118 matches found
Web Browser Stored Credentials
Microsoft introduced Data Protection Application Programming Interface DPAPI in Windows environments as a method to encrypt and decrypt sensitive data such as credentials using the… Continue reading - Web Browser Stored Credentials...
Web Browser Stored Credentials
Microsoft introduced Data Protection Application Programming Interface DPAPI in Windows environments as a method to encrypt and decrypt sensitive data such as credentials using the… Continue reading - Web Browser Stored Credentials...
Persistence – DLL Proxy Loading
DLL Proxy Loading is a technique which an arbitrary DLL exports the same functions as the legitimate DLL and forwards the calls to the legitimate… Continue reading - Persistence - DLL Proxy Loading...
Persistence – DLL Proxy Loading
DLL Proxy Loading is a technique which an arbitrary DLL exports the same functions as the legitimate DLL and forwards the calls to the legitimate… Continue reading - Persistence - DLL Proxy Loading...
Persistence – Explorer
Windows File Explorer is the is the graphical file management utility for the Windows operating system and the default desktop environment. Windows explorer was introduced… Continue reading - Persistence - Explorer...
Persistence – Explorer
Windows File Explorer is the is the graphical file management utility for the Windows operating system and the default desktop environment. Windows explorer was introduced… Continue reading - Persistence - Explorer...
Persistence – Visual Studio Code Extensions
It is not uncommon developers or users responsible to write code i.e. detection engineers using Sigma to utilize Visual Studio Code as their code editor.… Continue reading - Persistence - Visual Studio Code Extensions...
Persistence – Visual Studio Code Extensions
It is not uncommon developers or users responsible to write code i.e. detection engineers using Sigma to utilize Visual Studio Code as their code editor.… Continue reading - Persistence - Visual Studio Code Extensions...
AS-REP Roasting
Active Directory users that have the Kerberos pre-authentication enabled and require access to a resource initiate the Kerberos authentication process by sending an Authentication Server… Continue reading - AS-REP Roasting...
AS-REP Roasting
Active Directory users that have the Kerberos pre-authentication enabled and require access to a resource initiate the Kerberos authentication process by sending an Authentication Server… Continue reading - AS-REP Roasting...
Persistence – Windows Setup Script
When the Windows Operating system is installed via a clean installation or via an upgrade, the Windows Setup binary is executed. The Windows setup allows… Continue reading - Persistence - Windows Setup Script...
Persistence – Windows Setup Script
When the Windows Operating system is installed via a clean installation or via an upgrade, the Windows Setup binary is executed. The Windows setup allows… Continue reading - Persistence - Windows Setup Script...
Persistence – Disk Clean-up
Disk Clean-up is a utility which is part of Windows operating systems and can free up hard drive disk space by deleting mainly cache and… Continue reading - Persistence - Disk Clean-up...
Persistence – Disk Clean-up
Disk Clean-up is a utility which is part of Windows operating systems and can free up hard drive disk space by deleting mainly cache and… Continue reading - Persistence - Disk Clean-up...
Domain Escalation – Backup Operator
The Backup Operators is a Windows built-in group. Users which are part of this group have permissions to perform backup and restore operations. More specifically,… Continue reading - Domain Escalation - Backup Operator...
Domain Escalation – Backup Operator
The Backup Operators is a Windows built-in group. Users which are part of this group have permissions to perform backup and restore operations. More specifically,… Continue reading - Domain Escalation - Backup Operator...
Lateral Movement – Visual Studio DTE
A lot of organizations have some sort of application development program and it is highly likely that developers will utilize Visual Studio for their development… Continue reading - Lateral Movement - Visual Studio DTE...
Lateral Movement – Visual Studio DTE
A lot of organizations have some sort of application development program and it is highly likely that developers will utilize Visual Studio for their development… Continue reading - Lateral Movement - Visual Studio DTE...
Persistence – Event Log
Windows Event logs are the main source of information for defensive security teams to identify threats and for administrators to troubleshoot errors. The logs are… Continue reading - Persistence - Event Log...
Persistence – Event Log
Windows Event logs are the main source of information for defensive security teams to identify threats and for administrators to troubleshoot errors. The logs are… Continue reading - Persistence - Event Log...
Initial Access – search-ms URI Handler
Microsoft search protocol enables clients to initiate connections against an enterprise search service such as SharePoint or WebDav. During these search connections the protocol server… Continue reading - Initial Access - search-ms URI Handler...
Initial Access – search-ms URI Handler
Microsoft search protocol enables clients to initiate connections against an enterprise search service such as SharePoint or WebDav. During these search connections the protocol server… Continue reading - Initial Access - search-ms URI Handler...
Persistence – Scheduled Task Tampering
Windows Task Scheduler enables windows users and administrators to perform automated tasks at specific time intervals. Scheduled tasks has been commonly abused as a method… Continue reading - Persistence - Scheduled Task Tampering...
Persistence – Scheduled Task Tampering
Windows Task Scheduler enables windows users and administrators to perform automated tasks at specific time intervals. Scheduled tasks has been commonly abused as a method… Continue reading - Persistence - Scheduled Task Tampering...
Persistence – Windows Telemetry
Microsoft has introduced the compatibility telemetry in order to collect usage and performance data about Windows systems. The telemetry tasks are collected via the binary… Continue reading - Persistence - Windows Telemetry...
Persistence – Windows Telemetry
Microsoft has introduced the compatibility telemetry in order to collect usage and performance data about Windows systems. The telemetry tasks are collected via the binary… Continue reading - Persistence - Windows Telemetry...
Persistence – Service Control Manager
The service control manager SCM is responsible to start and stop services in windows environments including device drivers and start up applications. Microsoft introduced in… Continue reading - Persistence - Service Control Manager...
Persistence – Service Control Manager
The service control manager SCM is responsible to start and stop services in windows environments including device drivers and start up applications. Microsoft introduced in… Continue reading - Persistence - Service Control Manager...
Persistence – Context Menu
Context menu provides shortcuts to the user in order to perform a number of actions. The context menu is invoked with a right mouse click… Continue reading - Persistence - Context Menu...
Persistence – Context Menu
Context menu provides shortcuts to the user in order to perform a number of actions. The context menu is invoked with a right mouse click… Continue reading - Persistence - Context Menu...
Persistence – Event Log Online Help
Event viewer is a component of Microsoft Windows that displays information related to application, security, system and setup events. Even though that Event Viewer is… Continue reading - Persistence - Event Log Online Help...
Persistence – Event Log Online Help
Event viewer is a component of Microsoft Windows that displays information related to application, security, system and setup events. Even though that Event Viewer is… Continue reading - Persistence - Event Log Online Help...
Unconstrained Delegation
Microsoft to support scenarios where users authenticate via Kerberos to one system and information needs to be updated on another system implemented unconstrained delegation. This… Continue reading - Unconstrained Delegation...
Unconstrained Delegation
Microsoft to support scenarios where users authenticate via Kerberos to one system and information needs to be updated on another system implemented unconstrained delegation. This… Continue reading - Unconstrained Delegation...
Persistence – Notepad++ Plugins
It is not uncommon a windows environment especially dedicated servers which are managed by developers or IT staff to have installed the Notepad++ text editor.… Continue reading - Persistence - Notepad++ Plugins...
Persistence – Notepad++ Plugins
It is not uncommon a windows environment especially dedicated servers which are managed by developers or IT staff to have installed the Notepad++ text editor.… Continue reading - Persistence - Notepad++ Plugins...
Shadow Credentials
Microsoft has introduced Windows Hello for Business WHfB to replace traditional password based authentication with a key based trust model. This implementation uses PIN or… Continue reading - Shadow Credentials...
Shadow Credentials
Microsoft has introduced Windows Hello for Business WHfB to replace traditional password based authentication with a key based trust model. This implementation uses PIN or… Continue reading - Shadow Credentials...
Domain Escalation – Machine Accounts
The pass the hash technique is not new and it was usually used for lateral movement on the network in scenarios where the administrator password… Continue reading - Domain Escalation - Machine Accounts...
Domain Escalation – Machine Accounts
The pass the hash technique is not new and it was usually used for lateral movement on the network in scenarios where the administrator password… Continue reading - Domain Escalation - Machine Accounts...
Domain Persistence – Machine Account
Machine accounts play a role in red team operations as in a number of techniques are utilized for privilege escalation, lateral movement and domain escalation.… Continue reading - Domain Persistence - Machine Account...
Domain Persistence – Machine Account
Machine accounts play a role in red team operations as in a number of techniques are utilized for privilege escalation, lateral movement and domain escalation.… Continue reading - Domain Persistence - Machine Account...
Domain Escalation – sAMAccountName Spoofing
Computer accounts have the $ sign appended at the end of their names in contrast with standard user accounts. By default Microsoft operating systems lack… Continue reading - Domain Escalation - sAMAccountName Spoofing...
Domain Escalation – sAMAccountName Spoofing
Computer accounts have the $ sign appended at the end of their names in contrast with standard user accounts. By default Microsoft operating systems lack… Continue reading - Domain Escalation - sAMAccountName Spoofing...
Domain Persistence – AdminSDHolder
Utilizing existing Microsoft features for offensive operations is very common during red team assessments as it provides the opportunity to blend in with the environment… Continue reading - Domain Persistence - AdminSDHolder...
Domain Persistence – AdminSDHolder
Utilizing existing Microsoft features for offensive operations is very common during red team assessments as it provides the opportunity to blend in with the environment… Continue reading - Domain Persistence - AdminSDHolder...
Golden Certificate
Domain persistence techniques enable red teams that have compromised the domain to operate with the highest level of privileges in a large period. One of… Continue reading - Golden Certificate...
Golden Certificate
Domain persistence techniques enable red teams that have compromised the domain to operate with the highest level of privileges in a large period. One of… Continue reading - Golden Certificate...
Lateral Movement – WebClient
Coercing elevated accounts such as machine accounts to authenticate to a host under the control of an attacker can provide an opportunity for privilege escalation… Continue reading - Lateral Movement - WebClient...
Lateral Movement – WebClient
Coercing elevated accounts such as machine accounts to authenticate to a host under the control of an attacker can provide an opportunity for privilege escalation… Continue reading - Lateral Movement - WebClient...