All articles tagged as:


Exploiting Windows 10 Kernel Drivers - Stack Overflow

Following on from my earlier post in which we walked through creating an exploit for the WARBIRD vulnerability, over the next few posts I'm going to be looking at Windows kernel exploitation. If you haven't had chance to read it, I'd recommend that you pause and give it a quick glance as some of this walkthrough will rely on concepts introduced previously. This post will start off by laying the groundwork for future posts, and walking through a simple stack overflow exploit in the Windows kernel. HackSys Extreme Vulnerable Driver If you want to learn about Windows driver exploitation, few reso…

Read more »

Alternative methods of becoming SYSTEM

For many pentesters, Meterpreter's getsystem command has become the default method of gaining SYSTEM account privileges, but have you ever have wondered just how this works behind the scenes? In this post I will show the details of how this technique works, and explore a couple of methods which are not quite as popular, but may help evade detection on those tricky redteam engagements. Meterpreter's "getsystem" Most of you will have used the getsystem module in Meterpreter before. For those that haven't, getsystem is a module offered by the Metasploit-Framework which allows an adminis…

Read more »

Kerberos AD Attacks - Kerberoasting

Recently I've been trying to make sure that my redteam knowledge is up to date, exploring many of the advancements in Active Directory Kerberos attacks... and there have been quite a few! I finally found some free time this week to roll up my sleeves and dig into the internals of some of these attacks, and hopefully document them for other people to learn. This post is the first in a series aimed at explaining what is happening under the hood when you execute your favourite Powerview or Mimikatz command to attack Active Directory via Kerberos, and hopefully giving people some other methods or…

Read more »