Identifying & Bypassing Responder Detections
It is nearly 2024, and broadcast protocols and lack of SMB signing are still default settings on Microsoft Windows hosts. This means the classic technique of broadcast traffic poisoning to […]
It is nearly 2024, and broadcast protocols and lack of SMB signing are still default settings on Microsoft Windows hosts. This means the classic technique of broadcast traffic poisoning to […]
Credential Access Without Mimikatz On a recent engagement, a client implemented multiple EDR solutions to prevent common ways of obtaining credentials either through Mimikatz or various LSASS memory dumping methods. […]
MiniDumpDotNet – Part 1 & 2 In MiniDumpDoNet – Part 1, we took a brief look at the MiniDumpWriteDump() Win32 API and considered options for reimplementation for the purposes of […]
Over the past five blogs (part 1, part 2, part 3, part 4, part 5) of the Alternative Execution Macro Saga, we’ve covered utilizing event handlers for ActiveX controls to obtain code execution in […]
Hello again and thanks for returning to our Alternative Execution Macro Saga series! Over the last few posts, we discussed making use of events from part 1 – InkPicture, part 2 […]
Thanks for returning to the Alternative Execution Macro Saga series! Here are parts 1-3 in case you missed them: part 1, part 2, and part 3. It’s been a busy […]
In the last few blogs in our Alternative Execution Macro Saga: (part 1 – InkPicture & part 2 – WMPlayer) we worked through scenarios making use of the ActiveX controls […]
In the previous blog in this Alternative Execution Macro Saga: part 1 – InkPicture, (this is part 2 – WMP, then there’s part 3 – performance monitor, part 4 – disable macros, part 5 – CLSID, […]
This is the first in a series called the Alternative Execution Macro Saga – if you’re interested in reading the full series the links are here: part 1 – InkPicture, […]