Avoiding EDRs creating a new process
Code snippet to create a process using the PROCESS_CREATION_MITIGATION_POLICY_BLOCK_NON_MICROSOFT_BINARIES_ALWAYS_ON flag, which blocks 3rd party DLLs to be injected in it (such as EDR DLLs).
Ethical hacker | OSCE(3) CRTM CRTL GXPN GRTP GCIH GCPN
Code snippet to create a process using the PROCESS_CREATION_MITIGATION_POLICY_BLOCK_NON_MICROSOFT_BINARIES_ALWAYS_ON flag, which blocks 3rd party DLLs to be injected in it (such as EDR DLLs).
Weblogic servers are popular in pentests as outdated versions have RCE vulnerabilities with public exploits. However, you can exploit them uploading WAR files as well.
Exploiting iDRACs is a common practice in pentests as compromising one allows to also compromise the system controlled by the iDRAC. However, it is not so immediate to exploit old iDRAC versions nowadays as it was some years ago.
Short guide to solve this problem using Github API
With this script it is possible to extract Active Directory accounts’ hashes when credential caching is enabled in the SSSD service.
Control systems remotely by uploading files to Google Drive, OneDrive, Youtube or Telegram using Python to create the files and the listeners. It allows to create text files, images, audio or videos, with the commands in cleartext or encrypted using AES.
Releasing http-protocol-exfil, a tool that uses the HTTP protocol version to send a file bit by bit (“HTTP/1.0” is a 0 and “HTTP/1.1” is a 1). It uses GET requests so the Blue Team would only see the requests to your IP address.