Offensive WMI
The Basics (Part 1)
# https://0xinfection.github.io/posts/wmi-basics-part-1/
# https://0xinfection.github.io/posts/wmi-classes-methods-part-2/
The Basics (Part 1)
# https://0xinfection.github.io/posts/wmi-basics-part-1/
# https://0xinfection.github.io/posts/wmi-classes-methods-part-2/
APT
Offensive WMI (Part 3) https://0xinfection.github.io/posts/wmi-registry-part-3/ #wmi
Offensive WMI - Reconnaissance & Enumeration (Part 4)
This post focuses on interacting with several WMI classes to extract useful and sensitive information
https://0xinfection.github.io/posts/wmi-recon-enum/
#wmi
This post focuses on interacting with several WMI classes to extract useful and sensitive information
https://0xinfection.github.io/posts/wmi-recon-enum/
#wmi
APT
Offensive WMI - Reconnaissance & Enumeration (Part 4) This post focuses on interacting with several WMI classes to extract useful and sensitive information https://0xinfection.github.io/posts/wmi-recon-enum/ #wmi
Offensive WMI - Active Directory Enumeration (Part 5)
https://0xinfection.github.io/posts/wmi-ad-enum/
#wmi
https://0xinfection.github.io/posts/wmi-ad-enum/
#wmi
This media is not supported in your browser
VIEW IN TELEGRAM
WMEye
A small project I wrote that uses WMI foo to remotely upload shellcode into a WMI Class and execute it by invoking MSBuild.
It uses LogFileEventConsumer Class to write the MSBuild Payload.
https://github.com/pwn1sher/WMEye
#wmi #redteam #tools
A small project I wrote that uses WMI foo to remotely upload shellcode into a WMI Class and execute it by invoking MSBuild.
It uses LogFileEventConsumer Class to write the MSBuild Payload.
https://github.com/pwn1sher/WMEye
#wmi #redteam #tools
👻 The Phantom Credentials of SCCM
If an Active Directory account has ever been configured as an NAA, the credentials may persist on former clients. Not only can we query the credential blobs from WMI, we can also retrieve previously used account blobs from the CIM repository, even if the computer is no longer a client.
https://posts.specterops.io/the-phantom-credentials-of-sccm-why-the-naa-wont-die-332ac7aa1ab9
#ad #credentials #sccm #nna #wmi
If an Active Directory account has ever been configured as an NAA, the credentials may persist on former clients. Not only can we query the credential blobs from WMI, we can also retrieve previously used account blobs from the CIM repository, even if the computer is no longer a client.
https://posts.specterops.io/the-phantom-credentials-of-sccm-why-the-naa-wont-die-332ac7aa1ab9
#ad #credentials #sccm #nna #wmi
SpecterOps
The Phantom Credentials of SCCM: Why the NAA Won’t Die - SpecterOps
Explore the risks lurking within SCCM's Network Access Accounts, why transitioning to Enhanced HTTP isn't enough, and why disabling NAAs from AD is crucial.
🔥3❤1❤🔥1