I take absolutely no credit for the modules used in this script. A massive thanks to Tim Medin, Kevin Robertson, Marcello Salvati, Will Schroeder and the rest of the team at Specter Ops for the modules used in this script. Finally, thanks to Daniel Bohannon for writing Invoke-Obfuscation, which was used to obfuscate all... Continue Reading →
There's been a disturbance in pentesting, have you felt it? More mature environments have finally caught on that Powershell can be used for malicious gains and pentesters could own your domain with a few Powershell commands, so admins have began to lock it down, EDRs have began to alert, and thus the saying goes, necessity... Continue Reading →
Windows PrivEsc has always been difficult for me but this method is pretty straightforward and very successful. This already assumes you have a shell on the box. I start up Empire, start a listener and generate a Powershell payload Then run the payload. An agent then spawns on the target I then select the agent... Continue Reading →
My job involves lightweight pentesting and vulnerability assessment and such is the nature that clients know what I want to accomplish and will happily white-list any script I ask them to, but what's the fun in that? Researching methods to bypass AV and thinking of methods to just not write to disk, showed that AV... Continue Reading →
Before I did PWK, I had a hard time wrapping my head around buffer overflows. Even after taking an Assembly course in college, I was still fuzzy on how they really worked. Eventually, after watching countless videos, asking a ton of questions on Reddit, and doing PWK, I wrote it out for myself with pictures.... Continue Reading →
