Swissky
8df0f565f3
Sapphire and Diamond Tickets
2022-10-16 20:46:05 +02:00
Swissky
b7043cfedd
Bug Hunting Methodology Update
2022-10-16 00:27:47 +02:00
Swissky
4cf464cc96
Certifried CVE-2022-26923
2022-05-13 09:44:51 +02:00
Swissky
5a89c6a5ca
Windows Management Instrumentation Event Subscription
2022-04-24 15:01:18 +02:00
Swissky
b0d05faded
TruffleHog examples + Cortex XDR disable
2022-04-14 09:42:15 +02:00
Swissky
89f0b93d43
Elastic EDR + VM Persistence
2022-03-27 19:50:33 +02:00
Swissky
d40e055629
Golden GMSA + Scheduled Task
2022-03-15 11:15:44 +01:00
Swissky
4abd52697f
MSSQL Agent Command Execution
2022-03-10 11:05:17 +01:00
Swissky
521975a05c
AV Removal + Cobalt SleepKit
2022-03-01 23:01:25 +01:00
Swissky
b5df6e1447
ESC6 - EDITF_ATTRIBUTESUBJECTALTNAME2 + Golden Certificate
2022-01-01 20:42:58 +01:00
Swissky
e3fb516747
MAQ + WEBDAV
2021-12-29 14:48:42 +01:00
Swissky
0d6d6049ce
AD + Log4shell + Windows Startup
2021-12-16 09:52:51 +01:00
Swissky
10974722b1
BloodHound Custom Queries + MSSQL CLR
2021-12-12 23:04:35 +01:00
Markus
6584df310f
Update Windows - Persistence.md
...
Add example to `disable windows defender` which uses MpCmdRun.exe to reset the current definitions. I recently used this and it was sufficient, that defender did not recognize previously flagged malicious files. It is quite helpful in case, that Set-MpPreference is not present or that the attacker is not allowed to adjust the service.
2021-10-14 08:53:25 +02:00
Swissky
87be30d3b2
DB2 Injection + ADCS
2021-08-10 23:00:19 +02:00
Swissky
3a6ac550b8
DSRM Admin
2021-01-08 23:41:50 +01:00
Swissky
1137bfca8d
Remote Desktop Services Shadowing
2020-10-30 21:10:00 +01:00
Swissky
b32f4754d7
Keytab + schtasks
2020-10-15 12:35:05 +02:00
Swissky
837d2641b7
Persistence - Scheduled Tasks
2020-09-30 11:46:04 +02:00
Swissky
767eb04af6
Persistence - Typo
2020-07-21 19:48:57 +02:00
Swissky
71ddb449ce
Windows Persistence
2020-06-01 21:37:32 +02:00
Swissky
eb074393df
Windows Persistence - Binary replacing
2020-05-13 23:07:39 +02:00
Swissky
5163ef902c
XSS Google Scholar Payload + Skeleton Key Persistence
2020-05-03 16:28:17 +02:00
Swissky
7f0650dfc0
IIS Raid Persistence
2020-02-20 16:51:22 +01:00
Swissky
fb76fdc331
Windows Firewall + DLL hijacking + Named pipes
2020-02-01 22:12:36 +01:00
Swissky
be0397fa68
BloodHound ZIP + Zero Width space tip
2020-01-19 22:46:45 +01:00
Swissky
c60f264664
RDP backdoor + RDP session takeover
2019-11-26 23:39:14 +01:00
Swissky
742e3204d3
SharpPersist - Windows Persistence
2019-09-13 17:38:23 +02:00
Swissky
8dffb59ac5
Pspy + Silver Ticket + MSSQL connect
2019-08-18 22:24:48 +02:00
Swissky
404afd1d71
Fix name's capitalization
2019-03-07 00:07:55 +01:00
Swissky
21d1fe7eee
Fix name - Part 1
2019-03-07 00:07:14 +01:00
Swissky
a6475a19d9
Adding references sectio
2018-12-24 15:02:50 +01:00
Swissky
65654f81a4
Markdown formatting update
2018-08-12 23:30:22 +02:00
Swissky
cdc3adee51
PassTheTicket + OpenShare + Tools(CME example)
2018-07-08 20:03:40 +02:00
Swissky
cb3b298451
Oracle SQL + SQL injection updates (MS SQL/MYSQL/ GENERAL)
2018-04-27 23:31:58 +02:00