WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines, but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.
https://github.com/FortyNorthSecurity/WMImplant
https://github.com/FortyNorthSecurity/WMImplant
GitHub
GitHub - RedSiege/WMImplant: This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell…
This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported is translated into a WMI-equivalent for use on a network/rem...
Escalating privileges with ACLs in Active Directory
https://blog.fox-it.com/2018/04/26/escalating-privileges-with-acls-in-active-directory/
https://blog.fox-it.com/2018/04/26/escalating-privileges-with-acls-in-active-directory/
Fox-IT International blog
Escalating privileges with ACLs in Active Directory
Researched and written by Rindert Kramer and Dirk-jan Mollema Introduction During internal penetration tests, it happens quite often that we manage to obtain Domain Administrative access within a f…
Testing Race Conditions in Web Applications
https://securingtomorrow.mcafee.com/business/testing-race-conditions-web-applications/
https://securingtomorrow.mcafee.com/business/testing-race-conditions-web-applications/
Datajack Proxy
Datajack Proxy a tool to intercept non-HTTP traffic between a native application and a server.
https://github.com/nccgroup/DatajackProxy
Datajack Proxy a tool to intercept non-HTTP traffic between a native application and a server.
https://github.com/nccgroup/DatajackProxy
GitHub
GitHub - nccgroup/DatajackProxy: Datajack Proxy allows you to intercept TLS traffic in native x86 applications across platforms
Datajack Proxy allows you to intercept TLS traffic in native x86 applications across platforms - GitHub - nccgroup/DatajackProxy: Datajack Proxy allows you to intercept TLS traffic in native x86 ap...
https://defuse.ca/race-conditions-in-web-applications.htm
https://medium.com/@ciph3r7r0ll/race-condition-bug-in-web-app-a-use-case-21fd4df71f0e
https://github.com/aaronhnatiw/race-the-web
https://medium.com/@ciph3r7r0ll/race-condition-bug-in-web-app-a-use-case-21fd4df71f0e
https://github.com/aaronhnatiw/race-the-web
defuse.ca
Practical Race Condition (TOCTTOU) Vulnerabilities in Web Applications - Defuse Security
Query-level race conditions can lead to serious but hard to find vulnerabilities in web applications.
Extracting Certificates From the Windows Registry
https://blog.nviso.be/2019/08/28/extracting-certificates-from-the-windows-registry/
https://blog.nviso.be/2019/08/28/extracting-certificates-from-the-windows-registry/
NVISO Labs
Extracting Certificates From the Windows Registry
I helped a colleague with a forensic analysis by extracting certificates from the Windows registry. In this blog post, we explain how to do this. The Windows registry contains binary blobs, contain…
Cisco UCS Director unauthenticated RCE as root (advisory + exploits)
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/cisco-ucs-rce.txt
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/cisco-ucs-rce.txt
Updated TikiLateral to use .NET WMI stuff instead of wmic on the command line
https://rastamouse.me/2019/06/the-return-of-aggressor/
https://rastamouse.me/2019/06/the-return-of-aggressor/
Cheatsheet containing various Kerberos attacks and PoCs
-ASREPRoast
-Kerberoasting
-Pass The Ticket (PTT)
-Silver ticket
-Golden ticket
https://gist.github.com/TarlogicSecurity/2f221924fef8c14a1d8e29f3cb5c5c4a
-ASREPRoast
-Kerberoasting
-Pass The Ticket (PTT)
-Silver ticket
-Golden ticket
https://gist.github.com/TarlogicSecurity/2f221924fef8c14a1d8e29f3cb5c5c4a
Gist
A cheatsheet with commands that can be used to perform kerberos attacks
A cheatsheet with commands that can be used to perform kerberos attacks - kerberos_attacks_cheatsheet.md