Miscellaneous resources

here is where i store all the useful or interesting blogs i read. use CTRL+F to navigate

Splunk Universal Forwarder

EOP:

• The default configuration of Splunk did not have any authentication on the software Splunk Universal Forwarder Hijacking and SplunkWhisperer2.

Erlang

EOP:

• more information check out the Erlang-arce blogpost from Mubix

Windows Named Pipes

• WindscribeService Named Pipe Privilege Escalation

Windows User Privileges

Token privileges, Windows privileges

• Adjusting Token Privileges in PowerShell

• Script to enable certain privileges.

• Windows Privilege Abuse: Auditing, Detection, and Defense.

• token impersonation attacks paper.

• This blog post goes in-depth on the PrintSpoofer tool.

• GOP Abuse SharpGPOAbuse blog.

• Enable all token privileges blog.

Windows Group Privileges

• Here is a listing of all built-in Windows groups along with a detailed description of each.

• This page has a detailed listing of privileged accounts and groups in Active Directory.

• PoC to exploit the SeBackupPrivilege.

• From DNSAdmins to Domain Admin, When DNSAdmins is More than Just DNS Administration blog.

• Abusing DNSAdmins privilege for escalation in Active Directory blog.

• Poc’ing Beyond Domain Admin DNS blog active directory.

• Escalating Privileges with DNSAdmins Group blog.

• Abusing SeLoadDriverPrivilege for privilege escalation blog.

• Hyper-V Administrators blog from-hyper-v-admin-to-system.

• Small POC in powershell exploiting hardlinks during the VM deletion process poc.

• Proof of concept for abusing SeLoadDriverPrivilege (Privilege Escalation in Windows) tool.

• standalone exploit for a vulnerable feature in Capcom.sys.

Windows Credentials Theft

• Dumping the contents of ntds.dit files using PowerShell blog.

Credentials Theft

• How to Extract Content from VMDK Files: A Step-By-Step GuideHow to Extract Content from VMDK Files: A Step-By-Step Guide blog.

User Acess Control UAC

• This page discusses how UAC works in great depth and includes the logon process etc.

• User Account Control security policy settings page.

• this blog post showshSystemPropertiesAdvanced.exe DLL Hijacking UAC Bypass .

Kernel exploits, end of life systems Windows

Miscellaneous

• Privilege Escalation with Autoruns blog.

• this site detail many potential autorun locations on Windows systems.

• ALPC Task Scheduler 0-Day An-depth writeup is available here.

• CVE-2021-36934 HiveNightmare, aka SeriousSam More information about this flaw can be found here and this exploit binary can be used to create copies of the three files to our working directory. This script can be used to detect the flaw and also fix the ACL issue. Let's take a look.

• PoC by @cube0x0 C# PoC for CVE-2021-36934/HiveNightmare/SeriousSAM.

• CVE-2021-1675/CVE-2021-34527 PrintNightmareThis version by @cube0x0 can be used to execute a malicious DLL remotely or locally using a modified version of Impacket.

• (CVE-2020-5752) blog post initial discovery of the flaw.

• This page has detailed listing of the end-of-life dates for Microsoft Windows and other products such as Exchange, SQL Server, and Microsoft Office.

• MS16-032. A detailed explanation of this bug can be found in this Project Zero blog post