MSF6

MSF6

Reading Time: 4 minutesMSF (Metasploit) version 6. Network possible detection ? OJ ( @TheColonial ) is a clever guy and a main contributor to the open source project of Metasploit. One of MSF6’s goal is to get rid of Strings in order to fly even lower … so close to...

Lsass Minidump file seen as Malicious by McAfee AV

Reading Time: 3 minutesThe other day, I was shadowing a colleague of me who was doing a red team. The client was running McAfee AV. While the reputation of that AV isn’t the best, it got a bit in the way for a few minutes. After doing a lateral movement, my...

WEC Part 2

Reading Time: 3 minutesThis is under construction Commands to troubleshoot your WEC/WEF Forwardings PS Code to get status of the Listener winrm e winrm/config/listener PS Code to get status of a Forwarding Channel wecutil gr Security Above we see only one Active...

WEC Part 3

Reading Time: < 1 minuteStep 2.1 : Kibana Download latest release of Kibana here : https://www.elastic.co/cn/downloads/kibana It’s a large zip file. Extract the zip file to C:\Program Files Run a CMD as Admin cd “C:\Program...

Top 10 easiest way to Harden your Windows Domain

Reading Time: < 1 minuteThe following 10 quick wins, will not prevent you to be full 100% hack proof, but I promiss you, if you are able to implement those 10 things, then a hacker will have much more trouble to become a Domain Admin user from a simple User, to...

ADCS DFIR Forensic ESC1-7 attacks

Reading Time: 2 minutesSummary While there isn’t anything necessarily inherently insecure about AD CS (except for ESC8 as detailed below), it is surprisingly easy to misconfigure its various elements, resulting in ways for unelevated users to escalate in the...

IOCTL demistified

Reading Time: 5 minutesThis article is more of a my own notes and it may profit to others. This is a DRAFT for the moment. Recently, I followed a course on developement on Offensive Driver Developpement from zeropointsecurity (link here). I recommend following it,...

Escalate privileges with RemotePotato

Reading Time: 3 minutesGithub repo for the tool of Antonio Cocomazzi @splinter_code and Andrea Pierini @decoder_it : https://github.com/antonioCoco/RemotePotato0 Potato what ? In the last few years, we saw tools likes RottenPotato, RottenPotatoN, SweetPotato, Juicy...

webclient_activation

Reading Time: < 1 minuteFollowing reading an article from @CyberWarship : https://twitter.com/CyberWarship/status/1485623439633362946 The following test was done in my lab. in a share that users are connected on, create a file called...

RBCD WebClient attack

Reading Time: 6 minutesIn this post, I will explore the RBCD WebClient attack which has been described in many tweets and other forums, but I wanted to understand the main intricasis as I was learning it during a pentest engagement I had the chance to work on. I...