Staphysec
  • StaphySec
  • Resources
  • Tricks
  • Brute Force - CheatSheet
  • File Transfer
    • Windows File Transfer
    • Linux File Transfer
    • HTTP/SMB/Nginx/Web Servers/Netcat
  • Hashcat
  • Cheatsheet
  • Curl
  • Tools
    • Cracking
    • Information Gathering
    • XSS
    • Obfuscation
    • Credentials Theft/ Win
    • Content Management Systems (CMS)
  • Programming and Scripting
    • Virtualenv & Switching Versions
    • Python
  • SHELLS
    • Shells (Linux, Windows, Msfvenom)
  • Linux
    • CheatSheet
    • EOP Linux Tools and Resources
    • Blogs
  • Windows
    • CheatSheet
    • EOP Windows Tools and Resources
    • Useful commands and Modules
    • Active Directory
      • Tools
  • Blogs
    • Miscellaneous resources
  • PENTESTING
    • 21 - Pentesting FTP
    • 22 - Pentesting SSH
    • 25,465,587 - Pentesting SMTP
    • 53 - Pentesting DNS
    • 110,995 - Pentesting POP
    • 135 - Pentesting WMI
    • 139,445 - SMB Pentesting
    • 143,993 - Pentesting IMAP
    • 161,162,10161,10162/udp - Pentesting SNMP
    • 623/UDP/TCP - IPMI
    • 1433 - Pentesting mssql
    • 2049 - NFS Pentesting
    • 3306 - Pentesting Mysql
    • 3389 - Pentesting RDP
    • 5985,5986 - WinRm
  • Pentesting Web
    • SQL Injections
      • MySQL injection
      • SQLmap Cheatsheet
    • Command injections
    • File Uploads
    • Abusing Intermediary Applications
    • HTTP Verb Tampering
    • IDOR
    • File Inclusion / Directory Traversal
    • XXE - XEE - XML External Entity
    • SSRF
    • SSI/ESI
    • SSTI (Server Side Template Injection)
    • XSLT Server Side Injection (Extensible Stylesheet Languaje Transformations)
Powered by GitBook
On this page
  • Splunk Universal Forwarder
  • Erlang
  • Windows Named Pipes
  • Windows User Privileges
  • Token privileges, Windows privileges
  • Windows Group Privileges
  • Windows Credentials Theft
  • Credentials Theft
  • User Acess Control UAC
  • Kernel exploits, end of life systems Windows
  • Miscellaneous
  1. Blogs

Miscellaneous resources

here is where i store all the useful or interesting blogs i read. use CTRL+F to navigate

PreviousToolsNext21 - Pentesting FTP

Last updated 3 years ago

Splunk Universal Forwarder

EOP:

  • The default configuration of Splunk did not have any authentication on the software and .

Erlang

EOP:

  • more information check out the

Windows Named Pipes

Windows User Privileges

Token privileges, Windows privileges

  • Adjusting Token Privileges in

  • Script to enable certain .

  • .

  • token impersonation attacks .

  • This goes in-depth on the PrintSpoofer tool.

  • GOP Abuse SharpGPOAbuse.

  • Enable all token privileges .

Windows Group Privileges

Windows Credentials Theft

Credentials Theft

User Acess Control UAC

Kernel exploits, end of life systems Windows

Miscellaneous

is a listing of all built-in Windows groups along with a detailed description of each.

This has a detailed listing of privileged accounts and groups in Active Directory.

to exploit the SeBackupPrivilege.

From DNSAdmins to Domain Admin, When DNSAdmins is More than Just DNS Administration .

Abusing DNSAdmins privilege for escalation in Active Directory .

Poc’ing Beyond Domain Admin DNS active directory.

Escalating Privileges with DNSAdmins Group .

Abusing SeLoadDriverPrivilege for privilege escalation .

Hyper-V Administrators from-hyper-v-admin-to-system.

Small POC in powershell exploiting hardlinks during the VM deletion process .

Proof of concept for abusing SeLoadDriverPrivilege (Privilege Escalation in Windows) .

standalone for a vulnerable feature in Capcom.sys.

Dumping the contents of ntds.dit files using PowerShell .

How to Extract Content from VMDK Files: A Step-By-Step GuideHow to Extract Content from VMDK Files: A Step-By-Step Guide .

This discusses how UAC works in great depth and includes the logon process etc.

User Account Control security policy settings .

blog post showshSystemPropertiesAdvanced.exe DLL Hijacking UAC Bypass .

Privilege Escalation with Autoruns .

detail many potential autorun locations on Windows systems.

ALPC Task Scheduler 0-Day An-depth writeup is available .

CVE-2021-36934 HiveNightmare, aka SeriousSam More information about this flaw can be found and exploit binary can be used to create copies of the three files to our working directory. This can be used to detect the flaw and also fix the ACL issue. Let's take a look.

by C# PoC for CVE-2021-36934/HiveNightmare/SeriousSAM.

CVE-2021-1675/CVE-2021-34527 PrintNightmare version by can be used to execute a malicious DLL remotely or locally using a modified version of Impacket.

() initial discovery of the flaw.

This has detailed listing of the end-of-life dates for Microsoft Windows and other products such as Exchange, SQL Server, and Microsoft Office.

MS16-032. A detailed explanation of this bug can be found in this

Splunk Universal Forwarder Hijacking
SplunkWhisperer2
Erlang-arce blogpost from Mubix
WindscribeService Named Pipe Privilege Escalation
PowerShell
privileges
Windows Privilege Abuse: Auditing, Detection, and Defense
paper
blog post
blog
blog
Here
page
PoC
blog
blog
blog
blog
blog
blog
poc
tool
exploit
blog
blog
page
page
this
blog
this site
here
here
this
script
PoC
@cube0x0
This
@cube0x0
CVE-2020-5752
blog post
page
Project Zero blog post