All malicious tools try to hide their WinAPI calls: if the program code contains suspicious functions, its execution can be blocked. There are very few documented ways to obfuscate WinAPI calls, but I would like to share with you some promising ideas…
CONTINUE READING 🡒 Author: MichelleVermishelle
You won’t escape! Hijacking user sessions in Windows
How often do you encounter a much-desired domain admin session on an outdated Windows 7 workstation? In the hands of a hacker pentester, this admin account is a ‘master key’ that can unlock the entire network. But imagine that an evil antivirus prevents you…
CONTINUE READING 🡒 Hijacking COM. Abusing COM classes to hijack user sessions
As you are likely aware, Windows assigns a unique session to each user logging into the system. And if somebody logs into an already hacked device, you can hijack that person’s session. This article discusses a promising privilege escalation technique: the attacker steals users’…
CONTINUE READING 🡒 Flaying three-headed sheep. How to dump Kerberos tickets in C++
Kerberos offers plenty of user authentication features. Its main ‘bricks’ are tickets; in the course of penetration testing, the attacker dumps such tickets from the LSASS process memory at least once. Today, I will explain how this operation can be performed without sophisticated hacker…
CONTINUE READING 🡒 Goodbye Mimikatz! Inject tickets with your own hands
To implement a number of pass-the-ticket attacks, you have to inject a Kerberos ticket into the compromised system. Such tools as Mimikatz, Impacket, or Rubeus can be used for this purpose, but they are easily detected by antiviruses, thus, making this approach ineffective. In this…
CONTINUE READING 🡒 Privileger: Now you’re in control of privileges in Windows
In Windows, privileges play a key role: only the admin has the authority to grant special rights to users so that they can perform their tasks. This article discusses a software tool called Privileger: it enables you to search the system for accounts with certain…
CONTINUE READING 🡒 Insecurity provider. How Windows leaks user passwords
In Windows, most security mechanisms are based on user account passwords. Today, you will learn several techniques making it possible to intercept a password at the time of user authentication and write code that automates this process.
CONTINUE READING 🡒