А это интересно)))
UPD: это пример для одной конкретной службы (в данном случае scmanager), и он не даст контроля над всеми службами, так как у каждой службы свой ACL!
#redteam #blueteam #persistence
sc.exe sdset scmanager D:(A;;KA;;;WD)
UPD: это пример для одной конкретной службы (в данном случае scmanager), и он не даст контроля над всеми службами, так как у каждой службы свой ACL!
#redteam #blueteam #persistence
Кому интересно прям погрузиться во внутрянку и теоретически, и практически, очень рекомендую данный блог! Очень стоящий материал, при том на русском)
https://ardent101.github.io/
https://ardent101.github.io/
Ardent101
Pentest blog
CVE-2023-21768: Windows 11 LPE
https://github.com/chompie1337/Windows_LPE_AFD_CVE-2023-21768
#exploit #lpe #redteam #pentest #git
https://github.com/chompie1337/Windows_LPE_AFD_CVE-2023-21768
#exploit #lpe #redteam #pentest #git
GitHub
GitHub - chompie1337/Windows_LPE_AFD_CVE-2023-21768: LPE exploit for CVE-2023-21768
LPE exploit for CVE-2023-21768. Contribute to chompie1337/Windows_LPE_AFD_CVE-2023-21768 development by creating an account on GitHub.
Local privilege escalation via PetitPotam (perfectly on Windows 21H2 10.0.20348.1547)
https://github.com/wh0amitz/PetitPotato
#lpe #pentest #redteam #git
https://github.com/wh0amitz/PetitPotato
#lpe #pentest #redteam #git
GitHub
GitHub - wh0amitz/PetitPotato: Local privilege escalation via PetitPotam (Abusing impersonate privileges).
Local privilege escalation via PetitPotam (Abusing impersonate privileges). - wh0amitz/PetitPotato
Запись нашего стрима про пентест и redteam с крутыми ребятами:
* @clevergod – вице-капитан команды Codeby с колоссальным опытом в ред тим проектах;
* @Riocool – создатель Telegram канала RedTeam Brazzers, участник команды True0xA3;
* @Acrono – создатель Telegram канала APT и автор нескольких CVE;
* @puni1337 - ведущий стримов Codeby.
https://www.youtube.com/live/ITtiyhA0rwU?feature=share
Интересно пообщались, не без смешных историй))
#stream #video
* @clevergod – вице-капитан команды Codeby с колоссальным опытом в ред тим проектах;
* @Riocool – создатель Telegram канала RedTeam Brazzers, участник команды True0xA3;
* @Acrono – создатель Telegram канала APT и автор нескольких CVE;
* @puni1337 - ведущий стримов Codeby.
https://www.youtube.com/live/ITtiyhA0rwU?feature=share
Интересно пообщались, не без смешных историй))
#stream #video
FortyNorth - Initial Access Operations.7z.001
1.5 GB
FortyNorth - Intrusion Operations.7z.002
1.1 GB
Курс: Intrusion Operations от FortyNorth:
01 - Introduction
02 - C2 Options
03 - C2 Configuration - Part 1
04 - OSINT
05 - Active Recon
06 - Phishing
07 - Antivirus Evasion
08 - EDR Evasion Overview
09 - C2 Configuration - Part 2
10 - Initial Access, Recon, and Lateral Movement
11 - Persistence
12 - Application Whitelisting
13 - Aggressor Scripting
14 - Attacking the Cloud
15 - Finalizing the Test
#redteam #pentest #course
01 - Introduction
02 - C2 Options
03 - C2 Configuration - Part 1
04 - OSINT
05 - Active Recon
06 - Phishing
07 - Antivirus Evasion
08 - EDR Evasion Overview
09 - C2 Configuration - Part 2
10 - Initial Access, Recon, and Lateral Movement
11 - Persistence
12 - Application Whitelisting
13 - Aggressor Scripting
14 - Attacking the Cloud
15 - Finalizing the Test
#redteam #pentest #course
В семействе картошек пополнение - GodPotato. Windows LPE:
* Windows Server 2012 - Windows Server 2022 ;
* Windows8 - Windows 11
https://github.com/BeichenDream/GodPotato
#git #soft #lpe
* Windows Server 2012 - Windows Server 2022 ;
* Windows8 - Windows 11
https://github.com/BeichenDream/GodPotato
#git #soft #lpe
GitHub
GitHub - BeichenDream/GodPotato
Contribute to BeichenDream/GodPotato development by creating an account on GitHub.
Просто свежий список хуков для продуктов CrowdStrike, SentinelOne и TrendMicro.
https://github.com/VirtualAlllocEx/AV-EPP-EDR-Windows-API-Hooking-List
#edr #bypass #redteam
https://github.com/VirtualAlllocEx/AV-EPP-EDR-Windows-API-Hooking-List
#edr #bypass #redteam
StackCrypt: Create a new thread that will suspend every thread and encrypt its stack, then going to sleep , then decrypt the stacks and resume threads
https://github.com/TheD1rkMtr/StackCrypt/tree/main
#bypass #maldev #redteam
https://github.com/TheD1rkMtr/StackCrypt/tree/main
#bypass #maldev #redteam
GitHub
GitHub - SaadAhla/StackCrypt: Create a new thread that will suspend every thread and encrypt its stack, then going to sleep , then…
Create a new thread that will suspend every thread and encrypt its stack, then going to sleep , then decrypt the stacks and resume threads - SaadAhla/StackCrypt
Forwarded from PT SWARM
Microsoft Exchange Powershell Remoting Deserialization leading to RCE (CVE-2023-21707)
👤 by testanull
While analyzing CVE-2022-41082, also known as Proxy Not Shell, researcher discovered CVE-2023-21707 vulnerability which he has detailed in this blog.
The vulnerability allows a privileged user to trigger RCE during a deserialization of untrusted data.
📝 Contents:
● Introduction
● The new variant
● Payload delivery
● Demo
● References
https://starlabs.sg/blog/2023/04-microsoft-exchange-powershell-remoting-deserialization-leading-to-rce-cve-2023-21707/
👤 by testanull
While analyzing CVE-2022-41082, also known as Proxy Not Shell, researcher discovered CVE-2023-21707 vulnerability which he has detailed in this blog.
The vulnerability allows a privileged user to trigger RCE during a deserialization of untrusted data.
📝 Contents:
● Introduction
● The new variant
● Payload delivery
● Demo
● References
https://starlabs.sg/blog/2023/04-microsoft-exchange-powershell-remoting-deserialization-leading-to-rce-cve-2023-21707/
Для дампа памяти процессов, защищённых PPL.
Работает с
https://github.com/gabriellandau/PPLFault
#creds #git #soft
Работает с
Windows 11 25346.1001 (April 2023)
.https://github.com/gabriellandau/PPLFault
#creds #git #soft
GitHub
GitHub - gabriellandau/PPLFault
Contribute to gabriellandau/PPLFault development by creating an account on GitHub.