Posted by jpluimers on 2024/12/16
For my link archive: [Wayback/Archive] Evade Windows Defender Mimikatz detection by patching the amsi.dll | by Nol White Hat | Jul, 2022 | System Weakness
Via: [Wayback/Archive] rootsecdev on Twitter: ““Evade Windows Defender Mimikatz detection by patching the amsi.dll” by Nol White Hat”
–jeroen
Posted in Blue team, Pen Testing, Power User, Red team, Security | Leave a Comment »
Posted by jpluimers on 2024/12/12
Simple (but fully working) code for
NPLogonNotify(). The function obtains logon data, including cleartext password.
[Wayback/Archive] PSBits/PasswordStealing/NPPSpy at master · gtworek/PSBits has been used in the wild since about 2022 (the code is from 2020).
The code is a ~100 line C file resulting in a DLL exporting the NPGetCaps() and NPLogonNotify() functions.
Background/related:
Posted in .NET, Blue team, C, CommandLine, Development, Power User, PowerShell, PowerShell, Red team, Scripting, Security, Software Development, Windows Development | Tagged: NPPSPY | 1 Comment »
Posted by jpluimers on 2024/12/04
Interesting for both red teams and blue teams: [Wayback/Archive] Hijack Libs
This project provides an curated list of DLL Hijacking candidates. A mapping between DLLs and vulnerable executables is kept and can be searched via this website. Additionally, further metadata such as resources provide more context.
Posted in Blue team, Development, Power User, Red team, Security, Software Development, Windows Development | Leave a Comment »
Posted by jpluimers on 2024/08/01
Remember to adapt what you pack and tailor it for each red team training event as the blue team should expect the unexpected. Believable pretext is key.
[Wayback/Archive] jilles.com 🔜 MCH2022 🏳️🌈🏳️⚧️ on Twitter: “Need to pack enough breaking and entering stuff to pull a good show during the RedTeam training but not too much to get arrested on my way to work. Then again, I might pull it off when I put YMCA on in a loop, in case I get pulled over. “
[Wayback/Archive] jilles.com 🔜 MCH2022 🏳️🌈🏳️⚧️ on Twitter: “This will do for now ;-)”
Posted in Blue team, Power User, Red team, Security, Uncategorized | Leave a Comment »
Posted by jpluimers on 2023/06/08
Many organisations train their personell with phishing attempts from domains that are different from the one the organisation uses.
The mantra is: only respond to emails (or clicking links in them) from domains you know.
Microsoft sent (still sends?) account expiration emails for various *.microsoft.com, *.visualstudio.com and other Microsoft domains like this:
[Wayback/Archive] 232840055-2ccfdb9b-2a13-4a34-92f5-f27f337825f8.png (766×653) email from
Microsoft account team <account-security-noreply@mail.msa.msidentity.com>
Posted in Pen Testing, Phishing, Power User, Red team, Security | Leave a Comment »
Posted by jpluimers on 2022/08/30
For my link archive: [Wayback/Archive] Making SMB Accessible with NTLMquic – TrustedSec
Via [Wayback/Archive] Florian Hansemann on Twitter: “”Making SMB Accessible with NTLMquic” #pentest #redteam #infosec”
Related: Read the rest of this entry »
Posted in Development, Power User, Red team, Security, Software Development, Windows, Windows Development | Leave a Comment »
The Wiert Corner - irregular stream of stuff 