mostlyinformed – WindowsTechs.com

Where you can run shellcode inside an ordinary process, how can you (quietly) "upgrade" to get offensive Powershell code running from it?

Posted on December 16, 2016 by mostlyinformed

Let’s say you are working on a project where you are able to execute shellcode (with no size limit or character restrictions) inside a certain process on a Windows machine. You want to leverage that to setup a Powershell exec… Continue reading Where you can run shellcode inside an ordinary process, how can you (quietly) "upgrade" to get offensive Powershell code running from it?→

Can an intruder still possibly succeed with pass-the-hash or pass-the-ticket on Windows 10 / Server 2016 networks where Credential Guard is enabled?

Posted on November 3, 2016 by mostlyinformed

In sum: Does Credential Guard make passing-the-hash and passing-the-ticket attacks effectively unavailable on networks of Windows 10 / Windows Server 2016 machines? If not, how do you still acquire hashes or tickets to pass?… Continue reading Can an intruder still possibly succeed with pass-the-hash or pass-the-ticket on Windows 10 / Server 2016 networks where Credential Guard is enabled?→

Password guessing: Is it more effective to try many passwords against a few accounts or a few (very common) passwords against many accounts?

Posted on December 7, 2015 by mostlyinformed

I was watching a security vid on Irongeek the other day (I immediately lost track of which specific vid, unfortunately) where the creator gave some interesting advice about doing live password guessing against a remote machin… Continue reading Password guessing: Is it more effective to try many passwords against a few accounts or a few (very common) passwords against many accounts?→

Password guessing: Is it more effective to try many passwords against a few accounts or a few (very common) passwords against many accounts?

Posted on December 7, 2015 by mostlyinformed

Can you force your PC or device to use only DNSSec-verified lookup results?

Posted on November 28, 2015 by mostlyinformed

Okay, I’ll admit something first-off: I don’t really understand some of the practical aspects of how DNSSec protections work very well.(Even after reading resources like this.)

Well, I certainly understand why anti-spoofing … Continue reading Can you force your PC or device to use only DNSSec-verified lookup results?→

How Do Rootkits & Other Low-Level Malware Still Manage to Load on Systems Protected by Secure Boot (and TB/MB)?

Posted on October 13, 2015 by mostlyinformed

Let me try asking my question this way…

Let’s say that I’m a offensive cyber Bad Guy working for a foreign state-sponsored Advanced Persistent Threat unit. My unit is charged with, say, stealing high-value intellectual pro… Continue reading How Do Rootkits & Other Low-Level Malware Still Manage to Load on Systems Protected by Secure Boot (and TB/MB)?→

If A Password Is Unique, Does It Really Matter How "Strong" It Is?

Posted on October 4, 2015 by mostlyinformed

People seemed to find this “If a Password is Super-Strong Does it Matter if It’s Unique” question very interesting, but it actually reminded me that the converse question is interesting, too: If you use a genuinely unique pas… Continue reading If A Password Is Unique, Does It Really Matter How "Strong" It Is?→

Why Can’t Google Just Switch to Pushing Android Security Updates Directly to Users?

Posted on October 4, 2015 by mostlyinformed

Okay, I’ll just begin with the question and then elaborate a bit below. It is:

Why has the world’s dominant maker of non-Apple smartphone operating systems, Google, still not adopted a straight-to-the-user model of distributing security u… Continue reading Why Can’t Google Just Switch to Pushing Android Security Updates Directly to Users?→