Simple MSBuild payload to pull in and execute an externally hosted .net assembly in memory, using a modified version of the code from @anthemtotheego's SharpCradle project. Allows for assembly execution without a PE having to touch disk.
https://gist.github.com/G0ldenGunSec/62b8166c23573fc64c6eeb29e8c5b818
https://gist.github.com/G0ldenGunSec/62b8166c23573fc64c6eeb29e8c5b818
Twitter
Anthem To The Ego (@anthemtotheego) | Twitter
The latest Tweets from Anthem To The Ego (@anthemtotheego). OSCP - hacker - penetration tester - mediocre coder - musician - work in progress. Midwest
Blacklist3r : Audit/pwn an application using pre-shared Machine Keys :
https://www.notsosecure.com/project-blacklist3r/
https://www.notsosecure.com/project-blacklist3r/
Discovering Service Accounts without Using Privileges
https://blog.stealthbits.com/discovering-service-accounts-without-using-privileges/
https://blog.stealthbits.com/discovering-service-accounts-without-using-privileges/
Stealthbits Technologies
Discovering Service Accounts without Using Privileges
Discovering Service Accounts without privileges by using LDAP Reconnaissance with PowerShell.
RomHack_2018_Andrea_Pierini_whoami.pdf
2.2 MB
show me your privileges and I will lead you to SYSTEM
Abusing SeLoadDriverPrivilege for privilege escalation
https://www.tarlogic.com/en/blog/abusing-seloaddriverprivilege-for-privilege-escalation/
https://www.tarlogic.com/en/blog/abusing-seloaddriverprivilege-for-privilege-escalation/
*Recovering Plaintext Domain Credentials from WPA2 Enterprise on a Compromised Host**
https://0x00-0x00.github.io/research/2018/11/06/Recovering-Plaintext-Domain-Credentials-From-WPA2-Enterprise-on-a-compromised-host.html
https://0x00-0x00.github.io/research/2018/11/06/Recovering-Plaintext-Domain-Credentials-From-WPA2-Enterprise-on-a-compromised-host.html
zc00l blog
Recovering Plaintext Domain Credentials from WPA2 Enterprise on a Compromised Host
Introduction
Detecting Lateral Movement Using Sysmon and Splunk
https://medium.com/threatpunter/detecting-lateral-movement-using-sysmon-and-splunk-318d3be141bc
https://medium.com/threatpunter/detecting-lateral-movement-using-sysmon-and-splunk-318d3be141bc
Medium
Detecting Lateral Movement Using Sysmon and Splunk
Detecting an attacker moving laterally in your environment can be a challenge. It can be difficult to obtain the logs required to identify…
Aggressor scripts for use with Cobalt Strike 3.0+
custom_payload_generator - creates various payloads for Cobalt Strike's Beacon. Current payload formats:
MSBuild .xml
JSC .js
Windows JScript .js (for wscript or cscript)
https://github.com/offsecginger/AggressorScripts
custom_payload_generator - creates various payloads for Cobalt Strike's Beacon. Current payload formats:
MSBuild .xml
JSC .js
Windows JScript .js (for wscript or cscript)
https://github.com/offsecginger/AggressorScripts
GitHub
GitHub - offsecginger/AggressorScripts: Various Aggressor Scripts I've Created.
Various Aggressor Scripts I've Created. Contribute to offsecginger/AggressorScripts development by creating an account on GitHub.
Forwarded from امنیت اطلاعات
Lateral Movement Using internetexplorer.Application Object ( COM )
https://homjxi0e.wordpress.com/2018/02/15/lateral-movement-using-internetexplorer-application-object-com/
https://homjxi0e.wordpress.com/2018/02/15/lateral-movement-using-internetexplorer-application-object-com/
automato.rb
automato uses native LDAP libraries to automate the collection and enumeration of various directory objects. This is incredibly useful during an internal penetration test.
automato can also conduct password spraying attacks, and identify if a user is a local administrator against any number of systems.
https://github.com/skahwah/automato
automato uses native LDAP libraries to automate the collection and enumeration of various directory objects. This is incredibly useful during an internal penetration test.
automato can also conduct password spraying attacks, and identify if a user is a local administrator against any number of systems.
https://github.com/skahwah/automato
GitHub
GitHub - skahwah/automato: automato should help with automating some of the user-focused enumeration tasks during an internal penetration…
automato should help with automating some of the user-focused enumeration tasks during an internal penetration test. - skahwah/automato
Injecting Code into Windows Protected Processes using COM - Part 2
https://googleprojectzero.blogspot.com/2018/11/injecting-code-into-windows-protected.html
https://googleprojectzero.blogspot.com/2018/11/injecting-code-into-windows-protected.html
Blogspot
Injecting Code into Windows Protected Processes using COM - Part 2
Posted by James Forshaw, Project Zero In my previous blog I discussed a technique which combined numerous issues I’ve previously repor...
If you haven't played with the (relatively) new automated encoding detection feature, aka "Magic", in CyberChef, throw an encoded PowerShell script into it this weekend. https://buff.ly/2BJy8u5
Revealing software-breakpoints from memory [linux version]
https://www.matteomalvica.com/blog/2018/12/02/revealing-software-breakpoints/
https://www.matteomalvica.com/blog/2018/12/02/revealing-software-breakpoints/
Three New DDE Obfuscation Methods
https://blog.reversinglabs.com/blog/cvs-dde-exploits-and-obfuscation
https://blog.reversinglabs.com/blog/cvs-dde-exploits-and-obfuscation
ReversingLabs
Three New DDE Obfuscation Methods
Cisco Talos and ReversingLabs discover a new spam campaign spreading the Adwind 3.0 remote access tool (RAT), ReversingLabs details three new DDE obfuscation methods.
DCOMrade. Powershell script for enumerating vulnerable DCOM Applications
https://github.com/sud0woodo/DCOMrade
https://github.com/sud0woodo/DCOMrade
GitHub
GitHub - sud0woodo/DCOMrade: Powershell script for enumerating vulnerable DCOM Applications
Powershell script for enumerating vulnerable DCOM Applications - sud0woodo/DCOMrade