It is very common during penetration tests where domain administrator access has been achieved to extract the passwo ...

Services that support Kerberos authentication require to have a Service Principal Name (SPN) associated to point use ...

A common step in the life-cycle of a red team engagement is to gather as much information is possible for the compro ...

WinRM stands for Windows Remote Management and is a service that allows administrators to perform management tasks o ...

CMSTP is a binary which is associated with the Microsoft Connection Manager Profile Installer. It accepts INF files ...

Netbios Name Service (NBT-NS) is used in Windows networks for communication between hosts. Systems will use this ser ...

The Remote Desktop Protocol (RDP) is widely used across internal networks by Administrators. This allows systems own ...

The Skeleton Key is a malware which is stored in memory which allows an attacker to authenticate as any domain user ...

Passwords in clear-text that are stored in a Windows host can allow penetration testers to perform lateral movement ...

There are a number command and controls tools that can use a variety fof methods in order to hide malicious traffic ...

Images traditionally have been used as a method of hiding a message. It is possibly for forensic investigators the o ...

SMB is a protocol which is widely used across organisations for file sharing purposes. It is not uncommon during int ...

Everyday new methods and tools are being discovered that could be used during red team engagements. Special focus is ...

Windows Management Instrumentation (WMI) is a Microsoft technology that was designed to allow administrators to perf ...

Developers are usually signing their code in order to provide assurance to users that their software is trusted and ...

Bypassing AppLocker most of the times it’s a matter of trusted Microsoft binaries that can execute code or misconfig ...

According to Microsoft the msxsl.exe command line utility enables the user to perform command line Extensible Styles ...

MSIEXEC is a Microsoft utility that can be used to install or configure a product from the command line. If an envir ...

This vulnerability allows an attacker to execute code to the kernel (ring0) due to the difference in implementation ...

Bypassing AppLocker restrictions usually requires the use of trusted Microsoft binaries that can execute code or wea ...

SDCLT is a Microsoft binary that is used in Windows systems (Windows 7 and above) to allow the user to perform backu ...

It is possible in an environment that AppLocker is enabled to run an executable due to the way that assemblies are l ...