-scale via SMB, plus now with a user hunter - Raikia/CredNinja