daisy – Page 2 – WindowsTechs.com

Install burpsuite extension from cli [closed]

Posted on November 12, 2022 by daisy

I’m reading this document and trying to figure out how to install multiple plugin automatically.

How can I automate this step on a new computer?
Where does burpsuite store the plugin files?

Continue reading Install burpsuite extension from cli [closed]→

What would an android malware do with Direct Reply feature?

Posted on September 13, 2022 by daisy

I’m reading this article: https://research.nccgroup.com/2022/09/06/sharkbot-is-back-in-google-play/ and quote:

Besides this, the dropper has also removed the ‘Direct Reply’ feature, used to automatically reply to the received notification… Continue reading What would an android malware do with Direct Reply feature?→

EMET is deprecated, which DLL implements the ring3 mitigation?

Posted on August 15, 2022 by daisy

I’m reading this document: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/exploit-protection-reference?view=o365-worldwide
In older OS, EMET injects a DLL into the process. On latest Windows EMET is implemented b… Continue reading EMET is deprecated, which DLL implements the ring3 mitigation?→

Linux kernel changelog for security features [migrated]

Posted on July 14, 2022 by daisy

I want to know what security features is added or improved in each Linux kernel release, is there anything like "security change log"?
I couldn’t find it on the internet, the only thing I found is this: https://github.com/iovisor… Continue reading Linux kernel changelog for security features [migrated]→

Incomplete information in dcsync logs [migrated]

Posted on March 5, 2022 by daisy

I’ve enabled DS audits in domain controller group policy:

Then I perform dcsync attack with a normal user account, and check the logs in ELK:

Two logs were created and the DS-Replication-Get-Changes-All log is generated correctly, and no… Continue reading Incomplete information in dcsync logs [migrated]→

Can’t find the sample in this article

Posted on January 9, 2022 by daisy

I’m trying to find the DoubleFeature’s Rootkit sample in this article, quote

Resource 106, once decompressed, is a driver called hidsvc.sys

So I first downloaded the EQGRP_Lost_in_Translation repo and found the DLL containing the resourc… Continue reading Can’t find the sample in this article→

Kerberos golden ticket works with DNS only – access denied with IP address

Posted on October 6, 2021 by daisy

I’m playing with mimikatz kerberos::golden, e.g.,
kerberos::golden /domain:XXX /sid:XXX /user:XXX /aes256:XXX /endin:864000 /renewmax:10240 /ptt

Then I tried to access a domain joined machine, but I got access denied:
dir \\IP_address\C$
… Continue reading Kerberos golden ticket works with DNS only – access denied with IP address→

Remove sshd identification string [migrated]

Posted on September 28, 2021 by daisy

When I do nmap scan on SSH port I got
22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)

Is it possible to modify SSH identification string or hide it?

Continue reading Remove sshd identification string [migrated]→

Trying to reproduce petitpotam exploit, got "KDC_ERROR_CLIENT_NOT_TRUSTED (62)" error

Posted on September 4, 2021 by daisy

I’m following this article to reproduce the EFS bug: https://blog.truesec.com/2021/08/05/from-stranger-to-da-using-petitpotam-to-ntlm-relay-to-active-directory/
My environment:

Windows 2016 AD (Hostname: W2016$)
Windows 2016 SRV01 (Runnin… Continue reading Trying to reproduce petitpotam exploit, got "KDC_ERROR_CLIENT_NOT_TRUSTED (62)" error→

Dumping available XPC interface and methods [migrated]

Posted on November 18, 2020 by daisy

I’m reading this article, and it says:
The following functions are exposed over XPC to the caller:

@protocol _TtP4main21ForkLiftHelperProtcol_
– (void)changePermissions:(NSString *)arg1 permissions:(long long)arg2 reply:(void (^)(NSError … Continue reading Dumping available XPC interface and methods [migrated]→