Understanding the AD Account attributes - LastLogon, LastLogonTimeStamp and LastLogonDate
https://social.technet.microsoft.com/wiki/contents/articles/22461.understanding-the-ad-account-attributes-lastlogon-lastlogontimestamp-and-lastlogondate.aspx
https://social.technet.microsoft.com/wiki/contents/articles/22461.understanding-the-ad-account-attributes-lastlogon-lastlogontimestamp-and-lastlogondate.aspx
SMB Named Pipe Pivoting in Meterpreter
https://medium.com/@petergombos/smb-named-pipe-pivoting-in-meterpreter-462580fd41c5
https://medium.com/@petergombos/smb-named-pipe-pivoting-in-meterpreter-462580fd41c5
Medium
SMB Named Pipe Pivoting in Meterpreter
A hidden feature of Metasploit, is the ability to add SMB Named Pipe listeners in a meterpreter session to pivot on an internal network…
Hiding a beacon in a jquery
https://sysopfb.github.io/malware,/reverse-engineering/2018/10/08/Beacon-in-a-jquery.html
https://sysopfb.github.io/malware,/reverse-engineering/2018/10/08/Beacon-in-a-jquery.html
Random RE
Hiding a beacon in a jquery
It’s easy to find yourself as a malware researcher looking at some unimaginative samples, which can be good for learning but sometimes you find one that someone actually invested some time into. While ripping this apart I noticed that most of the setup was…
Tsurugi Linux : A heavily customized Linux distro designed for DFIR investigations, malware analysis and Open Sourced intelligence activities : https://tsurugi-linux.org/index.php
Simple MSBuild payload to pull in and execute an externally hosted .net assembly in memory, using a modified version of the code from @anthemtotheego's SharpCradle project. Allows for assembly execution without a PE having to touch disk.
https://gist.github.com/G0ldenGunSec/62b8166c23573fc64c6eeb29e8c5b818
https://gist.github.com/G0ldenGunSec/62b8166c23573fc64c6eeb29e8c5b818
Twitter
Anthem To The Ego (@anthemtotheego) | Twitter
The latest Tweets from Anthem To The Ego (@anthemtotheego). OSCP - hacker - penetration tester - mediocre coder - musician - work in progress. Midwest
Blacklist3r : Audit/pwn an application using pre-shared Machine Keys :
https://www.notsosecure.com/project-blacklist3r/
https://www.notsosecure.com/project-blacklist3r/
Discovering Service Accounts without Using Privileges
https://blog.stealthbits.com/discovering-service-accounts-without-using-privileges/
https://blog.stealthbits.com/discovering-service-accounts-without-using-privileges/
Stealthbits Technologies
Discovering Service Accounts without Using Privileges
Discovering Service Accounts without privileges by using LDAP Reconnaissance with PowerShell.
RomHack_2018_Andrea_Pierini_whoami.pdf
2.2 MB
show me your privileges and I will lead you to SYSTEM
Abusing SeLoadDriverPrivilege for privilege escalation
https://www.tarlogic.com/en/blog/abusing-seloaddriverprivilege-for-privilege-escalation/
https://www.tarlogic.com/en/blog/abusing-seloaddriverprivilege-for-privilege-escalation/
*Recovering Plaintext Domain Credentials from WPA2 Enterprise on a Compromised Host**
https://0x00-0x00.github.io/research/2018/11/06/Recovering-Plaintext-Domain-Credentials-From-WPA2-Enterprise-on-a-compromised-host.html
https://0x00-0x00.github.io/research/2018/11/06/Recovering-Plaintext-Domain-Credentials-From-WPA2-Enterprise-on-a-compromised-host.html
zc00l blog
Recovering Plaintext Domain Credentials from WPA2 Enterprise on a Compromised Host
Introduction
Detecting Lateral Movement Using Sysmon and Splunk
https://medium.com/threatpunter/detecting-lateral-movement-using-sysmon-and-splunk-318d3be141bc
https://medium.com/threatpunter/detecting-lateral-movement-using-sysmon-and-splunk-318d3be141bc
Medium
Detecting Lateral Movement Using Sysmon and Splunk
Detecting an attacker moving laterally in your environment can be a challenge. It can be difficult to obtain the logs required to identify…