Penetration – Mahyar Notes

How to use Responder to capture NetNTLM and grab a shell

February 24, 2024 hack, Microsoft Related, Penetration Comments Off on How to use Responder to capture NetNTLM and grab a shell

Responder: The Ultimate Tool for Samba Server Hijack and NetNTLM Hash Theft In the vast arsenal of cybersecurity tools, Responder stands out for its unique capability to masquerade as a rogue Samba server, opening up avenues to pilfer NetNTLM hashes with finesse. Here’s a deep dive into harnessing this tool …

very simple modifications to a Meterpreter shellcode dropper can be sufficient to bypass modern EDRs

May 17, 2023 Forensics and Security, Malware Analysis, metasploit, Penetration Comments Off on very simple modifications to a Meterpreter shellcode dropper can be sufficient to bypass modern EDRs

Introduction When I talk about EDRs in this article, I mean a combination of endpoint protection (EPP) and endpoint detection and response (EDR). I also want to define the term “evasion” in the context of EDRs and malware. When I talk about the fact that it is or has been …

Inspect RDP traffic in Wireshark

May 5, 2023 Microsoft Related, Penetration, Powershell Comments Off on Inspect RDP traffic in Wireshark

Wireshark RDP resources Looking for a way to capture and inspect RDP traffic in Wireshark? You’ve come to the right place! SSLKEYLOGFILE Many applications, including browsers, support the SSLKEYLOGFILE environment variable with a path to a text file where TLS pre-master secrets are dumped. This format is supported by Wireshark …

Cobalt Strike Defense Guide – 2

September 9, 2022 Forensics and Security, Penetration Comments Off on Cobalt Strike Defense Guide – 2

In previous report on Cobalt Strike focused on the most frequently used capabilities that observed. In this report, we will focus on the network traffic it produced, and provide some easy wins defenders can be on the look out for to detect beaconing activity. We cover topics such as domain fronting, …

How To Attack Kerberos

November 8, 2021 Forensics and Security, Microsoft Related, Penetration Comments Off on How To Attack Kerberos

Kerberos Fundamentals Kerberos is a network authentication protocol that works on the principle of issuing tickets to nodes to allow access to services/resources based on privilege level. Kerberos is widely used throughout Active Directory and sometimes Linux but truthfully mainly Active Directory environments. TLDR: https://www.roguelynn.com/words/explain-like-im-5-kerberos/ I am aiming to approaching …

Utilizing a Common Windows Binary to Escalate to System Privileges

August 11, 2021 hack, Microsoft Related, Penetration Comments Off on Utilizing a Common Windows Binary to Escalate to System Privileges

Windows pwnage courtesy of trusted Windows binaries Introduction If you’ve ever tried to run a command prompt as administrator on your Windows OS before, you’ve seen a harmless popup appear. This is Windows User Account Control, or UAC. According to Microsoft, UAC “is a fundamental component of Microsoft’s overall security …

Deep-dive into Windows Active Directory for Penetesters !

June 2, 2021 Forensics and Security, Penetration 1

Why this post? The purpose of this guide is to view Active Directory from an attacker perspective. I will try to review different aspects of Active Directory and those terms that every pentester should control in order to understand the attacks that can be performed in a Active Directory network. …

Mahyar Notes Education is the most powerful weapon which you can use to change the world.

Tag Archives: Penetration