51 matches found
RedSnarf - A Pen-Testing / Red-Teaming Tool For Windows Environments
RedSnarf is a pen-testing / red-teaming tool by Ed Williams for retrieving hashes and credentials from Windows workstations, servers and domain controllers using OpSec Safe Techniques. RedSnarf functionality includes: Retrieval of local SAM hashes Enumeration of user/s running with elevated syste...
Razer Synapse rzpnk.sys ZwOpenProcess
A vulnerability exists in the latest version of Razer Synapse v2.20.15.1104 as of the day of disclosure which can be leveraged locally by a malicious application to elevate its privileges to those of NTAUTHORITY\SYSTEM. The vulnerability lies in a specific IOCTL handler in the rzpnk.sys driver th...
The grugq on Reality Winner, the Intercept, and OPSEC
Good commentary...
Windows Penetration Testing Tool: RedSnarf
Windows Penetration Testing Tool RedSnarf is a pen-testing / red-teaming tool by Ed William and Richard Davy for retrieving hashes and credentials from Windows workstations, servers and domain controllers using OpSec Safe Techniques. RedSnarf aims to do the following: Leave no evidence on the hos...
Pentesting Active Directory Environments: CrackMapExec
Pentesting Active Directory Environments: CrackMapExec CrackMapExec a.k.a CME is a post-exploitation tool that helps automate assessing the security of large Active Directory networks. Built with stealth in mind, CME follows the concept of “Living off the Land”: abusing built-in Active Directory...
Jessy Irwin on Password Security, Opsec and User Education
Dennis Fisher talks with Jessy Irwin of 1Password about her path into the security world, the many security challenges in the education sector, the password-security problem, and security jewelry. Download: digitalunderground219.mp3 Music by Chris Gonsalves...
Kris McConkey on OpSec Failures
At last week’s Security Analyst Summit Kris McConkey, part of PricewaterhouseCoopers’ UK Cyber Threat Operations team, discusses hacker OpSec failures: How attackers are still humans and sometimes make mistakes like using personal email addresses and real names in their campaigns...
Hackers' Op-Sec Failures Important Clues to Uncover APT Gangs
CANCUN – Sophistication, resourcefulness and ingenuity are characteristics usually associated with state-sponsored espionage hacker groups. But they’re certainly not infallible. Like most detective work, security analysts generally are able to toss back the covers on APT campaigns and major...
CVE-2000-0807
The OPSEC communications authentication mechanism fwn1 in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to spoof connections, aka the "OPSEC Authentication Vulnerability."...
CVE-2000-0807
The OPSEC Authentication Spoof issue (CVE-2000-0807) affects Check Point VPN-1/FireWall-1 prior to the patches described in the ISS/FireWall-1 vulnerability alert. The security hole arises in the OPSEC authentication mechanism, allowing a remote attacker to spoof authentication and gain access to...
CVE-2000-0807
The OPSEC communications authentication mechanism fwn1 in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to spoof connections, aka the "OPSEC Authentication Vulnerability."...