Dechaining Macros and Evading EDR
Microsoft Office macros continue to be one of the primary delivery mechanisms in real world attacks seen by Countercept and often present the easiest and simplest way to compromise most organisations. However, common payloads haven’t changed that much over time, aside from the addition of increasingly complex obfuscation.
https://www.countercept.com/blog/dechaining-macros-and-evading-edr
#redteam #pentest
Microsoft Office macros continue to be one of the primary delivery mechanisms in real world attacks seen by Countercept and often present the easiest and simplest way to compromise most organisations. However, common payloads haven’t changed that much over time, aside from the addition of increasingly complex obfuscation.
https://www.countercept.com/blog/dechaining-macros-and-evading-edr
#redteam #pentest
WinPwn - In many past internal penetration tests I often had problems with the existing Powershell Recon / Exploitation scripts due to missing proxy support. I often ran the same scripts one after the other to get information about the current system and/or the domain. To automate this process and for the proxy reason I wrote my own script with automatic proxy recognition and integration.
https://github.com/SecureThisShit/WinPwn
#pentest #redteam
https://github.com/SecureThisShit/WinPwn
#pentest #redteam
GitHub
GitHub - S3cur3Th1sSh1t/WinPwn: Automation for internal Windows Penetrationtest / AD-Security
Automation for internal Windows Penetrationtest / AD-Security - GitHub - S3cur3Th1sSh1t/WinPwn: Automation for internal Windows Penetrationtest / AD-Security