Hiding a beacon in a jquery
https://sysopfb.github.io/malware,/reverse-engineering/2018/10/08/Beacon-in-a-jquery.html
https://sysopfb.github.io/malware,/reverse-engineering/2018/10/08/Beacon-in-a-jquery.html
Random RE
Hiding a beacon in a jquery
It’s easy to find yourself as a malware researcher looking at some unimaginative samples, which can be good for learning but sometimes you find one that someone actually invested some time into. While ripping this apart I noticed that most of the setup was…
Tsurugi Linux : A heavily customized Linux distro designed for DFIR investigations, malware analysis and Open Sourced intelligence activities : https://tsurugi-linux.org/index.php
Simple MSBuild payload to pull in and execute an externally hosted .net assembly in memory, using a modified version of the code from @anthemtotheego's SharpCradle project. Allows for assembly execution without a PE having to touch disk.
https://gist.github.com/G0ldenGunSec/62b8166c23573fc64c6eeb29e8c5b818
https://gist.github.com/G0ldenGunSec/62b8166c23573fc64c6eeb29e8c5b818
Twitter
Anthem To The Ego (@anthemtotheego) | Twitter
The latest Tweets from Anthem To The Ego (@anthemtotheego). OSCP - hacker - penetration tester - mediocre coder - musician - work in progress. Midwest
Blacklist3r : Audit/pwn an application using pre-shared Machine Keys :
https://www.notsosecure.com/project-blacklist3r/
https://www.notsosecure.com/project-blacklist3r/
Discovering Service Accounts without Using Privileges
https://blog.stealthbits.com/discovering-service-accounts-without-using-privileges/
https://blog.stealthbits.com/discovering-service-accounts-without-using-privileges/
Stealthbits Technologies
Discovering Service Accounts without Using Privileges
Discovering Service Accounts without privileges by using LDAP Reconnaissance with PowerShell.
RomHack_2018_Andrea_Pierini_whoami.pdf
2.2 MB
show me your privileges and I will lead you to SYSTEM
Abusing SeLoadDriverPrivilege for privilege escalation
https://www.tarlogic.com/en/blog/abusing-seloaddriverprivilege-for-privilege-escalation/
https://www.tarlogic.com/en/blog/abusing-seloaddriverprivilege-for-privilege-escalation/
*Recovering Plaintext Domain Credentials from WPA2 Enterprise on a Compromised Host**
https://0x00-0x00.github.io/research/2018/11/06/Recovering-Plaintext-Domain-Credentials-From-WPA2-Enterprise-on-a-compromised-host.html
https://0x00-0x00.github.io/research/2018/11/06/Recovering-Plaintext-Domain-Credentials-From-WPA2-Enterprise-on-a-compromised-host.html
zc00l blog
Recovering Plaintext Domain Credentials from WPA2 Enterprise on a Compromised Host
Introduction
Detecting Lateral Movement Using Sysmon and Splunk
https://medium.com/threatpunter/detecting-lateral-movement-using-sysmon-and-splunk-318d3be141bc
https://medium.com/threatpunter/detecting-lateral-movement-using-sysmon-and-splunk-318d3be141bc
Medium
Detecting Lateral Movement Using Sysmon and Splunk
Detecting an attacker moving laterally in your environment can be a challenge. It can be difficult to obtain the logs required to identify…
Aggressor scripts for use with Cobalt Strike 3.0+
custom_payload_generator - creates various payloads for Cobalt Strike's Beacon. Current payload formats:
MSBuild .xml
JSC .js
Windows JScript .js (for wscript or cscript)
https://github.com/offsecginger/AggressorScripts
custom_payload_generator - creates various payloads for Cobalt Strike's Beacon. Current payload formats:
MSBuild .xml
JSC .js
Windows JScript .js (for wscript or cscript)
https://github.com/offsecginger/AggressorScripts
GitHub
GitHub - offsecginger/AggressorScripts: Various Aggressor Scripts I've Created.
Various Aggressor Scripts I've Created. Contribute to offsecginger/AggressorScripts development by creating an account on GitHub.