SilverPotato...
https://decoder.cloud/2024/04/24/hello-im-your-domain-admin-and-i-want-to-authenticate-against-you/
#potato #pentest #redteam
https://decoder.cloud/2024/04/24/hello-im-your-domain-admin-and-i-want-to-authenticate-against-you/
#potato #pentest #redteam
Decoder's Blog
Hello: I’m your Domain Admin and I want to authenticate against you
TL;DR (really?): Members of Distributed COM Users or Performance Log Users Groups can trigger from remote and relay the authentication of users connected on the target server, including Domain Cont…
CVE-2024-24919: Check Point arbitrary file read (as root)
Blog: https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/
#cve #pentest #redteam
Blog: https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/
#cve #pentest #redteam
watchTowr Labs - Blog
Check Point - Wrong Check Point (CVE-2024-24919)
Gather round, gather round - it’s time for another blogpost tearing open an SSLVPN appliance and laying bare a recent in-the-wild exploited bug. This time, it is Check Point who is the focus of our penetrative gaze.
Check Point, for those unaware, is the…
Check Point, for those unaware, is the…
Для опроса Defender'а Windows, например об исключениях (и ещё много о чем) на локальной или удалённой системе. Ещё и не нужно высоких привилегий.
https://github.com/0xsp-SRD/MDE_Enum
#git #soft #pentest #redteam
https://github.com/0xsp-SRD/MDE_Enum
#git #soft #pentest #redteam
GitHub
GitHub - 0xsp-SRD/MDE_Enum: comprehensive .NET tool designed to extract and display detailed information about Windows Defender…
comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reduction (ASR) rules without Admin privileges - 0xsp-SRD/MDE_Enum
CVE-2024-26229: Windows LPE
PATCHED: Apr 9, 2024
https://github.com/RalfHacker/CVE-2024-26229-exploit
P.S. Чуть поправил оригинальный эксплоит
#git #exploit #lpe #pentest #redteam
PATCHED: Apr 9, 2024
https://github.com/RalfHacker/CVE-2024-26229-exploit
P.S. Чуть поправил оригинальный эксплоит
#git #exploit #lpe #pentest #redteam
Lateral Movement with the .NET Profiler
Blog: https://posts.specterops.io/lateral-movement-with-the-net-profiler-8772c86f9523
Source: https://github.com/MayerDaniel/profiler-lateral-movement
#ad #lateral #redteam
Blog: https://posts.specterops.io/lateral-movement-with-the-net-profiler-8772c86f9523
Source: https://github.com/MayerDaniel/profiler-lateral-movement
#ad #lateral #redteam
Medium
Lateral Movement with the .NET Profiler
The accompanying code for this blogpost can be found HERE.
Scriptblock Smuggling... Или как прятать скрипт Powershell, чтобы он не мелькал в логах, и обходить AMSI без исправлений в памяти (патчей)
https://bc-security.org/scriptblock-smuggling/
#bypass #redteam #amsi #evasion
https://bc-security.org/scriptblock-smuggling/
#bypass #redteam #amsi #evasion
Please open Telegram to view this post
VIEW IN TELEGRAM
Маленький мануал по отключению агентов EDR
https://www.3nailsinfosec.com/post/edrprison-borrow-a-legitimate-driver-to-mute-edr-agent
#evasion #redteam #av
https://www.3nailsinfosec.com/post/edrprison-borrow-a-legitimate-driver-to-mute-edr-agent
#evasion #redteam #av
3NailsInfoSec
EDRPrison: Borrow a Legitimate Driver to Mute EDR Agent
Explore techniques for evading EDR products, including exploiting detection oversights and using tools like mitmproxy and EDRSilencer.