The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,860 other subscribers

Archive for the ‘Blue team’ Category

Next Entries »

Link archive: Windows PSBits/PasswordStealing/NPPSpy at master ยท gtworek/PSBits

Posted by jpluimers on 2024/12/12

Simple (but fully working) code for NPLogonNotify(). The function obtains logon data, including cleartext password.

[Wayback/Archive] PSBits/PasswordStealing/NPPSpy at master ยท gtworek/PSBits has been used in the wild since about 2022 (the code is from 2020).

The code is a ~100 line C file resulting in a DLL exporting the NPGetCaps() and NPLogonNotify() functions.

Background/related:

Read the rest of this entry »

Posted in .NET, Blue team, C, CommandLine, Development, Power User, PowerShell, PowerShell, Red team, Scripting, Security, Software Development, Windows Development | Tagged: | 1 Comment »

Hijack Libs

Posted by jpluimers on 2024/12/04

Interesting for both red teams and blue teams: [Wayback/Archive] Hijack Libs

This project provides an curated list of DLL Hijacking candidates. A mapping between DLLs and vulnerable executables is kept and can be searched via this website. Additionally, further metadata such as resources provide more context.

Read the rest of this entry »

Posted in Blue team, Development, Power User, Red team, Security, Software Development, Windows Development | Leave a Comment »

Jilles preparing for a Red Team training event

Posted by jpluimers on 2024/08/01

Remember to adapt what you pack and tailor it for each red team training event as the blue team should expect the unexpected. Believable pretext is key.

[Wayback/Archive] jilles.com ๐Ÿ”œ MCH2022 ๐Ÿณ๏ธโ€๐ŸŒˆ๐Ÿณ๏ธโ€โšง๏ธ on Twitter: “Need to pack enough breaking and entering stuff to pull a good show during the RedTeam training but not too much to get arrested on my way to work. Then again, I might pull it off when I put YMCA on in a loop, in case I get pulled over. “

[Wayback/Archive] jilles.com ๐Ÿ”œ MCH2022 ๐Ÿณ๏ธโ€๐ŸŒˆ๐Ÿณ๏ธโ€โšง๏ธ on Twitter: “This will do for now ;-)”

Read the rest of this entry »

Posted in Blue team, Power User, Red team, Security, Uncategorized | Leave a Comment »

Next Entries »