Commit Graph

35 Commits

Author SHA1 Message Date
Swissky
8df0f565f3 Sapphire and Diamond Tickets 2022-10-16 20:46:05 +02:00
Swissky
b7043cfedd Bug Hunting Methodology Update 2022-10-16 00:27:47 +02:00
Swissky
4cf464cc96 Certifried CVE-2022-26923 2022-05-13 09:44:51 +02:00
Swissky
5a89c6a5ca Windows Management Instrumentation Event Subscription 2022-04-24 15:01:18 +02:00
Swissky
b0d05faded TruffleHog examples + Cortex XDR disable 2022-04-14 09:42:15 +02:00
Swissky
89f0b93d43 Elastic EDR + VM Persistence 2022-03-27 19:50:33 +02:00
Swissky
d40e055629 Golden GMSA + Scheduled Task 2022-03-15 11:15:44 +01:00
Swissky
4abd52697f MSSQL Agent Command Execution 2022-03-10 11:05:17 +01:00
Swissky
521975a05c AV Removal + Cobalt SleepKit 2022-03-01 23:01:25 +01:00
Swissky
b5df6e1447 ESC6 - EDITF_ATTRIBUTESUBJECTALTNAME2 + Golden Certificate 2022-01-01 20:42:58 +01:00
Swissky
e3fb516747 MAQ + WEBDAV 2021-12-29 14:48:42 +01:00
Swissky
0d6d6049ce AD + Log4shell + Windows Startup 2021-12-16 09:52:51 +01:00
Swissky
10974722b1 BloodHound Custom Queries + MSSQL CLR 2021-12-12 23:04:35 +01:00
Markus
6584df310f
Update Windows - Persistence.md
Add example to `disable windows defender` which uses MpCmdRun.exe to reset the current definitions. I recently used this and it was sufficient, that defender did not recognize previously flagged malicious files. It is quite helpful in case, that Set-MpPreference is not present or that the attacker is not allowed to adjust the service.
2021-10-14 08:53:25 +02:00
Swissky
87be30d3b2 DB2 Injection + ADCS 2021-08-10 23:00:19 +02:00
Swissky
3a6ac550b8 DSRM Admin 2021-01-08 23:41:50 +01:00
Swissky
1137bfca8d Remote Desktop Services Shadowing 2020-10-30 21:10:00 +01:00
Swissky
b32f4754d7 Keytab + schtasks 2020-10-15 12:35:05 +02:00
Swissky
837d2641b7 Persistence - Scheduled Tasks 2020-09-30 11:46:04 +02:00
Swissky
767eb04af6 Persistence - Typo 2020-07-21 19:48:57 +02:00
Swissky
71ddb449ce Windows Persistence 2020-06-01 21:37:32 +02:00
Swissky
eb074393df Windows Persistence - Binary replacing 2020-05-13 23:07:39 +02:00
Swissky
5163ef902c XSS Google Scholar Payload + Skeleton Key Persistence 2020-05-03 16:28:17 +02:00
Swissky
7f0650dfc0 IIS Raid Persistence 2020-02-20 16:51:22 +01:00
Swissky
fb76fdc331 Windows Firewall + DLL hijacking + Named pipes 2020-02-01 22:12:36 +01:00
Swissky
be0397fa68 BloodHound ZIP + Zero Width space tip 2020-01-19 22:46:45 +01:00
Swissky
c60f264664 RDP backdoor + RDP session takeover 2019-11-26 23:39:14 +01:00
Swissky
742e3204d3 SharpPersist - Windows Persistence 2019-09-13 17:38:23 +02:00
Swissky
8dffb59ac5 Pspy + Silver Ticket + MSSQL connect 2019-08-18 22:24:48 +02:00
Swissky
404afd1d71 Fix name's capitalization 2019-03-07 00:07:55 +01:00
Swissky
21d1fe7eee Fix name - Part 1 2019-03-07 00:07:14 +01:00
Swissky
a6475a19d9 Adding references sectio 2018-12-24 15:02:50 +01:00
Swissky
65654f81a4 Markdown formatting update 2018-08-12 23:30:22 +02:00
Swissky
cdc3adee51 PassTheTicket + OpenShare + Tools(CME example) 2018-07-08 20:03:40 +02:00
Swissky
cb3b298451 Oracle SQL + SQL injection updates (MS SQL/MYSQL/ GENERAL) 2018-04-27 23:31:58 +02:00