MachineAccountQuota is USEFUL Sometimes: Exploiting One of Active Directory's Oddest Settings
https://www.netspi.com/blog/technical/network-penetration-testing/machineaccountquota-is-useful-sometimes
@WindowsHackingLibrary
https://www.netspi.com/blog/technical/network-penetration-testing/machineaccountquota-is-useful-sometimes
@WindowsHackingLibrary
NetSPI
MachineAccountQuota is USEFUL Sometimes: Exploiting One of Active Directory's Oddest Settings
Learn about what MAQ is and beyond in our blog entitled MachineAccountQuota is USEFUL Sometimes: Exploiting One of Active Directory's Oddest Settings.
Forwarded from Zer0 to her0 (Jonhnathan Jonhnathan Jonhnathan)
From Stolen Laptop to Inside the Company Network
https://dolosgroup.io/blog/2021/7/9/from-stolen-laptop-to-inside-the-company-network
@FromZer0toHero
https://dolosgroup.io/blog/2021/7/9/from-stolen-laptop-to-inside-the-company-network
@FromZer0toHero
Stealing Tokens In Kernel Mode With A Malicious Driver
https://www.solomonsklash.io/stealing-tokens-with-malicious-driver.html
@WindowsHackingLibrary
https://www.solomonsklash.io/stealing-tokens-with-malicious-driver.html
@WindowsHackingLibrary
www.solomonsklash.io
Stealing Tokens In Kernel Mode With A Malicious Driver - SolomonSklash.io
Writing a malicious driver to steal tokens from kernel mode.
Certified Pre-Owned: Abusing Active Directory Certificate Services (Slides)
https://www.slideshare.net/harmj0y/certified-preowned-249927533
@WindowsHackingLibrary
https://www.slideshare.net/harmj0y/certified-preowned-249927533
@WindowsHackingLibrary
SlideShare
Certified Pre-Owned
Certified Pre-Owned - Download as a PDF or view online for free
w0rk3r's Windows Hacking Library
Certified Pre-Owned: Abusing Active Directory Certificate Services (Slides) https://www.slideshare.net/harmj0y/certified-preowned-249927533 @WindowsHackingLibrary
ForgeCert: "ForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory."
https://github.com/GhostPack/ForgeCert
@WindowsHackingLibrary
https://github.com/GhostPack/ForgeCert
@WindowsHackingLibrary
GitHub
GitHub - GhostPack/ForgeCert: "Golden" certificates
"Golden" certificates. Contribute to GhostPack/ForgeCert development by creating an account on GitHub.
Forwarded from Security Talks (Jonhnathan Jonhnathan Jonhnathan)
ProxyLogon Just Tip of the Iceberg, New Attack Surface on Exchange Server
Orange Tsai at DEFCON 29
https://www.youtube.com/watch?v=5mqid-7zp8k
@SecTalks
Orange Tsai at DEFCON 29
https://www.youtube.com/watch?v=5mqid-7zp8k
@SecTalks
YouTube
DEF CON 29 - Orange Tsai - ProxyLogon Just Tip of the Iceberg, New Attack Surface on Exchange Server
Microsoft Exchange Server is an email solution widely deployed within government and enterprises, and it is an integral part of both their daily operations and security. Needless to say, vulnerabilities in Exchange have long been the Holy Grail for attackers…
A New Attack Surface on MS Exchange Part 1 - ProxyLogon!
https://blog.orange.tw/2021/08/proxylogon-a-new-attack-surface-on-ms-exchange-part-1.html
@WindowsHackingLibrary
https://blog.orange.tw/2021/08/proxylogon-a-new-attack-surface-on-ms-exchange-part-1.html
@WindowsHackingLibrary
Orange Tsai
A New Attack Surface on MS Exchange Part 1 - ProxyLogon!
The series of A New Attack Surface on MS Exchange: A New Attack Surface on MS Exchange Part 1 - ProxyLogon! A New Attack Surface on MS Exchange Part 2 - ProxyOracle! A New Attack Surface on MS Excha
w0rk3r's Windows Hacking Library
A New Attack Surface on MS Exchange Part 1 - ProxyLogon! https://blog.orange.tw/2021/08/proxylogon-a-new-attack-surface-on-ms-exchange-part-1.html @WindowsHackingLibrary
A New Attack Surface on MS Exchange Part 2 - ProxyOracle!
https://blog.orange.tw/2021/08/proxyoracle-a-new-attack-surface-on-ms-exchange-part-2.html
@WindowsHackingLibrary
https://blog.orange.tw/2021/08/proxyoracle-a-new-attack-surface-on-ms-exchange-part-2.html
@WindowsHackingLibrary
Orange Tsai
A New Attack Surface on MS Exchange Part 2 - ProxyOracle!
Hi, this is the part 2 of the New MS Exchange Attack Surface. Because this article refers to several architecture introductions and attack surface concepts in the previous article, you could find the
Breaking Typical Windows Hardening Implementations
https://www.trustedsec.com/blog/breaking-typical-windows-hardening-implementations
@WindowsHackingLibrary
https://www.trustedsec.com/blog/breaking-typical-windows-hardening-implementations
@WindowsHackingLibrary
TrustedSec
Breaking Typical Windows Hardening Implementations
Break typical Windows hardening configurations by bypassing restrictions on command prompt and registry editing tools, and exploiting Group Policy…
The dying knight in the shiny armour: Killing Defender through NT symbolic links redirection while keeping it unbothered
https://aptw.tf/2021/08/21/killing-defender.html
@WindowsHackingLibrary
https://aptw.tf/2021/08/21/killing-defender.html
@WindowsHackingLibrary
APT::WTF - APTortellini’s blog
🇬🇧 The dying knight in the shiny armour
TL;DR With Administrator level privileges and without interacting with the GUI, it’s possible to prevent Defender from doing its job while keeping it alive and without disabling tamper protection by redirecting the \Device\BootDevice NT symbolic link which…
Empirically Assessing Windows Service Hardening
https://www.tiraniddo.dev/2020/01/empirically-assessing-windows-service.html
@WindowsHackingLibrary
https://www.tiraniddo.dev/2020/01/empirically-assessing-windows-service.html
@WindowsHackingLibrary
www.tiraniddo.dev
Empirically Assessing Windows Service Hardening
In the past few years there's been numerous exploits for service to system privilege escalation. Primarily they revolve around the fact that...
OMIGOD: Critical Vulnerabilities in OMI Affecting Countless Azure Customers
https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azure
@WindowsHackingLibrary
https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azure
@WindowsHackingLibrary
wiz.io
OMIGOD: Critical Vulnerabilities in OMI Affecting Countless Azure Customers | Wiz Blog
Wiz Research recently found 4 critical vulnerabilities in OMI, which is one of Azure's most ubiquitous yet least known software agents and is deployed on a large portion of Linux VMs in Azure.
w0rk3r's Windows Hacking Library
OMIGOD: Critical Vulnerabilities in OMI Affecting Countless Azure Customers https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azure @WindowsHackingLibrary
Twitter
Ami Luttwak
@GossiTheDog This is even more severe. The RCE is the simplest RCE you can ever imagine. Simply remove the auth header and you are root. remotely. on all machines. Is this really 2021?
Dechaining Macros and Evading EDR
https://blog.f-secure.com/dechaining-macros-and-evading-edr
@WindowsHackingLibrary
https://blog.f-secure.com/dechaining-macros-and-evading-edr
@WindowsHackingLibrary
F-Secure
Useful online security tips and articles | F‑Secure
True cyber security combines advanced technology and best practice. Get tips and read articles on how to take your online security even further.
Using Kerberos for Authentication Relay Attacks
https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html
@WindowsHackingLibrary
https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html
@WindowsHackingLibrary
Blogspot
Using Kerberos for Authentication Relay Attacks
Posted by James Forshaw, Project Zero This blog post is a summary of some research I've been doing into relaying Kerberos authentica...
Windows Exploitation Tricks: Relaying DCOM Authentication
https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html
@WindowsHackingLibrary
https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html
@WindowsHackingLibrary
Blogspot
Windows Exploitation Tricks: Relaying DCOM Authentication
Posted by James Forshaw, Project Zero In my previous blog post I discussed the possibility of relaying Kerberos authentication from a...
CVE-2021-42287/CVE-2021-42278 Weaponisation
https://exploit.ph/cve-2021-42287-cve-2021-42278-weaponisation.html
@WindowsHackingLibrary
https://exploit.ph/cve-2021-42287-cve-2021-42278-weaponisation.html
@WindowsHackingLibrary
Exploit samAccountName spoofing with Kerberos
https://cloudbrothers.info/en/exploit-kerberos-samaccountname-spoofing
@WindowsHackingLibrary
https://cloudbrothers.info/en/exploit-kerberos-samaccountname-spoofing
@WindowsHackingLibrary
cloudbrothers.info
Exploit samAccountName spoofing with Kerberos
When Microsoft released the November 2021 patches, the following CVEs caught the eye of many security professionals because they allow impersonation of a domain controller in an Active Directory environment.
CVE-2021-42278 - KB5008102 Active Directory Security…
CVE-2021-42278 - KB5008102 Active Directory Security…