This post gives you a simple summary of the most needed WinDbg commands for .NET. The most of the examples are heavily inspired by Konrad Kokosa’s excellent book Pro .NET Memory Management.
In your red teaming or pentesting activities escalating to SYSTEM on a Windows box is always the desired objective. The SYSTEM user is a special operating system user with the highest privilege, m…
How I hacked smart lights: the story behind CVE-2022-47758
Introduction In this blogpost, we take a closer look at our research regarding CVE-2022-47758: a critical vulnerability impacting a very large number of Internet of Things smart devices. We could leverage this vulnerability in the lamp's firmware for unauthenticated remote code execution on the entire device with the highest privileges
Abstract Once threat actors gain a foothold on a system, they must implement techniques to maintain that access, even in the event of restarts, updates in credentials or any other type of change...
Notselwyn/CVE-2024-1086: Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.
Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 9...
jstrosch/sclauncher: A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files from shellcode.
A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files from shellcode. - jstrosch/sclauncher
Sh3lldon/FullBypass: A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage PowerShell reverse shell. Feel free to modiy and DM if you find some bugs :)
A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage PowerShell reverse shell. Feel free to modiy and DM if you find s...
Xre0uS/MultiDump: MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly.
MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly. - GitHub - Xre0uS/MultiDump: MultiDump is a post-exploitation tool for dumping and extracting LSASS memory ...
Drakiat/RedTeam-Checker: An automation to monitor if backdoors/default settings are still active on the compromised machines over time.
An automation to monitor if backdoors/default settings are still active on the compromised machines over time. - GitHub - Drakiat/RedTeam-Checker: An automation to monitor if backdoors/default set...
SafeBreach-Labs/PoolParty: A set of fully-undetectable process injection techniques abusing Windows Thread Pools
A set of fully-undetectable process injection techniques abusing Windows Thread Pools - GitHub - SafeBreach-Labs/PoolParty: A set of fully-undetectable process injection techniques abusing Windows ...
netero1010/EDRSilencer: A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server. - GitHub - netero1010/EDRSilencer: A tool uses Windo...
Syslifters/sysreptor: Fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike.
Fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike. - GitHub - Syslifters/sysreptor: Fully customisable, offensiv...
marcosValle/awesome-windows-red-team: A curated list of awesome Windows frameworks, libraries, software and resources for Red Teams
A curated list of awesome Windows frameworks, libraries, software and resources for Red Teams - GitHub - marcosValle/awesome-windows-red-team: A curated list of awesome Windows frameworks, librari...
WerWolv/ImHex: 🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.
🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM. - GitHub - WerWolv/ImHex: 🔍 A Hex Editor for Reverse Engineers, Programmers and people who...
Mockingjay – A New Process Injection Technique that Bypasses EDR Detection | Black Hat Ethical Hacking
Security researchers at Security Joes have recently uncovered a novel process injection technique called "Mockingjay," which enables threat actors to bypass EDR (Endpoint Detection and Response) systems and other security products to execute malicious code discreetly on compromised systems