Dumping and extracting LSASS memory discreetly without alerting Defender.
L’objet de cette série d’articles est d’aborder quelques techniques d’évasion pour des shellcodes (une connaissance minimale sur les shellcodes est donc un prérequis).
Blog with insights about information security from the perspective of a team of penetration testers.
Back in March 2018, I embarked on an arguably pointless crusade to prove that the TrustedToAuthForDelegation attribute was meaningless, and that “protocol transition” can be achieved without it. I believed that security wise, once constrained delegation was enabled (msDS-AllowedToDelegateTo was not null), it did not matter whether it was configured to use “Kerberos only” or “any authentication protocol”. I started the journey with Benjamin Delpy’s (@gentilkiwi) help modifying Kekeo to support a certain attack that involved invoking S4U2Proxy with a silver ticket without a PAC, and we had partial success, but the final TGS turned out to be unusable. Ever since then, I kept coming back to it, trying to solve the problem with different approaches but did not have much success. Until I finally accepted defeat, and ironically then the solution came up, along with several other interesting abuse cases and new attack techniques.
Introduction Indirect Command Execution is a defense evasion technique that is often used by Red Teams in which an adversary tries to bypass certain defense
Hello everyone, I would like to share one of my recent findings on a Vulnerability Disclosure Program. It is related to how I escalated to Remote Code Execution using Local File Inclusion with Log…
This brief guide explains how to identify the underlying operating system using TTL (time-to-live) value and Ping command.
This map lists the essential techniques to bypass anti-virus and EDR - GitHub - CMEPW/BypassAV: This map lists the essential techniques to bypass anti-virus and EDR