Bypassing Workflows Protection Mechanisms - Remote Code Execution on SharePoint
https://www.nccgroup.trust/uk/our-research/technical-advisory-bypassing-workflows-protection-mechanisms-remote-code-execution-on-sharepoint
@WindowsHackingLibrary
https://www.nccgroup.trust/uk/our-research/technical-advisory-bypassing-workflows-protection-mechanisms-remote-code-execution-on-sharepoint
@WindowsHackingLibrary
Having Fun with ActiveX Controls in Microsoft Word
https://www.blackhillsinfosec.com/having-fun-with-activex-controls-in-microsoft-word
@WindowsHackingLibrary
https://www.blackhillsinfosec.com/having-fun-with-activex-controls-in-microsoft-word
@WindowsHackingLibrary
Black Hills Information Security
Having Fun with ActiveX Controls in Microsoft Word - Black Hills Information Security
Marcello Salvati// During Red Team and penetration tests, it’s always important and valuable to test assumptions. One major assumption I hear from Pentesters, Red teamers and clients alike is that […]
Invoke-AtomicTest - Automating MITRE ATT&CK with Atomic Red Team
http://subt0x11.blogspot.com/2018/08/invoke-atomictest-automating-mitre-att.html
@WindowsHackingLibrary
http://subt0x11.blogspot.com/2018/08/invoke-atomictest-automating-mitre-att.html
@WindowsHackingLibrary
AppLocker Bypass - CMSTP
https://pentestlab.blog/2018/05/10/applocker-bypass-cmstp
@WindowsHackingLibrary
https://pentestlab.blog/2018/05/10/applocker-bypass-cmstp
@WindowsHackingLibrary
Penetration Testing Lab
AppLocker Bypass – CMSTP
CMSTP is a binary which is associated with the Microsoft Connection Manager Profile Installer. It accepts INF files which can be weaponised with malicious commands in order to execute arbitrary cod…
Red Teaming Microsoft: Part 1 – Active Directory Leaks via Azure
https://www.blackhillsinfosec.com/red-teaming-microsoft-part-1-active-directory-leaks-via-azure
@WindowsHackingLibrary
https://www.blackhillsinfosec.com/red-teaming-microsoft-part-1-active-directory-leaks-via-azure
@WindowsHackingLibrary
Black Hills Information Security
Red Teaming Microsoft: Part 1 - Active Directory Leaks via Azure - Black Hills Information Security
Mike Felch // With so many Microsoft technologies, services, integrations, applications, and configurations it can create a great deal of difficulty just to manage everything. Now imagine trying to secure […]
Walk-through Mimikatz sekurlsa module
https://jetsecurity.github.io/post/mimikatz/walk-through_sekurlsa
@WindowsHackingLibrary
https://jetsecurity.github.io/post/mimikatz/walk-through_sekurlsa
@WindowsHackingLibrary
windows-privesc-check - Standalone Executable to Check for Simple Privilege Escalation Vectors on Windows Systems
https://github.com/pentestmonkey/windows-privesc-check
@FromZer0toHero
https://github.com/pentestmonkey/windows-privesc-check
@FromZer0toHero
GitHub
GitHub - pentestmonkey/windows-privesc-check: Standalone Executable to Check for Simple Privilege Escalation Vectors on Windows…
Standalone Executable to Check for Simple Privilege Escalation Vectors on Windows Systems - pentestmonkey/windows-privesc-check
Understanding how DLL Hijacking works
https://astr0baby.wordpress.com/2018/09/08/understanding-how-dll-hijacking-works
@WindowsHackingLibrary
https://astr0baby.wordpress.com/2018/09/08/understanding-how-dll-hijacking-works
@WindowsHackingLibrary
Astr0baby's not so random thoughts _____ rand() % 100;
Understanding how DLL Hijacking works
It is vital to understand how these vulnerabilities in fact work (DLL Hijacking from valid Windows PE32 executables) So we will prepare a real world scenario and will use an outdated piece of softw…
Playing with Relayed Credentials
https://www.coresecurity.com/blog/playing-relayed-credentials
@WindowsHackingLibrary
https://www.coresecurity.com/blog/playing-relayed-credentials
@WindowsHackingLibrary
Coresecurity
Advanced Pen-Testing Tricks: Building a Lure to Collect High Value Credentials
Here’s the scenario: You’ve compromised a system but it hasn’t been logged into recently by an administrator, so you’re quite disappointed by your Mimikatz results. You’ve got local system credentials but nothing that’s on the domain except the machine account.…
DDE Downloaders, Excel Abuse, and a PowerShell Backdoor
http://rinseandrepeatanalysis.blogspot.com/2018/09/dde-downloaders-excel-abuse-and.html
@WindowsHackingLibrary
http://rinseandrepeatanalysis.blogspot.com/2018/09/dde-downloaders-excel-abuse-and.html
@WindowsHackingLibrary
Blogspot
DDE Downloaders, Excel Abuse, and a PowerShell Backdoor
DDE or Dynamic Data Exchange is a Microsoft protocol used to transmit data/messages between applications. This sounds harmless and useful, b...
A detailed technical explanation of CVE-2018-8120
https://xiaodaozhi.com/exploit/156.html
@WindowsHackingLibrary
https://xiaodaozhi.com/exploit/156.html
@WindowsHackingLibrary
A PowerShell example of the Windows zero day priv esc
https://github.com/OneLogicalMyth/zeroday-powershell/blob/master/README.md
@WindowsHackingLibrary
https://github.com/OneLogicalMyth/zeroday-powershell/blob/master/README.md
@WindowsHackingLibrary
GitHub
zeroday-powershell/README.md at master · OneLogicalMyth/zeroday-powershell
A PowerShell example of the Windows zero day priv esc - zeroday-powershell/README.md at master · OneLogicalMyth/zeroday-powershell
You can't contain me! :: Analyzing and Exploiting an Elevation of Privilege Vulnerability in Docker for Windows
https://srcincite.io/blog/2018/08/31/you-cant-contain-me-analyzing-and-exploiting-an-elevation-of-privilege-in-docker-for-windows.html
@WindowsHackingLibrary
https://srcincite.io/blog/2018/08/31/you-cant-contain-me-analyzing-and-exploiting-an-elevation-of-privilege-in-docker-for-windows.html
@WindowsHackingLibrary
CVE-2018-8420 - Microsoft XML Core Services MSXML RCE through web browser PoC
https://github.com/Theropord/CVE-2018-8420
@WindowsHackingLibrary
https://github.com/Theropord/CVE-2018-8420
@WindowsHackingLibrary
Bypassing AppLocker Custom Rules
https://0x09al.github.io/security/applocker/bypass/custom/rules/windows/2018/09/13/applocker-custom-rules-bypass.html
@WindowsHackingLibrary
https://0x09al.github.io/security/applocker/bypass/custom/rules/windows/2018/09/13/applocker-custom-rules-bypass.html
@WindowsHackingLibrary
0x09AL Security blog
Bypassing AppLocker Custom Rules
Introduction Applocker is becoming one of the most implemented security features in big organizations. Implementing AppLocker reduces your risk dramatically especially for workstations. Unfortunately for the blue-team, there are a lot of custom configurations…
Exploiting STOPzilla AntiMalware Arbitrary Write Vulnerability using SeCreateTokenPrivilege
http://www.greyhathacker.net/?p=1025
@WindowsHackingLibrary
http://www.greyhathacker.net/?p=1025
@WindowsHackingLibrary
How to add a module in Mimikatz?
https://littlesecurityprince.com/security/2018/03/18/ModuleMimikatz.html
@WindowsHackingLibrary
https://littlesecurityprince.com/security/2018/03/18/ModuleMimikatz.html
@WindowsHackingLibrary
From OSINT to Internal: Gaining Domain Admin from Outside the Perimeter
https://www.coalfire.com/The-Coalfire-Blog/Sept-2018/From-OSINT-to-Internal-Gaining-Domain-Admin
@WindowsHackingLibrary
https://www.coalfire.com/The-Coalfire-Blog/Sept-2018/From-OSINT-to-Internal-Gaining-Domain-Admin
@WindowsHackingLibrary
Coalfire.com
From OSINT to Internal: Gaining Domain Admin from Outside the Perimeter
While the techniques presented here no longer work on current software versions, it does go to show that by looking beyond the scan results, a determined attacker can quickly turn a relatively “clean” vulnerability scan into complete domain compromise.
Multiple Ways to Bypass UAC using Metasploit
http://www.hackingarticles.in/multiple-ways-to-bypass-uac-using-metasploit
@WindowsHackingLibrary
http://www.hackingarticles.in/multiple-ways-to-bypass-uac-using-metasploit
@WindowsHackingLibrary
Hacking Articles
Multiple Ways to Bypass UAC using Metasploit - Hacking Articles
In this Post, we are shedding light on User Account Control shortly known as UAC. We will also look at how it can potentially protect