Pass-the-Hash & Administrative Tier Model
https://windowssecurity.ca/2020/03/09/pass-the-hash-is-still-a-threat/
https://windowssecurity.ca/2020/03/09/pass-the-hash-is-still-a-threat/
Avast Antivirus JavaScript Interpreter
The main Avast antivirus process is called AvastSvc.exe, which runs as SYSTEM.
https://github.com/taviso/avscript
The main Avast antivirus process is called AvastSvc.exe, which runs as SYSTEM.
https://github.com/taviso/avscript
GitHub
GitHub - taviso/avscript: Avast JavaScript Interactive Shell
Avast JavaScript Interactive Shell . Contribute to taviso/avscript development by creating an account on GitHub.
C3 integration with Covenant and Donut
https://labs.f-secure.com/blog/making-donuts-explode-updates-to-the-c3-framework/
https://labs.f-secure.com/blog/making-donuts-explode-updates-to-the-c3-framework/
An Offensive Kerberos Overview
https://posts.specterops.io/kerberosity-killed-the-domain-an-offensive-kerberos-overview-eb04b1402c61
https://posts.specterops.io/kerberosity-killed-the-domain-an-offensive-kerberos-overview-eb04b1402c61
Medium
Kerberosity Killed the Domain: An Offensive Kerberos Overview
Kerberos is the preferred way of authentication in a Windows domain, with NTLM being the alternative. Kerberos authentication is a very…
This video presents two demos of LVI (Load Value Injection) proof of concept attacks.
https://www.youtube.com/watch?v=goy8XRXFlh4
https://www.youtube.com/watch?v=goy8XRXFlh4
YouTube
LVI (Load Value Injection) Demo Video
This video presents two demos of LVI (Load Value Injection) proof of concept attacks. In the first, the attacker redirects the victim code execution like in a ROP (return-oriented programming) attack. In the second, zero is injected as an AES-NI round key…
Advanced process monitoring techniques in offensive operations
https://outflank.nl/blog/2020/03/11/red-team-tactics-advanced-process-monitoring-techniques-in-offensive-operations/
https://outflank.nl/blog/2020/03/11/red-team-tactics-advanced-process-monitoring-techniques-in-offensive-operations/
Icebox is a Virtual Machine Introspection solution that enable you to stealthily trace and debug any process (kernel or user). It's based on project Winbagility.
https://github.com/thalium/icebox
https://github.com/thalium/icebox
GitHub
Winbagility/Winbagility
[ARCHIVED] mov rax, ${Thalium/IceBox}; jmp rax;. Contribute to Winbagility/Winbagility development by creating an account on GitHub.
Offensive Development with GitHub Actions
https://www.mdsec.co.uk/2020/03/offensive-development-with-github-actions/
https://www.mdsec.co.uk/2020/03/offensive-development-with-github-actions/
MDSec
Offensive Development with GitHub Actions - MDSec
Introduction Actions is a CI/CD pipeline, built into GitHub, which was made generally available back in November 2019. Actions allows us to build, test and deploy our code based on triggers...
LDAPFragger: Command and Control over LDAP attributes
https://blog.fox-it.com/2020/03/19/ldapfragger-command-and-control-over-ldap-attributes/
https://blog.fox-it.com/2020/03/19/ldapfragger-command-and-control-over-ldap-attributes/
Fox-IT International blog
LDAPFragger: Command and Control over LDAP attributes
Written by Rindert Kramer Introduction A while back during a penetration test of an internal network, we encountered physically segmented networks. These networks contained workstations joined to t…
C2concealer: a C2 Malleable Profile Generator for Cobalt Strike
https://fortynorthsecurity.com/blog/introducing-c2concealer/
https://fortynorthsecurity.com/blog/introducing-c2concealer/
FortyNorth Security Blog
Introducing C2concealer: a C2 Malleable Profile Generator for Cobalt Strike
C2concealer is a python3 command-line tool that generates c2 malleable profiles for use with Cobalt Strike. Looking to get up and running quick? Code is available here. C2concealer: what's the story?Red team assessments and penetration tests involve a ton…