#windows-hacking

Malicious Registry Timestamp Manipulation Technique: Detecting Registry Timestomping

#windows #windows-hacking #time-stomping

·inversecos.com·Nov 25, 2024

Malicious Registry Timestamp Manipulation Technique: Detecting Registry Timestomping

grimresource.msc · GitHub

#initial-access #windows-hacking

·gist.github.com·Jun 24, 2024

grimresource.msc · GitHub

sokaRepo/CoercedPotatoRDLL: Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege

Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege - sokaRepo/CoercedPotatoRDLL

#privilege-escalation #windows #windows-hacking

·github.com·Jun 23, 2024

sokaRepo/CoercedPotatoRDLL: Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege

Getting SYSTEM – Decoder's Blog

In your red teaming or pentesting activities escalating to SYSTEM on a Windows box is always the desired objective. The SYSTEM user is a special operating system user with the highest privilege, m…

#windows-hacking #windows #privilege-escalation

·decoder.cloud·Jun 4, 2024

Getting SYSTEM – Decoder's Blog

Diverto/IPPrintC2: PoC for using MS Windows printers for persistence / command and control via Internet Printing

PoC for using MS Windows printers for persistence / command and control via Internet Printing - Diverto/IPPrintC2

#persistence #printers #windows-hacking

·github.com·May 12, 2024

Diverto/IPPrintC2: PoC for using MS Windows printers for persistence / command and control via Internet Printing

fortra/nanodump: The swiss army knife of LSASS dumping

The swiss army knife of LSASS dumping. Contribute to fortra/nanodump development by creating an account on GitHub.

#lsass #windows-hacking

·github.com·Mar 28, 2024

fortra/nanodump: The swiss army knife of LSASS dumping

jstrosch/sclauncher: A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files from shellcode.

A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files from shellcode. - jstrosch/sclauncher

#shellcode #windows-hacking

·github.com·Mar 1, 2024

jstrosch/sclauncher: A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files from shellcode.

marcosValle/awesome-windows-red-team: A curated list of awesome Windows frameworks, libraries, software and resources for Red Teams

A curated list of awesome Windows frameworks, libraries, software and resources for Red Teams - GitHub - marcosValle/awesome-windows-red-team: A curated list of awesome Windows frameworks, librari...

#awesome-list #windows-exploits #windows-hacking #windows

·github.com·Dec 14, 2023

marcosValle/awesome-windows-red-team: A curated list of awesome Windows frameworks, libraries, software and resources for Red Teams

hackvens/CoercedPotato

Contribute to hackvens/CoercedPotato development by creating an account on GitHub.

#windows-exploits #windows-hacking #privilege-escalation

·github.com·Oct 10, 2023

hackvens/CoercedPotato

GitHub - GoSecure/pyrdp: RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact

RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact - GitHub - GoSecure/pyrdp: RDP monster-in-the-middle (mitm) and library for Pyth...

#rdp #windows-hacking #windows

·github.com·Feb 23, 2023

GitHub - GoSecure/pyrdp: RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact

Rpc toolkit fantastic interfaces how to find

#windows-hacking #windows-rpc #windows

·akamai.com·Feb 22, 2023

Rpc toolkit fantastic interfaces how to find

GitHub - D1rkMtr/RecyclePersist: implementation of Persistence via Recycle Bin by adding "open\command" subkey to the "HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell" key and changing its value to the implant path

implementation of Persistence via Recycle Bin by adding "open\command" subkey to the "HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell" key and changing i...

#persistence #windows #windows-hacking

·github.com·Jan 24, 2023

Hijack Libs

#dll-hijacking #windows-hacking #windows #dlls

·hijacklibs.net·Aug 15, 2022

Hijack Libs

GitHub - hfiref0x/UACME: Defeating Windows User Account Control

Defeating Windows User Account Control. Contribute to hfiref0x/UACME development by creating an account on GitHub.

#uac-bypass #windows-hacking

·github.com·Jul 5, 2022

GitHub - hfiref0x/UACME: Defeating Windows User Account Control

Yet another sdclt UAC bypass - Sevagas

Fileless UAC bypass via COM hijack using sdtlc.exe auto-elevated process.

#uac-bypass #windows-hacking

·blog.sevagas.com·Jul 5, 2022

Yet another sdclt UAC bypass - Sevagas

GitHub - mandiant/ADFSpoof

Contribute to mandiant/ADFSpoof development by creating an account on GitHub.

#red-team #red-team-tools #ad-hacking #windows-hacking #windows-tokens

·github.com·Jun 28, 2022

GitHub - mandiant/ADFSpoof

GitHub - helpsystems/nanodump: A crappy LSASS dumper with no ASCII art

A crappy LSASS dumper with no ASCII art. Contribute to helpsystems/nanodump development by creating an account on GitHub.

#windows-hacking #credentials #cred-dumping

·github.com·Jun 23, 2022

GitHub - helpsystems/nanodump: A crappy LSASS dumper with no ASCII art

GitHub - S1ckB0y1337/TokenPlayer: Manipulating and Abusing Windows Access Tokens.

Manipulating and Abusing Windows Access Tokens. Contribute to S1ckB0y1337/TokenPlayer development by creating an account on GitHub.

#windows-hacking #windows-tokens

·github.com·Jun 23, 2022

GitHub - S1ckB0y1337/TokenPlayer: Manipulating and Abusing Windows Access Tokens.

GitHub - swisskyrepo/PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A list of useful payloads and bypass for Web Application Security and Pentest/CTF - GitHub - swisskyrepo/PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and ...

#linux-hacking #windows-hacking

·github.com·Jun 3, 2022

GitHub - swisskyrepo/PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and Pentest/CTF

GitHub - antonioCoco/RemotePotato0: Just another "Won't Fix" Windows Privilege Escalation from User to Domain Admin.

Just another "Won't Fix" Windows Privilege Escalation from User to Domain Admin. - GitHub - antonioCoco/RemotePotato0: Just another "Won't Fix" W...

#windows-hacking #privilege-escalation

·github.com·Jun 3, 2022

GitHub - antonioCoco/RemotePotato0: Just another "Won't Fix" Windows Privilege Escalation from User to Domain Admin.

GitHub - M2Team/NSudo: Series of System Administration Tools

Series of System Administration Tools. Contribute to M2Team/NSudo development by creating an account on GitHub.

#windows-hacking #privilege-escalation

·github.com·Jun 3, 2022

GitHub - M2Team/NSudo: Series of System Administration Tools

LOLBAS

#living-off-the-land #red-team #windows-hacking

·lolbas-project.github.io·Jun 3, 2022

LOLBAS

GitHub - bytecode77/r77-rootkit: Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.

Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc. - GitHub - bytecode77/r77-rootkit: Fileless ring 3 rootkit with installer and persisten...

#red-team-tools #windows-hacking #rootkit

·github.com·Jun 2, 2022

GitHub - bytecode77/r77-rootkit: Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.