The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,861 other subscribers

Archive for the ‘Blue team’ Category

Evade Windows Defender Mimikatz detection by patching the amsi.dll | by Nol White Hat | Jul, 2022 | System Weakness

Posted by jpluimers on 2024/12/16

For my link archive: [Wayback/Archive] Evade Windows Defender Mimikatz detection by patching the amsi.dll | by Nol White Hat | Jul, 2022 | System Weakness

Via:ย [Wayback/Archive] rootsecdev on Twitter: “โ€œEvade Windows Defender Mimikatz detection by patching the amsi.dllโ€ by Nol White Hat”

–jeroen

Posted in Blue team, Pen Testing, Power User, Red team, Security | Leave a Comment »

Link archive: Windows PSBits/PasswordStealing/NPPSpy at master ยท gtworek/PSBits

Posted by jpluimers on 2024/12/12

Simple (but fully working) code for NPLogonNotify(). The function obtains logon data, including cleartext password.

[Wayback/Archive] PSBits/PasswordStealing/NPPSpy at master ยท gtworek/PSBits has been used in the wild since about 2022 (the code is from 2020).

The code is a ~100 line C file resulting in a DLL exporting the NPGetCaps() and NPLogonNotify() functions.

Background/related:

Read the rest of this entry »

Posted in .NET, Blue team, C, CommandLine, Development, Power User, PowerShell, PowerShell, Red team, Scripting, Security, Software Development, Windows Development | Tagged: | 1 Comment »

Hijack Libs

Posted by jpluimers on 2024/12/04

Interesting for both red teams and blue teams: [Wayback/Archive] Hijack Libs

This project provides an curated list of DLL Hijacking candidates. A mapping between DLLs and vulnerable executables is kept and can be searched via this website. Additionally, further metadata such as resources provide more context.

Read the rest of this entry »

Posted in Blue team, Development, Power User, Red team, Security, Software Development, Windows Development | Leave a Comment »

Jilles preparing for a Red Team training event

Posted by jpluimers on 2024/08/01

Remember to adapt what you pack and tailor it for each red team training event as the blue team should expect the unexpected. Believable pretext is key.

[Wayback/Archive] jilles.com ๐Ÿ”œ MCH2022 ๐Ÿณ๏ธโ€๐ŸŒˆ๐Ÿณ๏ธโ€โšง๏ธ on Twitter: “Need to pack enough breaking and entering stuff to pull a good show during the RedTeam training but not too much to get arrested on my way to work. Then again, I might pull it off when I put YMCA on in a loop, in case I get pulled over. “

[Wayback/Archive] jilles.com ๐Ÿ”œ MCH2022 ๐Ÿณ๏ธโ€๐ŸŒˆ๐Ÿณ๏ธโ€โšง๏ธ on Twitter: “This will do for now ;-)”

Read the rest of this entry »

Posted in Blue team, Power User, Red team, Security, Uncategorized | Leave a Comment »