Best Active Directory Resources ^ ⌃
⍰ Just open it
⍰ I think it's enough!
Mini book
https://0xsp.com/offensive/active-directory-attack-defense/
#ad #active_directory #windows
⍰ Just open it
Twitter : @zer1t0
⊞ Attacking Active Directory: 0 to 0.9
⍰ I think it's enough!
LinkedIn: Sean Metcalf
His Blog:
⊞ https://adsecurity.org/
His Compony:
⊞ https://www.trimarcsecurity.com/research
Mini book
https://0xsp.com/offensive/active-directory-attack-defense/
#ad #active_directory #windows
👾7🔥4❤1
Living Off The Land Drivers
https://www.loldrivers.io
list of malicious Windows drivers
Search for them via PowerShell
CVE-2020-12138 -> atillk64.sys
vulnerable driver (zam64.sys) using DeviceIoControl, to get NTAUTHORITY\SYSTEM
#windows
#Drivers
Living Off The Land Drivers is a curated list of Windows drivers used by adversaries to bypass security controls and carry out attacks. The project helps security professionals stay informed and mitigate potential threats.
https://www.loldrivers.io
list of malicious Windows drivers
Search for them via PowerShell
CVE-2020-12138 -> atillk64.sys
vulnerable driver (zam64.sys) using DeviceIoControl, to get NTAUTHORITY\SYSTEM
#windows
#Drivers
❤4🤡1👾1
Understanding - or at least, trying to
Credit: ATTL4S
BloG
#windows #ad #active_directory
Credit: ATTL4S
windows lateral movement, kerberos , payloads, active directory,etc
BloG
#windows #ad #active_directory
❤5👏2🤡2
Forwarded from APT
Explore the Windows Kernel with HEVD, a vulnerable driver. Dive into stack overflow exploits and bypass SMEP/KPTI protections using the sysret approach.
A detailed guide for Windows kernel explotation:
— Part 0: Where do I start?
— Part 1: Will this driver ever crash?
— Part 2: Is there a way to bypass kASLR, SMEP and KVA Shadow?
— Part 3: Can we rop our way into triggering our shellcode?
— Part 4: How do we write a shellcode to elevate privileges and gracefully return to userland?
#windows #kernel #driver #hevd #hacksys
Please open Telegram to view this post
VIEW IN TELEGRAM
👍11👾4❤1
Forwarded from Stuff for Geeks (Qho Knowa)
Fascinating C code: TCP sockets & HTTP file downloads using only ntdll exports (NtCreateFile & NtDeviceIoControlFile syscalls). Bypasses Winsock for low-level Windows networking.
https://www.x86matthew.com/view_post?id=ntsockets
#Windows
#Programming
https://www.x86matthew.com/view_post?id=ntsockets
#Windows
#Programming
❤3👍2🔥2
Forwarded from Source Chat (Friend)
Please open Telegram to view this post
VIEW IN TELEGRAM
Understanding ETW Patching
Credit: jsecurity101
https://jsecurity101.medium.com/understanding-etw-patching-9f5af87f9d7b
#internals #windows #ETW
Credit: jsecurity101
https://jsecurity101.medium.com/understanding-etw-patching-9f5af87f9d7b
#internals #windows #ETW
❤3👍1
APC Series: User APC Internals
Credit: @0xrepnz
#windows #internals #apc #note
Credit: @0xrepnz
https://repnz.github.io/posts/apc/kernel-user-apc-api
#windows #internals #apc #note
👍3🔥3👾3👏1
Windows Process Access Token and user privilege
Stealing Access Tokens From Office Desktop Applications
#windows #token #internals
Privileges are listed and explained at: MSDN
use the Windows Privileges to elevate your rights within the OS.
Priv2Admin
Understanding and Abusing Process Tokens — Part I
Understanding and Abusing Process Tokens — Part II
Access Tokens
Abusing Tokens
Adjusting Process Token Privileges
Stealing Access Tokens From Office Desktop Applications
#windows #token #internals
👾11❤2👍1🔥1