Vito FlyHigh De Laurentis

41 Flips | 1 Magazine | 5 Likes | @vdelaurentis | Keep up with Vito FlyHigh De Laurentis on Flipboard, a place to see the stories, photos, and updates that matter to you. Flipboard creates a personalized magazine full of everything, from world news to life’s great moments. Download Flipboard for free and search for “Vito FlyHigh De Laurentis”

Ten Process Injection Techniques: A Technical Survey of Common and Trending Process Injection Techniques

Process injection is a widespread defense evasion technique employed often within malware and fileless adversary tradecraft, and entails running …

OPCDE

README.md<p>OPCDE DXB 2017 Materials (26-27 April 2017)<p>Agenda<p>Keynote 1 - Revisiting the state - Maarten Van Horenbeeck (@maartenvhb)<p>Keynote 2 - Wim …

Windows Defender ATP thwarts Operation WilySupply software supply chain cyberattack

Several weeks ago, the Windows Defender Advanced Threat Protection (Windows Defender ATP) research team noticed security alerts that demonstrated an …

Bypassing Windows User Account Control (UAC) and ways of mitigation

Securing machines from abuse and compromise in a corporate environment has always been an ongoing process. Providing admin rights to users has always …

Capcom Rootkit POC

Capcom

Code Execution in SQL Server via Fileless CLR-based Custom Stored Procedures

Install Visual Studio along with the SQL Server Data Tools. For my own project I used Visual Studio Express 2013, since the server I was attacking …

SQL Servers

Lateral Movement via DCOM: Round 2

Most of you are probably aware that there are only so many ways to pivot, or conduct lateral movement to a Windows system. Some of those techniques …

The Enemy Within: Stopping Advanced Attacks Against Local Users

Advanced targeted attackers utilize compromised credentials in order to move laterally within their victims' network. These compromised credentials may consist of either domain or local credentials. Local credentials, especially those of local admins, are a lucrative target for the attackers as …

Information Security

The Travelling Pentester: Diaries of the Shortest Path to Compromise

Windows 10: protection, detection, and response against recent Depriz malware attacks

A few weeks ago, multiple organizations in the Middle East fell victim to targeted and destructive attacks that wiped data from computers, and in …

JTAG Explained (finally!): Why "IoT" Makers, Software Security Folks, and Device Manufacturers Should Care

Imagine you are handed this device and asked to get root on it as quickly as possible. No further information is given. Where would you begin? <i>(If you</i> …

Debugging

Thanks to #esxi65 w/ SecureBoot, it's easier to protect LSA w/ CredentialGuard in VMs (or to test #mimikatz) It protects local accounts now! https://t.co/mnYVdUnn0d

Introduction to Windows Device Guard: Introduction and Configuration Strategy

IntroductionWelcome to the first in a series a Device Guard blog posts. This post is going to cover some introductory concepts about Device Guard and …

Hijacking wireless mice and keyboards - The poetry of (in)security

Earlier this year researchers from <b>Bastille</b> discovered vulnerabilities in wireless mice and keyboards that could lead to them being remotely hijacked …

Information Security

Introducing BloodHound

Intro & Background<p>In February of this year, I posted a proof-of-concept script called “PowerPath” which combined Will Schroeder’s PowerView, Justin …

Bloodhound

Closing the Door | End of Backdoor Factory

Recently I used Empire at work on a phishing engagement because it supports macOS, Linux, and Windows hosts from one listener. You should try it out …

The art of Golden Ticket Kerberos Keys

This is a larger part of pass the hash hygiene and most people do not do this but for good reason. If you do this wrong you can cripple a lot of …

Abusing of Protocols to Load Local Files, bypass the HTML5 Sandbox, Open Popups and more

On October 25th, the fellows @MSEdgeDev twitted a link that called my attention because when I clicked on it (being on Chrome) the Windows Store App …

Metasploit-Plugins

README.md<p>Plugins for Metasploit Framework. Currently only the Pentest plugin is being maintained do to changes in Metasploit Framework that limit …

On the Effectiveness of Device Guard User Mode Code Integrity

Moving Beyond EMET

EMET – Then and Now<p>Microsoft’s Trustworthy Computing initiative was 7 years old in 2009 when we first released the Enhanced Mitigation Experience …

Bypassing Application Whitelisting By Using dnx.exe

Over the past few weeks, I have had the pleasure to work side-by-side with Matt Graeber (@mattifestation) and Casey Smith (@subtee) researching …

Microsoft Visual Studio

PoisonTap - siphons cookies, exposes internal router & installs web backdoor on locked computers

Created by @SamyKamkar || https://samy.pl<p>When <b>PoisonTap</b> (Raspberry Pi Zero & Node.js) is plugged into a <b>locked/password protected</b> computer, it:<p>emulates …

Add bypass UAC via Event Viewer module by OJ · Pull Request #7532 · rapid7/metasploit-framework

Unverified<p>added module delayed labels Nov 4, 2016<p>added some commits Nov 21, 2016<p>Unverified<p>Unverified<p>Unverified<p>removed the delayed label Nov 21, …

Forensics

Metasploitable3: An Intentionally Vulnerable Machine for Exploit Testing

Test Your Might With The Shiny New Metasploitable3 Today I am excited to announce the debut of our shiny new toy - Metasploitable3. Metasploitable3 …

BloodHound - Walking the Dog

Bloodhound