Sean Metcalf on Twitter
Controlling AD Recon (Bloodhound)https://t.co/BlqJAYCUJ3 https://t.co/yHkgCuiTsp pic.twitter.com/GwZN95kY7J— Sean Metcalf (@PyroTek3) October 17, 2019
Book 1
Persisting in svchost.exe with a Service DLL
Dumping Clear-Text Credentials
Passwords in clear-text that are stored in a Windows host can allow penetration testers to perform lateral movement inside an internal network and eventually fully compromise it. Therefore in a sys…
Microsoft Defender for Identity frequently asked questions
Provides a list of frequently asked questions about Microsoft Defender for Identity and the associated answers
LAPS
Introducing BloodHound
Intro & Background In February of this year, I posted a proof-of-concept script called “PowerPath” which combined Will Schroeder’s PowerView, Justin Warner’s concept of derivative local admin…
DeathStar - Automate getting Domain Admin using Empire
a source for Hacking, Cyber Security, Technology News and Pentest tools for the Technologists and the Pentesters.
Implementing Least-Privilege Administrative Models
Learn more about: Implementing Least-Privilege Administrative Models
The Dog Whisperer’s Handbook
Generally speaking, I'm more of a Cat type of guy, but I have to say I really love BloodHound. And if you do too, you are in for a treat... Last week, the ERNW Insight Active Directory Security Summit took place in Heidelberg. (More Info) For this occasion, @Enno_Insinuator asked me if I would like to deliver a BloodHound Workshop, and of course I accepted the challenge... We had a full ...
Learn Windows PowerShell in a Month of Lunches
GitHub - davidpany/WMI_Forensics
Contribute to davidpany/WMI_Forensics development by creating an account on GitHub.
GitHub - mandiant/flare-wmi
Contribute to mandiant/flare-wmi development by creating an account on GitHub.
Pubhtml
WTFBins
WTF, Bin?! This project aims to catalogue benign applications that exhibit suspicious behavior. These binaries can emit noise and false positives in threat hunting and automated detections. By cataloguing them here, the hope is to allow defenders to improve their detection rules and threat hunting queries.
WTFBins
WTF, Bin?! This project aims to catalogue benign applications that exhibit suspicious behavior. These binaries can emit noise and false positives in threat hunting and automated detections. By cataloguing them here, the hope is to allow defenders to improve their detection rules and threat hunting queries.
MISP Open Source Threat Intelligence Platform & Open Standards For …
MISP Threat Intelligence & Sharing
TheHive Project
Scalable, Open Source Incident Response Solutions designed for SOCs & CERTs to collaborate, elaborate, analyze and get their job done
GitHub - cyb3rfox/Aurora-Incident-Response: Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders
Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders - GitHub - cyb3rfox/Aurora-Incident-Response: Incident Response Documentation made easy. Develope...
Hunting for GetSystem commands in offensive security tools
Here's how to hunt for GetSystem commands, which employ privilege escalation tactics to grant adversaries access to a victim’s SYSTEM account.
MOF-tastic tricks or how to use MOF and powershell together
An extension of the last post, Embedding Powershell into Office Documents , I will be demonstrating that by using Managed Object Formats (MOF) and Powershell, we can attempt a few tricks to leverag…
Beyond good ol’ Run key, Part 28
Beyond good ol’ Run key, Part 36
Beyond good ol’ Run key, Part 5
Hijacking DLLs in Windows
DLL Hijacking is a popular technique for executing malicious payloads. This post lists nearly 300 executables vulnerable to relative path DLL Hijacking on Windows 10 (1909), and shows how with a few lines of VBScript some of the DLL hijacks can be executed with elevated privileges, bypassing UAC.
Techniques - Enterprise | MITRE ATT&CK®
GitHub - Yara-Rules/rules: Repository of yara rules
Repository of yara rules. Contribute to Yara-Rules/rules development by creating an account on GitHub.
GitHub - CyberMonitor/APT_CyberCriminal_Campagin_Collections: APT & CyberCriminal Campaign Collection
APT & CyberCriminal Campaign Collection. Contribute to CyberMonitor/APT_CyberCriminal_Campagin_Collections development by creating an account on GitHub.
Appendix B - Incident Response Forms - Incident Response and Computer Forensics, 3rd Edition
The following files are part of Appendix B of Incident Response and Computer Forensics 3rd Edition: Form 1 – Evidence Tag (.doc) – v1.0 Form 2 – Evidence Inventory (.doc) – v1.0 Form 3 – Client System Description (.doc) – v1.0 Form 4 – Evidence … Appendix B – Incident Response Forms Read More »
IRM/EN at master · certsocietegenerale/IRM
Incident Response Methodologies. Contribute to certsocietegenerale/IRM development by creating an account on GitHub.
DLL SideLoading Teams and OneDrive
Cyble Analyzes how Threat Actors are leveraging Microsoft applications and DLL Sideloading to deliver Cobalt Strike Beacons