LAPS 2.0 Internals
#xpn
This year, LAPS 2.0 was released by Microsoft, and thankfully it now comes built-in to Windows. This time it comes ready for use with Active Directory, as well as being supported in Azure AD aka Entra ID. In this post, we’ll look at how LAPS 2.0 for Active Directory works under the hood, so you can make those fresh recommendations to your clients, and prepare yourself for the inevitable question... “But we just deployed LAPS.. what does LAPS 2.0 do differently?!”.
via XPN InfoSec Blog
#xpn
This year, LAPS 2.0 was released by Microsoft, and thankfully it now comes built-in to Windows. This time it comes ready for use with Active Directory, as well as being supported in Azure AD aka Entra ID. In this post, we’ll look at how LAPS 2.0 for Active Directory works under the hood, so you can make those fresh recommendations to your clients, and prepare yourself for the inevitable question... “But we just deployed LAPS.. what does LAPS 2.0 do differently?!”.
via XPN InfoSec Blog
🏆2
The Client/Server Relationship — A Match Made In Heaven
#trustedsec
This blog post was co-authored with Charlie Clark and Jonathan Johnson of Binary Defense. 1 Introduction One thing often forgotten is that detection engineering isn’t always centered around 1 action to 1 query but also to drive effective incident response to optimize the triage of an alert. This is best served with context. We often...
via TrustedSec Blog (author: Roza Maille)
#trustedsec
This blog post was co-authored with Charlie Clark and Jonathan Johnson of Binary Defense. 1 Introduction One thing often forgotten is that detection engineering isn’t always centered around 1 action to 1 query but also to drive effective incident response to optimize the triage of an alert. This is best served with context. We often...
via TrustedSec Blog (author: Roza Maille)
Evilginx 3.2 - Swimming With The Phishes
#kgretzky
The new free update for the Evilginx phishing framework is OUT NOW! Enjoy the new features and improvements!
via BREAKDEV Blog (author: Kuba Gretzky)
#kgretzky
The new free update for the Evilginx phishing framework is OUT NOW! Enjoy the new features and improvements!
via BREAKDEV Blog (author: Kuba Gretzky)
BREAKDEV RED - Red Team Community
#kgretzky
Join the vetted Discord community, oriented around using Evilginx and ethical phishing, where everyone can safely share their phishing tips and tricks without worrying about them being misused by unknown parties.
via BREAKDEV Blog (author: Kuba Gretzky)
#kgretzky
Join the vetted Discord community, oriented around using Evilginx and ethical phishing, where everyone can safely share their phishing tips and tricks without worrying about them being misused by unknown parties.
via BREAKDEV Blog (author: Kuba Gretzky)
Leveraging VSCode Extensions for Initial Access
#mdsec
Introduction On a recent red team engagement, MDSec were tasked with crafting a phishing campaign for initial access. The catch was that the in-scope phishing targets were developers with technical...
via MDSec Blog (author: Admin)
#mdsec
Introduction On a recent red team engagement, MDSec were tasked with crafting a phishing campaign for initial access. The catch was that the in-scope phishing targets were developers with technical...
via MDSec Blog (author: Admin)
Crafting Emails with HTML Injection
#trustedsec
Have you ever wanted to send an email from a domain you don’t have SMTP credentials for? With some HTML injection, we may be able to do just that. From time to time, applications have a need to notify users that an action has occurred or that something in the application needs attention. This may...
via TrustedSec Blog (author: Roza Maille)
#trustedsec
Have you ever wanted to send an email from a domain you don’t have SMTP credentials for? With some HTML injection, we may be able to do just that. From time to time, applications have a need to notify users that an action has occurred or that something in the application needs attention. This may...
via TrustedSec Blog (author: Roza Maille)
Lord Of The Ring0 - Part 5 | Saruman’s Manipulation
#idov31
via Ido Veltzman Blog (author: Ido Veltzman (idov3110@gmail.com))
#idov31
via Ido Veltzman Blog (author: Ido Veltzman (idov3110@gmail.com))
Creative Process Enumeration
#trustedsec
Very often in engagements, you’ll want to list out processes running on a host. One thing that is beneficial is to know is if the processes is a 64-bit or 32-bit process. Why do you need to know the process architecture, you might ask? The reasons are many, but one common example is that you...
via TrustedSec Blog (author: Roza Maille)
#trustedsec
Very often in engagements, you’ll want to list out processes running on a host. One thing that is beneficial is to know is if the processes is a 64-bit or 32-bit process. Why do you need to know the process architecture, you might ask? The reasons are many, but one common example is that you...
via TrustedSec Blog (author: Roza Maille)
This media is not supported in your browser
VIEW IN TELEGRAM
GPOddity: exploiting Active Directory GPOs through NTLM relaying, and more!
#synacktiv
via Synacktiv Blog (author: Quentin Roland)
#synacktiv
via Synacktiv Blog (author: Quentin Roland)
Shadow Wizard Registry Gang: Structured Registry Querying
#specterops
via SpecterOps Team Medium (author: Max Harley)
#specterops
via SpecterOps Team Medium (author: Max Harley)
Medium
Shadow Wizard Registry Gang: Structured Registry Querying
We love casting spells
Building a (slightly) better Melkor
#rastamouse
Melkor is a C# POC written by FuzzySec to simulate a TTP employed by InvisiMole. The concept is that post-ex assemblies are loaded into a payload/implant and kept encrypted using DPAPI whilst at rest. They are decrypted on demand and executed in a separate AppDomain. The AppDomain is unloaded once execution completes and only the
via Rasta Mouse Blog
#rastamouse
Melkor is a C# POC written by FuzzySec to simulate a TTP employed by InvisiMole. The concept is that post-ex assemblies are loaded into a payload/implant and kept encrypted using DPAPI whilst at rest. They are decrypted on demand and executed in a separate AppDomain. The AppDomain is unloaded once execution completes and only the
via Rasta Mouse Blog
Supporting Sprocket Security's offensive security testing with BChecks, from Burp Suite
#portswigger
The US-based organization Sprocket Security provides continuous penetration testing services to customers by monitoring clients’ attack surfaces and searching for new and novel exploitation techniques
via PortSwigger Blog
#portswigger
The US-based organization Sprocket Security provides continuous penetration testing services to customers by monitoring clients’ attack surfaces and searching for new and novel exploitation techniques
via PortSwigger Blog
CVE-2022-41099 - Analysis of a BitLocker Drive Encryption Bypass
#itm4n
In November 2022, an advisory was published by Microsoft about a BitLocker bypass. This vulnerability caught my attention because the fix required a manual operation by users and system administrators, even after installing all the security updates. Couple this with the fact that the procedure was not well documented initially, and you have the perfect recipe for disaster. This is typically th...
via Itm4n Blog (author: itm4n)
#itm4n
In November 2022, an advisory was published by Microsoft about a BitLocker bypass. This vulnerability caught my attention because the fix required a manual operation by users and system administrators, even after installing all the security updates. Couple this with the fact that the procedure was not well documented initially, and you have the perfect recipe for disaster. This is typically th...
via Itm4n Blog (author: itm4n)
Revisiting the User-Defined Reflective Loader Part 2: Obfuscation and Masking
#cobaltstrike
This is the second installment in a series revisiting the User-Defined Reflective Loader (UDRL). In part one, we aimed to simplify the development and debugging of custom loaders and introduced the User-Defined Reflective Loader Visual Studio (UDRL-VS) template. In this installment, we’ll build upon the original UDRL-VS loader and explore how to apply our own [...]
via Cobalt Strike Blog (author: Robert Bearsby)
#cobaltstrike
This is the second installment in a series revisiting the User-Defined Reflective Loader (UDRL). In part one, we aimed to simplify the development and debugging of custom loaders and introduced the User-Defined Reflective Loader Visual Studio (UDRL-VS) template. In this installment, we’ll build upon the original UDRL-VS loader and explore how to apply our own [...]
via Cobalt Strike Blog (author: Robert Bearsby)
Finding a POP chain on a common Symfony bundle : part 1
#synacktiv
via Synacktiv Blog (author: Rémi Matasse)
#synacktiv
via Synacktiv Blog (author: Rémi Matasse)
New learning paths, from the Web Security Academy
#portswigger
When you're starting out in the world of web security, it can be overwhelming trying to work out where to begin. There are dozens of vulnerability classes, and numerous exploit techniques to learn abo
via PortSwigger Blog
#portswigger
When you're starting out in the world of web security, it can be overwhelming trying to work out where to begin. There are dozens of vulnerability classes, and numerous exploit techniques to learn abo
via PortSwigger Blog
Forwarded from r0 Crew (Channel)
Living Off The Land Drivers is a curated list of Windows drivers used by adversaries to bypass security controls and carry out attacks. The project helps security professionals stay informed and mitigate potential threats.
https://www.loldrivers.io/
#redteam #loldrivers #windows
https://www.loldrivers.io/
#redteam #loldrivers #windows
🏆1