Active Directory Assessment and Privilege Escalation Script 2.0

  I take absolutely no credit for the modules used in this script. A massive thanks to Tim Medin, Kevin Robertson, Marcello Salvati, Will Schroeder and the rest of the team at Specter Ops for the modules used in this script. Finally, thanks to Daniel Bohannon for writing Invoke-Obfuscation, which was used to obfuscate all … Continue reading Active Directory Assessment and Privilege Escalation Script 2.0

Windows Privilege Escalation via Unquoted Service Paths

Windows PrivEsc has always been difficult for me but this method is pretty straightforward and very successful. This already assumes you have a shell on the box. I start up Empire, start a listener and generate a Powershell payload Then run the payload. An agent then spawns on the target I then select the agent … Continue reading Windows Privilege Escalation via Unquoted Service Paths

AV Evasion

My job involves lightweight pentesting and vulnerability assessment and such is the nature that clients know what I want to accomplish and will happily white-list any script I ask them to, but what's the fun in that? Researching methods to bypass AV and thinking of methods to just not write to disk, showed that AV … Continue reading AV Evasion