Identifying & Bypassing Responder Detections
It is nearly 2024, and broadcast protocols and lack of SMB signing are still default settings on Microsoft Windows hosts. This means the classic technique of broadcast traffic poisoning to […]
powershell
Access Without Mimikatz: Internal Monologue
Credential Access Without Mimikatz On a recent engagement, a client implemented multiple EDR solutions to prevent common ways of obtaining credentials either through Mimikatz or various LSASS memory dumping methods. […]
MiniDumpDotNet: Pure CLR Alt – Part 2
MiniDumpDotNet – Part 1 & 2 In MiniDumpDoNet – Part 1, we took a brief look at the MiniDumpWriteDump() Win32 API and considered options for reimplementation for the purposes of […]
Alternative Execution Macro Saga: ActiveMovie Control – Part 6
Over the past five blogs (part 1, part 2, part 3, part 4, part 5) of the Alternative Execution Macro Saga, we’ve covered utilizing event handlers for ActiveX controls to obtain code execution in […]
Alternative Execution Macro Saga: CLSID – Part 5
Hello again and thanks for returning to our Alternative Execution Macro Saga series! Over the last few posts, we discussed making use of events from part 1 – InkPicture, part 2 […]
Alternative Execution Macro Saga: Disable Macros – Part 4
Thanks for returning to the Alternative Execution Macro Saga series! Here are parts 1-3 in case you missed them: part 1, part 2, and part 3. It’s been a busy […]
Alternative Execution Macro Saga: Performance Monitor – Part 3
In the last few blogs in our Alternative Execution Macro Saga: (part 1 – InkPicture & part 2 – WMPlayer) we worked through scenarios making use of the ActiveX controls […]
Alternative Execution Macro Saga: Windows Media Player – Part 2
In the previous blog in this Alternative Execution Macro Saga: part 1 – InkPicture, (this is part 2 – WMP, then there’s part 3 – performance monitor, part 4 – disable macros, part 5 – CLSID, […]
Alternative Execution Macro Saga: InkPicture – Part 1
This is the first in a series called the Alternative Execution Macro Saga – if you’re interested in reading the full series the links are here: part 1 – InkPicture, […]