Posted by jpluimers on 2025/02/10
It’s hard to not hack all the things…
–jeroen
Posted in LifeHacker, Power User, Red team, Security | Leave a Comment »
Posted by jpluimers on 2025/01/17
Having had to use Mimikatz a few times in the past, I was not aware of the history.
So I was glad to find this elaborate article [Wayback/Archive] Mimikatz and password dumps | Ivan’s IT learning blog and the video (embedded after the signature). [Wayback/Archive] How to fix mimikatz null password in Windows 10 | WORKING 2019!!! – YouTube
Besides the history, it also explains why sometimes you only get hashes and other times you do get plain text passwords.
Recommended reading.
--jeroen
Posted in Power User, Red team, Security, Windows, Windows 10, Windows 11, Windows 7, Windows 8, Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 | Leave a Comment »
Posted by jpluimers on 2025/01/06
[Wayback/Archive] Dumpsterdiving for network access :: Jilles.com
Just scaring people by telling them I could simply login to your network when you throw away you broken Smart light was not very credible. And eventhough people were kindly speaking up for me I would still like to illustrate how simple it is.
Posted in Power User, Red team, Security | Leave a Comment »
Posted by jpluimers on 2024/12/26
On my research list [Wayback/Archive] HInvoke and avoiding PInvoke | drakonia’s blog.
A very minimalistic approach of calling .net runtime functions or accessing properties using only hashes as identifiers. It does not leave any strings or import references since we dynamically resolve the required member from the
mscorlibassembly on runtime.
Posted in .NET, C#, Development, Encryption, Hashing, Power User, Red team, Security, Software Development | Tagged: CyberSecurity, dinvoke, hinvoke, infosec, maldev, pentest, Pentesting, redteam | Leave a Comment »
Posted by jpluimers on 2024/12/16
For my link archive: [Wayback/Archive] Evade Windows Defender Mimikatz detection by patching the amsi.dll | by Nol White Hat | Jul, 2022 | System Weakness
Via: [Wayback/Archive] rootsecdev on Twitter: ““Evade Windows Defender Mimikatz detection by patching the amsi.dll” by Nol White Hat”
–jeroen
Posted in Blue team, Pen Testing, Power User, Red team, Security | Leave a Comment »
Posted by jpluimers on 2024/12/12
Simple (but fully working) code for
NPLogonNotify(). The function obtains logon data, including cleartext password.
[Wayback/Archive] PSBits/PasswordStealing/NPPSpy at master · gtworek/PSBits has been used in the wild since about 2022 (the code is from 2020).
The code is a ~100 line C file resulting in a DLL exporting the NPGetCaps() and NPLogonNotify() functions.
Background/related:
Posted in .NET, Blue team, C, CommandLine, Development, Power User, PowerShell, PowerShell, Red team, Scripting, Security, Software Development, Windows Development | Tagged: NPPSPY | 1 Comment »
Posted by jpluimers on 2024/12/05
For my link archive as this is environment variable override trick to override DLL loading is not just limited to executables shipping with Windows, but also with other products (likely: virus scanners that run privileged); another alternative is running a local process serving the WebDAV protocol.
Posted in Development, Power User, Security, Software Development, Windows, Windows 10, Windows 11, Windows Development | Tagged: DEFCON30 | Leave a Comment »
Posted by jpluimers on 2024/12/04
Interesting for both red teams and blue teams: [Wayback/Archive] Hijack Libs
This project provides an curated list of DLL Hijacking candidates. A mapping between DLLs and vulnerable executables is kept and can be searched via this website. Additionally, further metadata such as resources provide more context.
Posted in Blue team, Development, Power User, Red team, Security, Software Development, Windows Development | Leave a Comment »
Posted by jpluimers on 2024/12/02
Posted in Power User, Security | Leave a Comment »
Posted by jpluimers on 2024/11/19
I while ago, I bumped into [Wayback/Archive] crt.sh | Certificate Search that allows searching for (the history of) TLS certificates.
One example of what it returns is [Wayback/Archive] crt.sh | wiert.me (for my blog domain and subdomains).
The basic mechanism of crt.sh is to query various Certificate Transparency logs and Certificate revocation list, terms I vaguely knew, but never fully realised the vast usefulness of (including questions like [Wayback/Archive] How does crt.sh becomes aware of certificates that are in no CT logs?).
The cool thing is that most (everything?) of it is open source in the various repositories at [Wayback/Archive] Github: crt.sh.
There is also an advanced search page [Wayback/Archive] crt.sh | Certificate Search (a=1) with many more options (including linting) I really want to try later plus a bunch of background links (including the support forum at) of which some *.crt.sh returned a http 502 while writing this blog post. Will try later to see if they have started working again:
Posted in Communications Development, Development, Encryption, HTTPS/TLS security, Internet protocol suite, Power User, Security, TCP, TLS | Leave a Comment »
The Wiert Corner - irregular stream of stuff 