Windows Drivers Reverse Engineering Methodology

https://voidsec.com/windows-drivers-reverse-engineering-methodology

@WindowsHackingLibrary

AD CS: weaponizing the ESC7 attack

https://www.blackarrow.net/adcs-weaponizing-esc7-attack

@WindowsHackingLibrary

Delegate to KRBTGT service

https://skyblue.team/posts/delegate-krbtgt

@WindowsHackingLibrary

Sandboxing Antimalware Products for Fun and Profit

https://elastic.github.io/security-research/whitepapers/2022/02/02.sandboxing-antimalware-products-for-fun-and-profit/article

@WindowsHackingLibrary

Exploring Windows UAC Bypasses: Techniques and Detection Strategies

https://elastic.github.io/security-research/whitepapers/2022/02/03.exploring-windows-uac-bypass-techniques-detection-strategies/article/

@BlueTeamLibrary

Introducing the Golden GMSA Attack

https://www.semperis.com/blog/golden-gmsa-attack

@WindowsHackingLibrary

Group Policy Folder Redirection CVE-2021-26887

https://decoder.cloud/2022/04/27/group-policy-folder-redirection-cve-2021-26887

@WindowsHackingLibrary

KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).

https://github.com/Dec0ne/KrbRelayUp

@WindowsHackingLibrary

Analysing LastPass, Part 1

https://www.mdsec.co.uk/2022/10/analysing-lastpass-part-1

@WindowsHackingLibrary

Fantastic Rootkits: And Where to Find Them (Part 1)

https://www.cyberark.com/resources/threat-research-blog/fantastic-rootkits-and-where-to-find-them-part-1

@WindowsHackingLibrary

At the Edge of Tier Zero: The Curious Case of the RODC

https://posts.specterops.io/at-the-edge-of-tier-zero-the-curious-case-of-the-rodc-ef5f1799ca06

@WindowsHackingLibrary

External Trusts Are Evil // Breaking Trust Transitivity

https://exploit.ph/external-trusts-are-evil.html

@WindowsHackingLibrary

I’ve Got a Golden Twinkle in My Eye

The Kerberos Ticket Granting Ticket (KRBTGT) account is one of the most important accounts in a Windows Active Directory (AD) domain. Once the KRBTGT account has been exposed to an attacker this can allow them to conduct the Golden Ticket (GT) attack, which can grant them persistence, unfettered access, and may allow for privilege escalation in AD. This talk will stress the importance of the KRBTGT account and why it is often a high value target (HVT) for attackers. A detailed examination of the GT attack and defence techniques will be demonstrated.

https://www.youtube.com/watch?v=ABd0dm8MbDo

@WindowsHackingLibrary

Windows Secrets Extraction: A Summary

https://www.synacktiv.com/publications/windows-secrets-extraction-a-summary

@WindowsHackingLibrary

CVE-2023-38146: Arbitrary Code Execution via Windows Themes

https://exploits.forsale/themebleed/

@WindowsHackingLibrary

Inside Microsoft's plan to kill PPLFault

"In this research publication, we'll learn about upcoming improvements to the Windows Code Integrity subsystem that will make it harder for malware to tamper with Anti-Malware processes and other important security features."

https://www.elastic.co/security-labs/inside-microsofts-plan-to-kill-pplfault

@WindowsHackingLibrary

Pwned by the Mail Carrier

> How MS Exchange on-premises compromises Active Directory and what organizations can do to prevent that.

https://posts.specterops.io/pwned-by-the-mail-carrier-0750edfad43b

@WindowsHackingLibrary

SeeSeeYouExec: Windows Session Hijacking via CcmExec

https://cloud.google.com/blog/topics/threat-intelligence/windows-session-hijacking-via-ccmexec

@WindowsHackingLibrary

The Windows Registry Adventure #1: Introduction and research results

https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html

@WindowsHackingLibrary

The Windows Registry Adventure #2: A brief history of the feature

https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-2.html

@WindowsHackingLibrary