Discovering Service Accounts without Using Privileges
https://blog.stealthbits.com/discovering-service-accounts-without-using-privileges/
https://blog.stealthbits.com/discovering-service-accounts-without-using-privileges/
Stealthbits Technologies
Discovering Service Accounts without Using Privileges
Discovering Service Accounts without privileges by using LDAP Reconnaissance with PowerShell.
RomHack_2018_Andrea_Pierini_whoami.pdf
2.2 MB
show me your privileges and I will lead you to SYSTEM
Abusing SeLoadDriverPrivilege for privilege escalation
https://www.tarlogic.com/en/blog/abusing-seloaddriverprivilege-for-privilege-escalation/
https://www.tarlogic.com/en/blog/abusing-seloaddriverprivilege-for-privilege-escalation/
*Recovering Plaintext Domain Credentials from WPA2 Enterprise on a Compromised Host**
https://0x00-0x00.github.io/research/2018/11/06/Recovering-Plaintext-Domain-Credentials-From-WPA2-Enterprise-on-a-compromised-host.html
https://0x00-0x00.github.io/research/2018/11/06/Recovering-Plaintext-Domain-Credentials-From-WPA2-Enterprise-on-a-compromised-host.html
zc00l blog
Recovering Plaintext Domain Credentials from WPA2 Enterprise on a Compromised Host
Introduction
Detecting Lateral Movement Using Sysmon and Splunk
https://medium.com/threatpunter/detecting-lateral-movement-using-sysmon-and-splunk-318d3be141bc
https://medium.com/threatpunter/detecting-lateral-movement-using-sysmon-and-splunk-318d3be141bc
Medium
Detecting Lateral Movement Using Sysmon and Splunk
Detecting an attacker moving laterally in your environment can be a challenge. It can be difficult to obtain the logs required to identify…
Aggressor scripts for use with Cobalt Strike 3.0+
custom_payload_generator - creates various payloads for Cobalt Strike's Beacon. Current payload formats:
MSBuild .xml
JSC .js
Windows JScript .js (for wscript or cscript)
https://github.com/offsecginger/AggressorScripts
custom_payload_generator - creates various payloads for Cobalt Strike's Beacon. Current payload formats:
MSBuild .xml
JSC .js
Windows JScript .js (for wscript or cscript)
https://github.com/offsecginger/AggressorScripts
GitHub
GitHub - offsecginger/AggressorScripts: Various Aggressor Scripts I've Created.
Various Aggressor Scripts I've Created. Contribute to offsecginger/AggressorScripts development by creating an account on GitHub.
Forwarded from امنیت اطلاعات
Lateral Movement Using internetexplorer.Application Object ( COM )
https://homjxi0e.wordpress.com/2018/02/15/lateral-movement-using-internetexplorer-application-object-com/
https://homjxi0e.wordpress.com/2018/02/15/lateral-movement-using-internetexplorer-application-object-com/
automato.rb
automato uses native LDAP libraries to automate the collection and enumeration of various directory objects. This is incredibly useful during an internal penetration test.
automato can also conduct password spraying attacks, and identify if a user is a local administrator against any number of systems.
https://github.com/skahwah/automato
automato uses native LDAP libraries to automate the collection and enumeration of various directory objects. This is incredibly useful during an internal penetration test.
automato can also conduct password spraying attacks, and identify if a user is a local administrator against any number of systems.
https://github.com/skahwah/automato
GitHub
GitHub - skahwah/automato: automato should help with automating some of the user-focused enumeration tasks during an internal penetration…
automato should help with automating some of the user-focused enumeration tasks during an internal penetration test. - skahwah/automato
Injecting Code into Windows Protected Processes using COM - Part 2
https://googleprojectzero.blogspot.com/2018/11/injecting-code-into-windows-protected.html
https://googleprojectzero.blogspot.com/2018/11/injecting-code-into-windows-protected.html
Blogspot
Injecting Code into Windows Protected Processes using COM - Part 2
Posted by James Forshaw, Project Zero In my previous blog I discussed a technique which combined numerous issues I’ve previously repor...
If you haven't played with the (relatively) new automated encoding detection feature, aka "Magic", in CyberChef, throw an encoded PowerShell script into it this weekend. https://buff.ly/2BJy8u5
Revealing software-breakpoints from memory [linux version]
https://www.matteomalvica.com/blog/2018/12/02/revealing-software-breakpoints/
https://www.matteomalvica.com/blog/2018/12/02/revealing-software-breakpoints/
Three New DDE Obfuscation Methods
https://blog.reversinglabs.com/blog/cvs-dde-exploits-and-obfuscation
https://blog.reversinglabs.com/blog/cvs-dde-exploits-and-obfuscation
ReversingLabs
Three New DDE Obfuscation Methods
Cisco Talos and ReversingLabs discover a new spam campaign spreading the Adwind 3.0 remote access tool (RAT), ReversingLabs details three new DDE obfuscation methods.
DCOMrade. Powershell script for enumerating vulnerable DCOM Applications
https://github.com/sud0woodo/DCOMrade
https://github.com/sud0woodo/DCOMrade
GitHub
GitHub - sud0woodo/DCOMrade: Powershell script for enumerating vulnerable DCOM Applications
Powershell script for enumerating vulnerable DCOM Applications - sud0woodo/DCOMrade
Feature, not bug: DNSAdmin to DC compromise in one line
https://medium.com/@esnesenon/feature-not-bug-dnsadmin-to-dc-compromise-in-one-line-a0f779b8dc83
https://medium.com/@esnesenon/feature-not-bug-dnsadmin-to-dc-compromise-in-one-line-a0f779b8dc83
Medium
Feature, not bug: DNSAdmin to DC compromise in one line
Background
Capturing Screenshots with PowerShell and .NET
https://www.pdq.com/blog/capturing-screenshots-with-powershell-and-net/
https://www.pdq.com/blog/capturing-screenshots-with-powershell-and-net/
Pdq
How to take a screenshot with PowerShell | PDQ
Tired of using the same old tools to capture your screenshots? Discover how to take local and remote screenshots using PowerShell and impress all your techy friends.