Hunting for Privilege Escalation in Windows Environment
https://speakerdeck.com/heirhabarov/hunting-for-privilege-escalation-in-windows-environment
https://speakerdeck.com/heirhabarov/hunting-for-privilege-escalation-in-windows-environment
Speaker Deck
Hunting for Privilege Escalation in Windows Environment
Slides from my talk at the OFFZONE 2018 conference (https://www.offzone.moscow/report/hunting-for-privilege-escalation-in-windows-environment/)
Z-WASP attack: hackers used Zero-Width spaces to bypass Office 365 protections
https://securityaffairs.co/wordpress/79791/hacking/z-wasp-attack-phishing.html
https://securityaffairs.co/wordpress/79791/hacking/z-wasp-attack-phishing.html
Security Affairs
Z-WASP attack: hackers used Zero-Width spaces to bypass Office 365 protections
Z-WASP attack - Phishers used a recently fixed flaw in Office 365 that allows them to bypass protections using zero-width spaces.
Buffer Overflow Practical Examples , Exploiting EIP - protostar stack4
https://0xrick.github.io/binary-exploitation/bof4/
https://0xrick.github.io/binary-exploitation/bof4/
0xRick's Blog
Buffer Overflow Examples, Taking control of the instruction pointer - protostar stack4
Another buffer overflow example where I overwrite EIP to redirect code execution. (x32)
How Shadow SUIDs Can be Used to Exploit Linux Systems? Part 1
https://www.sentinelone.com/blog/protecting-linux-devices-from-shadow-suid-exploitation/
https://www.sentinelone.com/blog/protecting-linux-devices-from-shadow-suid-exploitation/
SentinelOne
Protecting Linux Devices from Shadow SUID exploitation - Feature Spotlight | SentinelOne
Find out more on SentinelOne Linux agent new feature - Shadow SUID Protection. Learn why it's important and how SentinelOne customers can stay safe
Active Directory Penetration Dojo – AD Environment Enumeration -1
https://scriptdotsh.com/index.php/2019/01/01/active-directory-penetration-dojo-ad-environment-enumeration-1/
https://scriptdotsh.com/index.php/2019/01/01/active-directory-penetration-dojo-ad-environment-enumeration-1/
Buffer Overflow Practical Examples , Shellcode Injection and Local Privilege Escalation - protostar stack5
https://0xrick.github.io/binary-exploitation/bof5/
https://0xrick.github.io/binary-exploitation/bof5/
0xRick's Blog
Buffer Overflow Examples, Code execution by shellcode injection - protostar stack5
In this binary exploitation post I show a simple buffer overflow exploited to get code execution by shellcode injection in case the stack is executable. (x32)
Extract Non-Exportable Certificates and Evade Anti-Virus with Mimikatz and Powersploit (2017)
https://insinuator.net/2017/10/extract-non-exportable-certificates-and-evade-anti-virus-with-mimikatz-and-powersploit/
https://insinuator.net/2017/10/extract-non-exportable-certificates-and-evade-anti-virus-with-mimikatz-and-powersploit/
Insinuator.net
Extract Non-Exportable Certificates and Evade Anti-Virus with Mimikatz and Powersploit
Some time ago, one of our customers contacted us with a special request. For some legitimate reason, they needed to centrally collect certain certificates including their private keys which were distributed across many client systems running Windows and stored…
PowerShell Remoting from Linux to Windows
https://blog.quickbreach.io/ps-remote-from-linux-to-windows/
https://blog.quickbreach.io/ps-remote-from-linux-to-windows/
Deconstructing Fileless Attacks into 4 Underlying Techniques
https://blog.minerva-labs.com/deconstructing-fileless-attacks-into-4-underlying-techniques
https://blog.minerva-labs.com/deconstructing-fileless-attacks-into-4-underlying-techniques
Minerva-Labs
Deconstructing Fileless Attacks into 4 Underlying Techniques
Let’s examine 4 specific techniques that comprise fileless attacks and why they often go undetected by existing defenses.
GitHub - 0x27/CiscoRV320Dump: CVE-2019-1653 Exploits For Dumping Cisco RV320 Configurations & Debugging Data
https://github.com/0x27/CiscoRV320Dump/
https://github.com/0x27/CiscoRV320Dump/
GitHub
GitHub - 0x27/CiscoRV320Dump: CVE-2019-1652 /CVE-2019-1653 Exploits For Dumping Cisco RV320 Configurations & Debugging Data AND…
CVE-2019-1652 /CVE-2019-1653 Exploits For Dumping Cisco RV320 Configurations & Debugging Data AND Remote Root Exploit! - 0x27/CiscoRV320Dump
Found an intersting bypass:
https://x.x.x.x/WEB-INF/web.xml -> 403 Forbidden
https://x.x.x.x/./WEB-INF/web.xml -> 403 Forbidden
https://x.x.x.x/.//WEB-INF/web.xml -> 200 OK
Tomcat 8 on Windows...
https://x.x.x.x/WEB-INF/web.xml -> 403 Forbidden
https://x.x.x.x/./WEB-INF/web.xml -> 403 Forbidden
https://x.x.x.x/.//WEB-INF/web.xml -> 200 OK
Tomcat 8 on Windows...
Microsoft Powerpoint as Malware Dropper
https://marcoramilli.blogspot.com/2018/11/microsoft-powerpoint-as-malware-dropper.html
https://marcoramilli.blogspot.com/2018/11/microsoft-powerpoint-as-malware-dropper.html