Knowledge Base for Penetration Testing
Introduction: In this post we are going to have a look into the D/Invoke project by TheWover. He also wrote a really good blog post which you can read here where he demonstrates in detail how the whole project works. It covers some really cool aspects so its highly recommended to check it out. This […]
Introduction This post considers that you already have some understanding of C#. The NSA has released guidance encouraging organizations to shift programming languages from the likes of C and C++ to memory-safe alternatives – such as C#, Go, Java, Ruby, Rust, and Swift. C and C++ are commonly used languages that provide freedom and flexibility […]
Chisel is a fast TCP/UDP tunnel, transported over HTTP, and secured via SSH. It uses a single executable for establishing connections as the client or server. Chisel is written in Go (golang). It is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into any network. Proxychains […]
General Principals with most Outbound Controlled objects Users Groups Computers GPOs OUs Other CREATE Nodes and Edges Example output: Other sources of great Cypher Queries
RDP protocol Proxy RDP protocol using xfreerdp Proxy RDP protocol using xfreerdp and use NTLM hash to authenticate (PTH RDP) Enable Restricted Admin Mode (need admin priv)
Tools PowerUp Get services with unquoted paths and a space in their name Get services where the currentuser can write to its binary path or change argument to the binary Get the services whose configuration current user can modify Open a reverse shell listening using powercat
WMI 101 WMI = Windows Management Instrumentation –> Microsoft implementationn of CIM (Common Information Model) and WBEM (Web Based Enterprise Management).–> Provides a uniform interface for applications/scripts to manage a local or remote computer or network. WMIC = Command-Line interface for WMI WMI Components https://0xinfection.github.io/posts/wmi-classes-methods-part-2/ WMI utilities Linux Manaed Object Format (MOF) files Use to […]
PowerShell basics PowerShell scripts can used multiple things such as: PowerShell Download and execute in memory of PowerShell: PowerShell and Active Directory Domain Enumeration Using .NET Classes Enumeration can be done by using Native Executables and .NET classes: Using the DirectoryServices.ActiveDirectory.Domain class and then static method GetCurrentDomain() Get the name of the current forest Using […]
IOT Attack Vector Resource https://blog.certcube.com/iot-101/ https://sec4dev.io/sessions/iot-hacking-101 https://github.com/V33RU/IoTSecurity101 Training https://www.pentesteracademy.com/course?id=37 https://www.attify.com/iot-security-exploitation-training https://www.sans.org/cyber-security-courses/iot-penetration-testing/ IoT Penetration Testing Cookbook: Identify vulnerabilities and secure your smart devices The IoT Hacker’s Handbook: A Practical Guide to Hacking the Internet of Things Practical IoT Hacking: The Definitive Guide to Attacking the Internet of Things Advanced Penetration Testing Hacking IoT
By default, domain joined Windows workstations allow access to the network selection UI from the lock screen. An attacker with physical access to a locked device with WiFi capabilities (such as a laptop or a workstation) can abuse this functionality to force the laptop to authenticate against a rogue access point and capture a MSCHAPv2 […]
by 
