Understanding and Evading Get-InjectedThread

One of the many areas of this field that I really enjoy is the "cat and mouse" game played between RedTeam and BlueTeam, each forcing the other to up their game. Often we see some awesome tools being released to help defenders detect malware or shellcode execution, and knowing just how these defensive capabilities function is important when performing a successful pentest or RedTeam engagement. Recently I came across the awesome post "Defenders Think in Graphs Too!", which can be found over on ... Read More »

Alternative methods of becoming SYSTEM

For many pentesters, Meterpreter's getsystem command has become the default method of gaining SYSTEM account privileges, but have you ever have wondered just how this works behind the scenes? In this post I will show the details of how this technique works, and explore a couple of methods which are not quite as popular, but may help evade detection on those tricky redteam engagements. Meterpreter's "getsystem" Most of you will have used the getsystem module in Meterpreter before. For those tha... Read More »

Kerberos AD Attacks - More Roasting with AS-REP

This post continues with the series of tutorials looking at Kerberos and Active Directory attacks. If you have not had chance to review any of the previous posts in this series, I'd recommend checking them out: * Kerberos AD Attacks - Kerberoasting [/kerberos-attacks-part-1/] * Using machine account credentials during an engagement [/using-machine-accounts-during-an-engagement/] * Setting Service Principal Names To Roast Accounts [/setting-service-principal-names-to-roast-accounts/] I... Read More »