pentest   3517

« earlier    

Apply MITRE’s ‘ATT&CK’ Model to Check Your Defenses | McAfee Blogs
In this post, we highlighted one approach and application of the ATT&CK model. There are many ways to apply it for red teaming, threat hunting, and other tasks. At McAfee we embrace the model and are applying it to different levels and purposes in our organization. We are not only using it but also contribute to the model by describing newly discovered techniques used by adversaries.
pentest  security 
2 days ago by whip_lash
Mimikatz 2.0 - Golden Ticket Walkthrough - Projects - Beneath the Waves
The "executive summary" version of a Golden Ticket is that if you can obtain one of the encryption keys used by the krbtgt account for an Active Directory domain, Mimikatz 2.0 will allow you to forge arbitrary Kerberos authentication tickets for that domain. Those keys are not easily-obtained — unless someone has left an NTDS.DIT backup lying around, it probably requires access to a domain admin account's credentials — so the Golden Ticket functionality is sort of like the "New Game+" mode in the Silent Hill series: you've already won, and now you can play through again as an unstoppable juggernaut with a laser pistol and/or chainsaw.
activedirectory  mimikatz  goldenticket  pentest  security 
2 days ago by whip_lash
Exploring PowerShell AMSI and Logging Evasion – MDSec
Before attempting to load a script, it has now become commonplace to run the following AMSI bypass:
[Ref].Assembly.GetType('System.Management.Automation.AmsiUtils').GetField('amsiInitFailed','NonPublic,Static').SetValue($null,$true)
But have you ever wondered just how this magic command goes about unhooking AMSI?
In this post, we will walk through just how this technique works under the hood, then we will look at a few alternate ways to unhook AMSI from PowerShell.
amsi  powershell  pentest 
5 days ago by whip_lash
One-Lin3r v1.1 - Gives You One-Liners That Aids In Penetration Testing Operations - KitPloit - PenTest Tools for your Security Arsenal ☣
Favorite tweet:

#OneLin3r v1.1 - Gives You One-Liners That Aids In Penetration #Testing Operations https://t.co/AWvpLnt1ND pic.twitter.com/74zGjoV9Ve

— ☣ The Hacker Tools (@KitPloit) June 14, 2018
pentest  security  tool 
7 days ago by whip_lash
Humans Are the Weakest Link: Tales of a Social Engineer
was able to covertly gain access to a CEO’s office—only, he didn’t know the CEO had his own private security. It was only after he had been tackled and hogtied that the security staff learned that he’d actually been hired to burglarize the office.
pentest  cybersecurity  socialengineering 
10 days ago by bwiese

« earlier    

related tags

activedirectory  ad  agent  amazon  amazongo  amsi  analysis  android  api  app  archive  attack  authentication  authorization  awesome  aws  backtrack  bash  ble  blog  bluetooth  bruteforce  bug  bugbounty  burp  burpsuite  c&c  c2  certification  cheat  cheats  cheatsheet  cheatsheets  checklist  ciberseguridad  cloud  collection  cracking  ctf  custom_search_engines  cybersecurity  dcshadow  deserialization  distribution  distro  dns  docker  domain  education  elasticsearch  elk  email  engineering  enumeration  ettercap  evasion  exfiltration  exploit  exploits  facebook  fuzzing  github  go  golang  goldenticket  google  guide  hackerone  hacking  harden  hardening  hardware  hash  hashes  http  hyper-v  ifosec  infosec  instagram  institute  ios  iot  ips  it_sicherheit  java  kali  lab  links  linux  list  lists  malware  merlin  mimikatz  mindmap  mitm  mitre  mobile  nessus  netcat  netsec  network  networking  ntfs  ntlm  obfuscation  opensource  oscp  osint  owasp  pcap  penetration  pentesting  perl  persistence  phishing  php  platform  playground  plugin  poster  posters  postexploit  postexploitation  powershell  privesc  privilegeescalation  programming  python  recon  redcanary  redteam  reference  resources  responder  rest  reverse  reverseshell  router  s3  sans  scanner  scripting  scripts  secops  secure  security  seguridad  sheets  shell  snmp  snmpv3  socialengineering  spearphishing  sql  sqli  ssh  stealth  sudo  sysadmin  telnet  test  testing  tests  threathunting  tool  toolkit  tools  tutorial  video  vulnerabilities  vulnerability  vulnerable  vulnwhisperer  waf  web  webapp  webappsec  webdev  whiteboard  windows  workflow 

Copy this bookmark:



description:


tags: