Collaborate Disseminate
I need to temporarily disable McAfee Endpoint Security on an enterprise workstation after having obtained local administrative privileges. The McAfee Endpoint Security settings are protected by a password.
I’ve tried to stop… Continue reading How to (temporarily) disable McAfee Endpoint Security on an enterprise workstation?
Disabling RC4 HMAC encryption in Windows Active Directory prevents current Kerberos attacks?
I understand that RC4 HMAC encryption is dangerous in Windows Active Directory, since it relies on the user’s NT hash as the en… Continue reading Disabling RC4 HMAC encryption in Windows Active Directory prevents current Kerberos attacks?
How do VPN providers prevent getting blocked using e.g. Cloudflare, like it is the case for Tor exit-nodes?
Anyone using Tor to the browse the Internet have experienced that their connection is blocked by Cloudflare or s… Continue reading How do VPN providers prevent getting blocked using e.g. Cloudflare, like it is the case for Tor exit-nodes?
Why doesn’t DLL injection works on Windows 10 for native Windows binaries (e.g. calc.exe)?
I’ve been playing around with DLL injection by reading some old articles to that use, e.g., calc.exe to inject into.
However, on… Continue reading Why doesn’t DLL injection works on Windows 10 for native Windows binaries (e.g. calc.exe)?
How do exploit developers counter control-flow integrity (CFI) used to prevent ROP-based buffer overflow attacks?
Originally, return-oriented programming (ROP) was invented to counter the no-execute (NX) protection of th… Continue reading How do exploit developers counter control-flow integrity (CFI) used to prevent ROP-based buffer overflow attacks?
I’m studying how pass-the-ticket works using Mimikatz, i.e., forged Silver and Golden Kerberos tickets.
The command usually takes the form (Golden tickets):
kerberos::golden /sid:SID /domain:DOMAIN /rc4:RC4 /user:USER /id:ID /ptt
The c… Continue reading Mimikatz /rc4 argument for pass-the-ticket?
I can determine a single public IP address from within the organization (using NAT) by sending a HTTP request to one of the publically available services:
curl ipinfo.io/ip
However, if my request always takes the same rout… Continue reading How to determine all public IP adresses from within an organization?
I want to spoof all DNS requests with the IP address of my local machine.
However, running dnsspoof, all clients receive the real IP address and not the fake IP address of my host.
I know I can run dnsspoof using the -f o… Continue reading dnsspoof doesn’t spoof DNS request with IP-address of local machine
After a lot of frustration, I’ve finally cracked my local Windows 10 password using mimikatz to extract the proper NTLM hash.
In particular, samdump2 decrypted the SAM hive into a list of users with "blank" passwords:
samdump2 sy… Continue reading Decrypting SAM hive after Windows 10 anniversary update?
I’ve updated Kali 2.0 to newest version – it is installed using VMWare.
Now, every time I use hydra to brute-force SSH, I get the following error:
[ERROR] target ssh://192.168.16.128:22/ does not support password authentica… Continue reading Hydra fails with "[ERROR] target ssh://192.168.16.128:22/ does not support password authentication."?