От имени любого пользователя можно аварийно завершить службу журнала событий Windows.
https://github.com/floesen/EventLogCrasher
#redteam #bypass #maldev
https://github.com/floesen/EventLogCrasher
#redteam #bypass #maldev
GitHub
GitHub - floesen/EventLogCrasher
Contribute to floesen/EventLogCrasher development by creating an account on GitHub.
Forwarded from APT
298559809-27f286d7-e0e3-47ab-864a-e040f8749708.webm
6.5 MB
This vulnerability targets the Common Log File System (CLFS) and allows attackers to escalate privileges and potentially fully compromise an organization’s Windows systems. In April 2023, Microsoft released a patch for this vulnerability and the CNA CVE-2023-28252 was assigned.
📊 Affects version:
— Windows 11 21H2 (clfs.sys version 10.0.22000.1574);
— Windows 11 22H2;
— Windows 10 21H2;
— Windows 10 22H2;
— Windows Server 2022.
Research:
🔗 https://www.coresecurity.com/core-labs/articles/analysis-cve-2023-28252-clfs-vulnerability
Exploit:
🔗 https://github.com/duck-sec/CVE-2023-28252-Compiled-exe
#windows #privesc #clfs #driver
Please open Telegram to view this post
VIEW IN TELEGRAM
Так, ну идея понятна... Собираем всё в BloodHound через SOAP, при этом не шумим по LDAP. ADWS (порт 9389) на DC по умолчанию доступен))
https://github.com/FalconForceTeam/SOAPHound
#bloodhound #redteam #pentest #recon
https://github.com/FalconForceTeam/SOAPHound
#bloodhound #redteam #pentest #recon
GitHub
GitHub - FalconForceTeam/SOAPHound: SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active…
SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Directory Web Services (ADWS) protocol. - FalconForceTeam/SOAPHound
Набор инструментов для удалённого дампа паролей.
https://github.com/Slowerzs/ThievingFox/
Ну и сам блог:
https://blog.slowerzs.net/posts/thievingfox/
#pentest #redteam #creds
https://github.com/Slowerzs/ThievingFox/
Ну и сам блог:
https://blog.slowerzs.net/posts/thievingfox/
#pentest #redteam #creds
Очень большая и полная статья про принципы работы EDR
https://sensepost.com/blog/2024/sensecon-23-from-windows-drivers-to-an-almost-fully-working-edr/
Автор даже свои модули писал чтобы лучше разобраться
https://github.com/sensepost/mydumbedr
#redteam #edr #blueteam
https://sensepost.com/blog/2024/sensecon-23-from-windows-drivers-to-an-almost-fully-working-edr/
Автор даже свои модули писал чтобы лучше разобраться
https://github.com/sensepost/mydumbedr
#redteam #edr #blueteam
Sensepost
SensePost | Sensecon 23: from windows drivers to an almost fully working edr
Leaders in Information Security
Forwarded from APT
This media is not supported in your browser
VIEW IN TELEGRAM
A little lifehack if you, like me, come across paid articles from Medium. These sites allow you to read paid Medium articles for free:
🔗 https://freedium.cfd/<URL>
🔗 https://medium-forall.vercel.app/
#medium #premium #bypass
Please open Telegram to view this post
VIEW IN TELEGRAM
Полезное исследование методов сбора информации в домене Active Directory и способов их обнаружения.
https://www.mdsec.co.uk/2024/02/active-directory-enumeration-for-red-teams/
#redteam #ad #pentest #bypass
https://www.mdsec.co.uk/2024/02/active-directory-enumeration-for-red-teams/
#redteam #ad #pentest #bypass
MDSec
Active Directory Enumeration for Red Teams - MDSec
The Directory Service is the heart and soul of many organisations, and whether its Active Directory, OpenLDAP or something more exotic, as a source of much knowledge it often acts...
Так, ADCS ESC13
https://posts.specterops.io/adcs-esc13-abuse-technique-fda4272fbd53
P.S. А 12 тоже мимо вас прошел😅
#ad #adcs #pentest #redteam
https://posts.specterops.io/adcs-esc13-abuse-technique-fda4272fbd53
P.S. А 12 тоже мимо вас прошел😅
#ad #adcs #pentest #redteam
Medium
ADCS ESC13 Abuse Technique
It is possible to configure an Active Directory Certificate Services (ADCS) certificate template with an issuance policy having an OID…
CVE-2024-21413: Microsoft Outlook Leak Hash
https://github.com/duy-31/CVE-2024-21413
#exploit #pentest #redteam #ad
https://github.com/duy-31/CVE-2024-21413
#exploit #pentest #redteam #ad
GitHub
GitHub - duy-31/CVE-2024-21413: Microsoft Outlook Information Disclosure Vulnerability (leak password hash) - Expect Script POC
Microsoft Outlook Information Disclosure Vulnerability (leak password hash) - Expect Script POC - duy-31/CVE-2024-21413
Ещё один пост SpecterOps про компрометацию SCCM
https://posts.specterops.io/sccm-hierarchy-takeover-with-high-availability-7dcbd3696b43
#ad #sccm #pentest #redteam
https://posts.specterops.io/sccm-hierarchy-takeover-with-high-availability-7dcbd3696b43
#ad #sccm #pentest #redteam
Medium
SCCM Hierarchy Takeover with High Availability
TL;DR: SCCM sites configured to support high availability can be abused to compromise the entire hierarchy
Про латераль из облака Azure к локальной среде
https://whiteknightlabs.com/2024/02/21/pivoting-from-microsoft-cloud-to-on-premise-machines/
#azure #ad #pentest #redteam
https://whiteknightlabs.com/2024/02/21/pivoting-from-microsoft-cloud-to-on-premise-machines/
#azure #ad #pentest #redteam
White Knight Labs
Pivoting from Microsoft Cloud to On-Premise Machines | White Knight Labs
This article will demonstrate one situation discovered during a recent cloud penetration test that allowed us to pivot from a Microsoft cloud
Про принудительную аутентификацию самого центра сертификации ADCS
https://decoder.cloud/2024/02/26/hello-im-your-adcs-server-and-i-want-to-authenticate-against-you/
Не знаю в чем цель, но все равно прикольно😅
#ad #pentest #redteam #adcs
https://decoder.cloud/2024/02/26/hello-im-your-adcs-server-and-i-want-to-authenticate-against-you/
Не знаю в чем цель, но все равно прикольно😅
#ad #pentest #redteam #adcs
Decoder's Blog
Hello: I’m your ADCS server and I want to authenticate against you
In my exploration of all the components and configurations related to the Windows Active Directory Certification Services (ADCS), after the “deep dive” in Cert Publishers group, I decid…
Forwarded from Внутрянка
Материал про пентест 1С
Ardent101
Еще 1 раз про пентест 1С
Введение Настоящий материал по большей части состоит из общедоступных наработок других людей. Целью было проверить указанные наработки на практике и собрать получившиеся результаты в одном месте. Именно этим объясняется название статьи.
Продолжу рассуждение…
Продолжу рассуждение…
Ralf Hacker Channel
Про принудительную аутентификацию самого центра сертификации ADCS https://decoder.cloud/2024/02/26/hello-im-your-adcs-server-and-i-want-to-authenticate-against-you/ Не знаю в чем цель, но все равно прикольно😅 #ad #pentest #redteam #adcs
Так, а вот принудительная аутентификация и релей Kerberos на ту же самую машину куда интереснее...
Доклад обещают на BlackHat Asia: https://blackhat.com/asia-24/briefings/schedule/#certifieddcom--the-privilege-escalation-journey-to-domain-admin-with-dcom-37519
Доклад обещают на BlackHat Asia: https://blackhat.com/asia-24/briefings/schedule/#certifieddcom--the-privilege-escalation-journey-to-domain-admin-with-dcom-37519
Ralf Hacker Channel
Так, ADCS ESC13 https://posts.specterops.io/adcs-esc13-abuse-technique-fda4272fbd53 P.S. А 12 тоже мимо вас прошел😅 #ad #adcs #pentest #redteam
ADCS ESC 14...
https://posts.specterops.io/adcs-esc14-abuse-technique-333a004dc2b9
А еще много будет?
#ad #redteam #pentest #adcs
https://posts.specterops.io/adcs-esc14-abuse-technique-333a004dc2b9
А еще много будет?
#ad #redteam #pentest #adcs
Medium
ADCS ESC14 Abuse Technique
The altSecurityIdentities attribute of Active Directory (AD) computers and users allows you to specify explicit certificate mappings. An…
Forwarded from PT SWARM
🎁 Source Code Disclosure in IIS 10.0! Almost.
There is a method to reveal the source code of some .NET apps. Here's how it works.
👉 https://swarm.ptsecurity.com/source-code-disclosure-in-asp-net-apps/
There is a method to reveal the source code of some .NET apps. Here's how it works.
👉 https://swarm.ptsecurity.com/source-code-disclosure-in-asp-net-apps/
Аналог
https://github.com/WKL-Sec/FuncAddressPro
#redteam #maldev #evasion
GetProcAddress, но написан на ассемблере. Гуд... https://github.com/WKL-Sec/FuncAddressPro
#redteam #maldev #evasion
GitHub
GitHub - WKL-Sec/FuncAddressPro: A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative…
A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative to GetProcAddress. - WKL-Sec/FuncAddressPro