Search: [windows] - Shared Bookmarks

776 links

Links per page: 20 50 100

◄Older

page 2 / 5

Newer►

88 results tagged windows x

mlgualtieri/NTLMRawUnHide: NTLMRawUnhide.py is a Python3 script designed to parse network packet capture files and extract NTLMv2 hashes in a crackable format. The following binary network packet capture formats are supported: *.pcap *.pcapng *.cap *.etl

https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol
September 28, 2022 at 2:42:02 PM UTC - permalink -

- https://github.com/mlgualtieri/NTLMRawUnHide

ntlmv2 windows ntlm network sniffer
Windows 10 quietly got a built-in network sniffer, how to use

pktmon filter add -p 445
pktmon start --etw -p 0 -c 13
pktmon format PktMon.etl -o test.txt
pktmon pcapng <input> -o <output>
pktmon start --etw -p 0 -c 13 -l real-time
pktmon start --etw --pkt-size 0 --comp 1
September 28, 2022 at 2:35:41 PM UTC - permalink -

- https://www.bleepingcomputer.com/news/microsoft/windows-10-quietly-got-a-built-in-network-sniffer-how-to-use/

pktmon sniffer networking windows rpc 445
D4stiny/spectre: A Windows kernel-mode rootkit that abuses legitimate communication channels to control a machine.
September 26, 2022 at 6:19:53 PM UTC - permalink -

- https://github.com/D4stiny/spectre

windows rootkit
Windows Kernel Ps Callbacks Experiments
April 20, 2022 at 4:33:55 PM UTC - permalink -

- https://web.archive.org/web/20200326040826/http://deniable.org/windows/windows-callbacks

windows edr kernel callbacks tuto
Guide - Vulnerable Kernel Drivers For Exploitation
April 14, 2022 at 3:50:55 PM UTC * - permalink -

- https://guidedhacking.com/threads/vulnerable-kernel-drivers-for-exploitation.15979/

kernel driver exploitation windows privesc
hfiref0x/KDU - githubhot
April 14, 2022 at 3:50:43 PM UTC * - permalink -

- https://githubhot.com/repo/hfiref0x/KDU

kernel driver exploitation windows privesc
Note: Setup vuln alwaysinstallelevated

$RegistryPath1 = 'HKCU:\Software\Policies\Microsoft\Windows\Installer'
$RegistryPath2 = 'HKLM:\Software\Policies\Microsoft\Windows\Installer'
$Name = 'AlwaysInstallElevated'
$Value = '1'

Create the key if it does not exist

New-Item -Path $RegistryPath1 -Force | Out-Null
New-Item -Path $RegistryPath2 -Force | Out-Null

Now set the value

New-ItemProperty -Path $RegistryPath1 -Name $Name -Value $Value -PropertyType DWORD -Force
New-ItemProperty -Path $RegistryPath2 -Name $Name -Value $Value -PropertyType DWORD -Force
April 2, 2022 at 9:44:06 PM UTC - permalink -

- https://shaarli.onemask.me/?-WEM-A

alwaysinstallelevated msi windows privesc powershell
Bypassing Cylance and other AVs/EDRs by Unhooking Windows APIs - Red Teaming Experiments

https://medium.com/@fsx30/bypass-edrs-memory-protection-introduction-to-hooking-2efb21acffd6
March 14, 2022 at 5:57:35 PM UTC * - permalink -

- https://www.ired.team/offensive-security/defense-evasion/bypassing-cylance-and-other-avs-edrs-by-unhooking-windows-apis

windows api unhooking edr bypass
snowytoxa/selfhash: SysCon14 release
March 14, 2022 at 5:04:10 PM UTC - permalink -

- https://github.com/snowytoxa/selfhash

ntlm netntlm hash windows selfhash
FH8kA3rXwAILKzB (Image JPEG, 2911 × 2560 pixels)
January 2, 2022 at 1:45:14 PM UTC * - permalink -

- https://pbs.twimg.com/media/FH8kA3rXwAILKzB?format=jpg&name=4096x4096

windows soc audit event log
44139-mysql-udf-exploitation.pdf
October 12, 2021 at 2:53:59 PM UTC - permalink -

- https://www.exploit-db.com/docs/english/44139-mysql-udf-exploitation.pdf?rss

windows mysql udf 4.x 5.x
A Case Study in Attacking KeePass - harmj0y
September 29, 2021 at 8:26:58 PM UTC - permalink -

- http://www.harmj0y.net/blog/redteaming/a-case-study-in-attacking-keepass/

keepass windows
SensePost | Building an offensive rpc interface
September 29, 2021 at 8:26:34 PM UTC - permalink -

- https://sensepost.com/blog/2021/building-an-offensive-rpc-interface/

rpc windows internal
login-securite/DonPAPI: Dumping DPAPI credz remotely
September 29, 2021 at 12:07:04 PM UTC * - permalink -

- https://github.com/login-securite/DonPAPI

dpapi donpapi windows internal remote secrets
impacket/epm.py at cd4fe47cfcb72d7d35237a99e3df95cedf96e94f · SecureAuthCorp/impacket
September 11, 2021 at 10:44:25 PM UTC - permalink -

- https://github.com/SecureAuthCorp/impacket/blob/cd4fe47cfcb72d7d35237a99e3df95cedf96e94f/impacket/dcerpc/v5/epm.py#L696

rpc uuid windows rpcview
pinvoke.net: the interop wiki!
September 7, 2021 at 9:10:03 PM UTC - permalink -

- https://www.pinvoke.net/

undocumented api windows internals functions interfaces
Offensive Windows IPC Internals 1: Named Pipes · csandker.io
September 7, 2021 at 9:09:25 PM UTC - permalink -

- https://csandker.io/2021/01/10/Offensive-Windows-IPC-1-NamedPipes.html

named pipes offensive windows ipc internals
Offensive Windows IPC Internals 2: RPC · csandker.io
September 6, 2021 at 8:06:39 PM UTC - permalink -

- https://csandker.io/2021/02/21/Offensive-Windows-IPC-2-RPC.html

windows rpc internals ipc alpclpc
Blinding EDR On Windows - Red Team Blog
September 6, 2021 at 9:44:26 AM UTC - permalink -

- https://synzack.github.io/Blinding-EDR-On-Windows/

edr evasion bypass windows
Defense Evasion Series Part 1 AMSI Bypass | Dazzy Ddos
September 6, 2021 at 9:44:06 AM UTC - permalink -

- https://dazzyddos.github.io/posts/AMSI-Bypass/

evasion defense amsi bypass windows

Links per page: 20 50 100

◄Older

page 2 / 5

Newer►