Miscellaneous resources
here is where i store all the useful or interesting blogs i read. use CTRL+F to navigate
Splunk Universal Forwarder
EOP:
The default configuration of Splunk did not have any authentication on the software Splunk Universal Forwarder Hijacking and SplunkWhisperer2.
Erlang
EOP:
more information check out the Erlang-arce blogpost from Mubix
Windows Named Pipes
Windows User Privileges
Token privileges, Windows privileges
Adjusting Token Privileges in PowerShell
Script to enable certain privileges.
token impersonation attacks paper.
This blog post goes in-depth on the
PrintSpoofer
tool.GOP Abuse SharpGPOAbuse blog.
Enable all token privileges blog.
Windows Group Privileges
Here is a listing of all built-in Windows groups along with a detailed description of each.
This page has a detailed listing of privileged accounts and groups in Active Directory.
PoC to exploit the
SeBackupPrivilege
.From DNSAdmins to Domain Admin, When DNSAdmins is More than Just DNS Administration blog.
Abusing DNSAdmins privilege for escalation in Active Directory blog.
Poc’ing Beyond Domain Admin DNS blog active directory.
Escalating Privileges with DNSAdmins Group blog.
Abusing SeLoadDriverPrivilege for privilege escalation blog.
Hyper-V Administrators blog from-hyper-v-admin-to-system.
Small POC in powershell exploiting hardlinks during the VM deletion process poc.
Proof of concept for abusing SeLoadDriverPrivilege (Privilege Escalation in Windows) tool.
standalone exploit for a vulnerable feature in Capcom.sys.
Windows Credentials Theft
Dumping the contents of ntds.dit files using PowerShell blog.
Credentials Theft
How to Extract Content from VMDK Files: A Step-By-Step GuideHow to Extract Content from VMDK Files: A Step-By-Step Guide blog.
User Acess Control UAC
This page discusses how UAC works in great depth and includes the logon process etc.
User Account Control security policy settings page.
this blog post showshSystemPropertiesAdvanced.exe DLL Hijacking UAC Bypass .
Kernel exploits, end of life systems Windows
Miscellaneous
Privilege Escalation with Autoruns blog.
this site detail many potential autorun locations on Windows systems.
ALPC Task Scheduler 0-Day An-depth writeup is available here.
(CVE-2020-5752) blog post initial discovery of the flaw.
This page has detailed listing of the end-of-life dates for Microsoft Windows and other products such as Exchange, SQL Server, and Microsoft Office.
MS16-032. A detailed explanation of this bug can be found in this Project Zero blog post
Last updated