There's been a disturbance in pentesting, have you felt it? More mature environments have finally caught on that Powershell can be used for malicious gains and pentesters could own your domain with a few Powershell commands, so admins have began to lock it down, EDRs have began to alert, and thus the saying goes, necessity … Continue reading The Rise of C# and using Kali as a C2 Server with SILENTTRINITY →

Windows PrivEsc has always been difficult for me but this method is pretty straightforward and very successful. This already assumes you have a shell on the box. I start up Empire, start a listener and generate a Powershell payload Then run the payload. An agent then spawns on the target I then select the agent … Continue reading Windows Privilege Escalation via Unquoted Service Paths →

My job involves lightweight pentesting and vulnerability assessment and such is the nature that clients know what I want to accomplish and will happily white-list any script I ask them to, but what's the fun in that? Researching methods to bypass AV and thinking of methods to just not write to disk, showed that AV … Continue reading AV Evasion →