Feature, not bug: DNSAdmin to DC compromise in one line
https://medium.com/@esnesenon/feature-not-bug-dnsadmin-to-dc-compromise-in-one-line-a0f779b8dc83
https://medium.com/@esnesenon/feature-not-bug-dnsadmin-to-dc-compromise-in-one-line-a0f779b8dc83
Medium
Feature, not bug: DNSAdmin to DC compromise in one line
Background
Capturing Screenshots with PowerShell and .NET
https://www.pdq.com/blog/capturing-screenshots-with-powershell-and-net/
https://www.pdq.com/blog/capturing-screenshots-with-powershell-and-net/
Pdq
How to take a screenshot with PowerShell | PDQ
Tired of using the same old tools to capture your screenshots? Discover how to take local and remote screenshots using PowerShell and impress all your techy friends.
RCE in Hubspot with EL injection in HubL
https://www.betterhacker.com/2018/12/rce-in-hubspot-with-el-injection-in-hubl.html
https://www.betterhacker.com/2018/12/rce-in-hubspot-with-el-injection-in-hubl.html
Betterhacker
RCE in Hubspot with EL injection in HubL
This is the story of how I was able to get remote code execution on Hubspot 's servers by exploiting a vulnerability in HubL expression la...
A collection of infrastructure related tests for use with #Pester & #PowerShell.
https://github.com/EvotecIT/PesterInfrastructureTests
https://github.com/EvotecIT/PesterInfrastructureTests
GitHub
EvotecIT/PesterInfrastructureTests
A collection of infrastructure related tests for use with Pester & PowerShell. - EvotecIT/PesterInfrastructureTests
Exploitation: XML External Entity (XXE) Injection
https://depthsecurity.com/blog/exploitation-xml-external-entity-xxe-injection
https://depthsecurity.com/blog/exploitation-xml-external-entity-xxe-injection
Blind Command Injection Testing with Burp Collaborator
https://hk.saowen.com/a/2d57cca70a0fc0b21138211a1cb83e8c51af27b3dff57c3dbb51343549a39626
https://hk.saowen.com/a/2d57cca70a0fc0b21138211a1cb83e8c51af27b3dff57c3dbb51343549a39626
Information Security
Photo
SwampThing
SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state, rewrite the PEB, resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones. Think for example about launching a wmic xsl stylesheet for code execution but faking an innocuous wmic command.
https://github.com/FuzzySecurity/Sharp-Suite
SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state, rewrite the PEB, resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones. Think for example about launching a wmic xsl stylesheet for code execution but faking an innocuous wmic command.
https://github.com/FuzzySecurity/Sharp-Suite
GitHub
GitHub - FuzzySecurity/Sharp-Suite: Also known by Microsoft as Knifecoat :hot_pepper:
Also known by Microsoft as Knifecoat :hot_pepper:. Contribute to FuzzySecurity/Sharp-Suite development by creating an account on GitHub.
Pwning computers using Telegram bot API
https://0x00-0x00.github.io/tools/2018/12/10/Pwning-Computers-using-Telegram-bot-API.html
https://0x00-0x00.github.io/tools/2018/12/10/Pwning-Computers-using-Telegram-bot-API.html
From blind XXE to root-level file read access
https://www.honoki.net/2018/12/from-blind-xxe-to-root-level-file-read-access/
https://www.honoki.net/2018/12/from-blind-xxe-to-root-level-file-read-access/