Forwarded from canyoupwn.me
TR | Applocker Kullanımı
http://bit.ly/2gO4p6x
Author CypmUni İYTE
#hardening #Windows #Security #infosec
http://bit.ly/2gO4p6x
Author CypmUni İYTE
#hardening #Windows #Security #infosec
PoisonHandler
lateral movement techniques that can be used during red team exercises.
https://github.com/Mr-Un1k0d3r/PoisonHandler
#tools #redteaming #windows
lateral movement techniques that can be used during red team exercises.
https://github.com/Mr-Un1k0d3r/PoisonHandler
#tools #redteaming #windows
GitHub
GitHub - Mr-Un1k0d3r/PoisonHandler: lateral movement techniques that can be used during red team exercises
lateral movement techniques that can be used during red team exercises - Mr-Un1k0d3r/PoisonHandler
HideProcess
A basic Direct Kernel Object Manipulation rootkit that removes a process from the EPROCESS list, hiding it from the Task Manager
https://blog.landhb.dev/posts/v9eRa/a-basic-windows-dkom-rootkit-pt-1/
https://github.com/landhb/HideProcess
#windows #persistence #redteaming #evasion
A basic Direct Kernel Object Manipulation rootkit that removes a process from the EPROCESS list, hiding it from the Task Manager
https://blog.landhb.dev/posts/v9eRa/a-basic-windows-dkom-rootkit-pt-1/
https://github.com/landhb/HideProcess
#windows #persistence #redteaming #evasion
Windows Debugger API — The End of Versioned Structures
Some time ago I was introduced to the Windows debugger API and found it incredibly useful for projects that focus on forensics or analysis of data on a machine. This API allows us to open a dump file taken on any windows machine and read information from it using the symbols that match the specific modules contained in the dump.
https://medium.com/swlh/windows-debugger-api-the-end-of-versioned-structures-ac4acaa351bd
#windows #internals #debug
Some time ago I was introduced to the Windows debugger API and found it incredibly useful for projects that focus on forensics or analysis of data on a machine. This API allows us to open a dump file taken on any windows machine and read information from it using the symbols that match the specific modules contained in the dump.
https://medium.com/swlh/windows-debugger-api-the-end-of-versioned-structures-ac4acaa351bd
#windows #internals #debug
Medium
Windows Debugger API — The End of Versioned Structures
Some time ago I was introduced to the Windows debugger API and found it incredibly useful for projects that focus on forensics or analysis…
StreamDivert: Relaying (specific) network connections
The first part of this blog will be the story of how this tool found it’s way into existence, the problems we faced and the thought process followed. The second part will be a more technical deep dive into the tool itself, how to use it, and how it works.
https://research.nccgroup.com/2020/09/10/streamdivert-relaying-specific-network-connections/
#redteaming #windows #tools
The first part of this blog will be the story of how this tool found it’s way into existence, the problems we faced and the thought process followed. The second part will be a more technical deep dive into the tool itself, how to use it, and how it works.
https://research.nccgroup.com/2020/09/10/streamdivert-relaying-specific-network-connections/
#redteaming #windows #tools