Red Team: Using SharpChisel to exfil internal network
https://medium.com/@shantanukhande/red-team-using-sharpchisel-to-exfil-internal-network-e1b07ed9b49
https://medium.com/@shantanukhande/red-team-using-sharpchisel-to-exfil-internal-network-e1b07ed9b49
Medium
Red Team: Using SharpChisel to exfil internal network
During many Red Team Assessment, we use multiple agents to connect to our target network infrastructure. These agents connect to different…
Abusing Windows telemetry for persistence
https://www.trustedsec.com/blog/abusing-windows-telemetry-for-persistence/
https://www.trustedsec.com/blog/abusing-windows-telemetry-for-persistence/
TrustedSec
Abusing Windows Telemetry for Persistence
Abusing Windows Telemetry for Persistence by Christopher Paschen: Learn how to exploit Windows telemetry for persistence, requiring local admin rights,…
CVE-2020-1301 | Windows SMB Remote Code Execution Vulnerability
- all Windows versions affected
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1301
- all Windows versions affected
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1301
SMBleedingGhost Writeup: Chaining SMBleed (CVE-2020-1206) with SMBGhost
https://blog.zecops.com/vulnerabilities/smbleedingghost-writeup-chaining-smbleed-cve-2020-1206-with-smbghost/
https://blog.zecops.com/vulnerabilities/smbleedingghost-writeup-chaining-smbleed-cve-2020-1206-with-smbghost/
Jamf
Jamf Threat Labs | Blog
ntlm_theft: A file payload generator for forced ntlm hash disclosure
https://medium.com/greenwolf-security/ntlm-theft-a-file-payload-generator-for-forced-ntlm-hash-disclosure-2d5f1fe5b964
https://medium.com/greenwolf-security/ntlm-theft-a-file-payload-generator-for-forced-ntlm-hash-disclosure-2d5f1fe5b964
Medium
ntlm_theft: A file payload generator for forced ntlm hash disclosure
Learn how ntlm_theft works and how to use it
Attacking FreeIPA — Part IV: CVE-2020–10747
https://posts.specterops.io/attacking-freeipa-part-iv-cve-2020-10747-7c373a1bf66b
https://posts.specterops.io/attacking-freeipa-part-iv-cve-2020-10747-7c373a1bf66b
Medium
Attacking FreeIPA — Part IV: CVE-2020–10747
This post is the final part in a series about my experiences attacking FreeIPA. In Part I of this series, we reviewed some of the…
SMBleedingGhost Writeup Part II: Unauthenticated Memory Read – Preparing the Ground for an RCE
https://blog.zecops.com/vulnerabilities/smbleedingghost-writeup-part-ii-unauthenticated-memory-read-preparing-the-ground-for-an-rce/
https://blog.zecops.com/vulnerabilities/smbleedingghost-writeup-part-ii-unauthenticated-memory-read-preparing-the-ground-for-an-rce/
Jamf
Jamf Threat Labs | Blog
Further Evasion in the Forgotten Corners of MS-XLS
https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/
https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/
Yet Another Security Blog
Further Evasion in the Forgotten Corners of MS-XLS
It’s been a few weeks since my last discussion1 of Excel 4.0 macro shenanigans and the space continues to change. LastLine published a great report2 which summarized the progression of weapon…
List of Microsoft-signed files with functionality that would be useful for attacks
https://lolbas-project.github.io
https://lolbas-project.github.io
CVE-2020-1170. Microsoft Windows Defender Elevation of Privilege
https://itm4n.github.io/cve-2020-1170-windows-defender-eop/
https://itm4n.github.io/cve-2020-1170-windows-defender-eop/
itm4n’s blog
CVE-2020-1170 - Microsoft Windows Defender Elevation of Privilege Vulnerability
Here is my writeup about CVE-2020-1170, an elevation of privilege bug in Windows Defender. Finding a vulnerability in a security-oriented product is quite satisfying. Though, there was nothing groundbreaking. It’s quite the opposite actually and I’m surprised…
Exploiting Bitdefender Antivirus: RCE from any website
https://palant.info/2020/06/22/exploiting-bitdefender-antivirus-rce-from-any-website/
https://palant.info/2020/06/22/exploiting-bitdefender-antivirus-rce-from-any-website/
Almost Secure
Exploiting Bitdefender Antivirus: RCE from any website
A vulnerability in Bitdefender Antivirus allowed any website to run arbitrary code with user's privileges. This was caused by issues very similar to ones found in other antivirus products before.
Securing Active Directory: Performing an Active Directory Security Review
https://www.hub.trimarcsecurity.com/post/securing-active-directory-performing-an-active-directory-security-review
https://www.hub.trimarcsecurity.com/post/securing-active-directory-performing-an-active-directory-security-review
Trimarc Content Hub
Securing Active Directory: Performing an Active Directory Security Review
During the Trimarc Webcast on June 17, 2020, Sean Metcalf covered a number of Active Directory (AD) components and areas that should be reviewed for potential security issues. The presentation included PowerShell code in the presentation and that code is…
Leonidas, a tool for automating the simulation of attacks against cloud environment
https://github.com/FSecureLABS/leonidas
https://github.com/FSecureLABS/leonidas
GitHub
GitHub - WithSecureLabs/leonidas: Automated Attack Simulation in the Cloud, complete with detection use cases.
Automated Attack Simulation in the Cloud, complete with detection use cases. - GitHub - WithSecureLabs/leonidas: Automated Attack Simulation in the Cloud, complete with detection use cases.
Taking over Azure DevOps Accounts with 1 Click
https://blog.assetnote.io/2020/06/28/subdomain-takeover-to-account-takeover/?v=2
https://blog.assetnote.io/2020/06/28/subdomain-takeover-to-account-takeover/?v=2