Book 1

64 bookmarks
Newest
Dumping Clear-Text Credentials
Dumping Clear-Text Credentials
Passwords in clear-text that are stored in a Windows host can allow penetration testers to perform lateral movement inside an internal network and eventually fully compromise it. Therefore in a sys…
·pentestlab.blog·
Dumping Clear-Text Credentials
Introducing BloodHound
Introducing BloodHound
Intro & Background In February of this year, I posted a proof-of-concept script called “PowerPath” which combined Will Schroeder’s PowerView, Justin Warner’s concept of derivative local admin…
·wald0.com·
Introducing BloodHound
The Dog Whisperer’s Handbook
The Dog Whisperer’s Handbook
Generally speaking, I'm more of a Cat type of guy, but I have to say I really love BloodHound. And if you do too, you are in for a treat... Last week, the ERNW Insight Active Directory Security Summit took place in Heidelberg. (More Info) For this occasion, @Enno_Insinuator asked me if I would like to deliver a BloodHound Workshop, and of course I accepted the challenge... We had a full ...
·insinuator.net·
The Dog Whisperer’s Handbook
WTFBins
WTFBins
WTF, Bin?! This project aims to catalogue benign applications that exhibit suspicious behavior. These binaries can emit noise and false positives in threat hunting and automated detections. By cataloguing them here, the hope is to allow defenders to improve their detection rules and threat hunting queries.
·wtfbins.wtf·
WTFBins
WTFBins
WTFBins
WTF, Bin?! This project aims to catalogue benign applications that exhibit suspicious behavior. These binaries can emit noise and false positives in threat hunting and automated detections. By cataloguing them here, the hope is to allow defenders to improve their detection rules and threat hunting queries.
·wtfbins.wtf·
WTFBins
TheHive Project
TheHive Project
Scalable, Open Source Incident Response Solutions designed for SOCs & CERTs to collaborate, elaborate, analyze and get their job done
·thehive-project.org·
TheHive Project
GitHub - cyb3rfox/Aurora-Incident-Response: Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders
GitHub - cyb3rfox/Aurora-Incident-Response: Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders
Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders - GitHub - cyb3rfox/Aurora-Incident-Response: Incident Response Documentation made easy. Develope...
·github.com·
GitHub - cyb3rfox/Aurora-Incident-Response: Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders
Hijacking DLLs in Windows
Hijacking DLLs in Windows
DLL Hijacking is a popular technique for executing malicious payloads. This post lists nearly 300 executables vulnerable to relative path DLL Hijacking on Windows 10 (1909), and shows how with a few lines of VBScript some of the DLL hijacks can be executed with elevated privileges, bypassing UAC.
·wietzebeukema.nl·
Hijacking DLLs in Windows
Appendix B - Incident Response Forms - Incident Response and Computer Forensics, 3rd Edition
Appendix B - Incident Response Forms - Incident Response and Computer Forensics, 3rd Edition
The following files are part of Appendix B of Incident Response and Computer Forensics 3rd Edition: Form 1 – Evidence Tag (.doc) – v1.0 Form 2 – Evidence Inventory (.doc) – v1.0 Form 3 – Client System Description (.doc) – v1.0 Form 4 – Evidence … Appendix B – Incident Response Forms Read More »
·ir3e.com·
Appendix B - Incident Response Forms - Incident Response and Computer Forensics, 3rd Edition