When Invoke-Obfuscation came out in late 2016, I, and I'm sure many other pentesters, rejoiced at the fact that our commands bypassed AV like it wasn't even there. Empire payload? Easy. Privilege escalation Powershell scripts? Not a problem. In 2016, Windows Defender was but an annoying feature in Windows that would just catch Cain & … Continue reading Suck it, Windows Defender.
I take absolutely no credit for the modules used in this script. A massive thanks to Tim Medin, Kevin Robertson, Marcello Salvati, Will Schroeder and the rest of the team at Specter Ops for the modules used in this script. Finally, thanks to Daniel Bohannon for writing Invoke-Obfuscation, which was used to obfuscate all … Continue reading Active Directory Assessment and Privilege Escalation Script 2.0
Windows PrivEsc has always been difficult for me but this method is pretty straightforward and very successful. This already assumes you have a shell on the box. I start up Empire, start a listener and generate a Powershell payload Then run the payload. An agent then spawns on the target I then select the agent … Continue reading Windows Privilege Escalation via Unquoted Service Paths
My job involves lightweight pentesting and vulnerability assessment and such is the nature that clients know what I want to accomplish and will happily white-list any script I ask them to, but what's the fun in that? Researching methods to bypass AV and thinking of methods to just not write to disk, showed that AV … Continue reading AV Evasion
Before I did PWK, I had a hard time wrapping my head around buffalo overflows. Even after taking an Assembly course in college, I was still fuzzy on how they really worked. Eventually, after watching countless videos, asking a ton of questions on Reddit, and doing PWK, I wrote it out for myself with pictures. … Continue reading Simple Buffer Overflows (x32)