Links to various sources for infosec knowledge

knowledge Links to various sources for infosec knowledge Privilege Escalation Windows Privilege Escalation via DLL Hijacking DLL hollowing @Hasherezade CVE-2019-1322 Basic Priv info Azure AD privilege escalation - Taking over default application permissions as Application Admin NTLM relay from one Exchange server to another Privilege Escalation Cheatsheet Hot Potato - Windows

Links to various sources for infosec knowledge

knowledge Links to various sources for infosec knowledge Privilege Escalation Windows Privilege Escalation via DLL Hijacking DLL hollowing @Hasherezade CVE-2019-1322 Basic Priv info Azure AD privilege escalation - Taking over default application permissions as Application Admin NTLM relay from one Exchange server to another Privilege Escalation Cheatsheet Hot Potato - Windows

CobaltStrike后渗透测试插件

Erebus CobaltStrike后渗透测试插件部分功能只适用于cobalt strike 4x 由于异步处理问题，某些功能可能会存在BUG 暂时未找到解决方法，如果大佬们有解决方案，欢迎联系我~ 更新日志 2020-07-31(V134) 添加fakelogonscreen命令添加SpaceRunner 此工具用于将任意PowerShell代码编译为C#程序，而无需通过使�

Privilege Escalation: Weaponizing CVE-2019-1405 and CVE-2019-1322

COMahawk Privilege Escalation: Weaponizing CVE-2019-1405 and CVE-2019-1322 Video Demo vimeocom/373051209 Usage Compile or Download from Release (githubcom/apt69/COMahawk/releases) Run COMahawkexe ??? Hopefully profit or COMahawkexe "custom command to run" (ie COMahawkexe "net user /add test123 lol123 &") ??? Hopefully profit

Windows提权工具 CVE-2019-1405 & CVE-2019-1322 k8gegeorg/p/19321html 漏洞介绍由NCC Group研究人员所发现的两个通过COM本地服务进行非法提权的漏洞。第一个漏洞CVE-2019-1405是COM服务中的一个逻辑错误，可让本地普通用户以LOCAL SERVICE身份执行任意命令。第二个漏洞CVE-2019-1322是一个简单的服�

Erebus CobaltStrike后渗透测试插件部分功能只适用于cobalt strike 4x 由于异步处理问题，某些功能可能会存在BUG 暂时未找到解决方法，如果大佬们有解决方案，欢迎联系我~ 更新日志 2021-10-28(V137) 添加collector defender信息 post模块添加BypasUAC功能更新日志 2021-06-07(V136) 移除post模块migrate功能

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

K8tools 2020628 声明: 工具仅供安全研究或授权渗透，非法用途后果自负。下载: githubcom/k8gege/K8tools 文档: k8gegeorg PS: 不定期更新,文件比较大，可按需下载。工具有BUG或建议可直接Github上留言提权工具均可在远控Cmd或WebShell运行，大部份经过修改编译兼容性稳定性更好注意�

Unclaimed victims: 1-gridcom Andersonautomotivecom Xerox Ticket Master Group Angelino Rockford School District HUDSON PROPERTIES GRANT & WEBER Koons Automotive SDIGC HOULE ELEC GROUPDOMAIN Perennials Fabrics Skecoplantcom Guardiaciviles Birkenstockcom BTC/BECH32 addresses: 1HtyXyCrshiJmLYNru7atpDMJrzG9mzwzf 1FWWRT88WjYbZp4NoRNEBgTGjRxhi2J9YM 15gjb8F5Zd8XR

windows-privilege-escalation Summary Tools Windows Version and Configuration User Enumeration Network Enumeration Antivirus & Detections Windows Defender Firewall AppLocker Enumeration Powershell Default Writeable Folders EoP - Looting for passwords SAM and SYSTEM files HiveNightmare Search for file contents Search for a file with a certain filename Search the regi

Relevant - Penetration Testing Challenge Bradley Lubow | rnbochsr, September 2022 My notes and solutions for the TryHackMecom's Relevant room Task 1 - Pre-Engagement Briefing You have been assigned to a client that wants a penetration test conducted on an environment due to be released to production in seven days Scope of Work The client requests that an engineer cond

Conti-Clear Extracted data & informations from the Conti & TrickBot leaks The beginning Well, Since Tob Trick started leaking Conti chats and conversations, most of people started translating them using translators like Deepl or Google Translate You can find the original + transalted chats of the Conti TrickBot Leaks here : conti-leaks-englished After tha

红方人员作战执行手册

红方人员实战手册声明 Author : By klion Date : 2020215 寄语 : 愿 2020 后面的每一天都能一切安好分享初衷一来, 旨在为 "攻击" / "防御"方提供更加全面实用的参考还是那句老闲话 "未知攻焉知防", 所有单纯去说 "攻" 或者 "防" 的都是耍流氓, 攻守兼备

红方人员作战执行手册

红方人员实战手册声明 Author : By klion Date : 2020215 寄语 : 愿 2020 后面的每一天都能一切安好分享初衷一来, 旨在为 "攻击" / "防御"方提供更加全面实用的参考还是那句老闲话 "未知攻焉知防", 所有单纯去说 "攻" 或者 "防" 的都是耍流氓, 攻守兼备

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享，作为笔记吧，欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合文章/书籍/教程相关说明请善用搜索[Ctrl+F]查找 IOT Device&Mobile

公开收集所用

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享，作为笔记吧，欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合文章/书籍/教程相关说明请善用搜索[Ctrl+F]查找 IOT Device&Mobile

2019年天融信阿尔法实验室在微信公众号发布的所有安全资讯汇总

欢迎关注天融信阿尔法实验室微信公众号 20191231 [技术] 使用IDA从零开始学逆向, Part27 mediumcom/p/5fa5c173547c 36C3 CTF Writeups bananamafiadev/post/36c3ctf/ 再探同形文字攻击 alephsecuritycom/2019/12/29/revised-homograph-attacks/ 对1个Dell SonicWALL虚拟办公室的登录界面进行Password Spraying攻击

渗透测试有关的POC、EXP、脚本、提权、小工具等，欢迎补充、完善---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享，作为笔记吧，欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合文章/书籍/教程相关说明请善用搜索[Ctrl+F]查找 IOT Device&Mobile

TOP all Top Top Top_Codeql TOP All bugbounty pentesting CVE-2022- POC Exp Things Table of Contents 2022 year top total 30 2021 year top total 30 2020 year top total 30 2019 year top total 30 2018 year top total 30 2017 year top total 30 2016 year top total 30 2015 year top total 30 2014 year top total 30 2013 year top total 30 2022 star name url des 961 CVE-2022-0847-

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享，作为笔记吧，欢迎补充。请注意所有工具是否有后门或者其他异常行为，建议均在虚拟环境操作。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone Web APP 提权辅助相关 PC tools-小工具集�

TOP all Top Top Top_Codeql TOP All bugbounty pentesting CVE-2022- POC Exp Things Table of Contents 2022 year top total 30 2021 year top total 30 2020 year top total 30 2019 year top total 30 2018 year top total 30 2017 year top total 30 2016 year top total 30 2015 year top total 30 2014 year top total 30 2013 year top total 30 2022 star name url des 975 CVE-2022-0847-

TOP all Top Top Top_Codeql TOP All bugbounty pentesting CVE-2022- POC Exp Things Table of Contents 2022 year top total 30 2021 year top total 30 2020 year top total 30 2019 year top total 30 2018 year top total 30 2017 year top total 30 2016 year top total 30 2015 year top total 30 2014 year top total 30 2013 year top total 30 2022 star name url des 988 CVE-2022-0847-

Table of Contents 2023 year top total 30 2022 year top total 30 2021 year top total 30 2020 year top total 30 2019 year top total 30 2018 year top total 30 2017 year top total 30 2016 year top total 30 2015 year top total 30 2014 year top total 30 2023 star updated_at name url des 304 2023-03-18T21:10:14Z Windows_LPE_AFD_CVE-2023-21768 githubcom/chompie1337/Wi

Table of Contents 2023 year top total 30 2022 year top total 30 2021 year top total 30 2020 year top total 30 2019 year top total 30 2018 year top total 30 2017 year top total 30 2016 year top total 30 2015 year top total 30 2014 year top total 30 2023 star updated_at name url des 323 2023-03-23T01:27:35Z Windows_LPE_AFD_CVE-2023-21768 githubcom/chompie1337/Wi

Table of Contents 2023 year top total 30 2022 year top total 30 2021 year top total 30 2020 year top total 30 2019 year top total 30 2018 year top total 30 2017 year top total 30 2016 year top total 30 2015 year top total 30 2014 year top total 30 2013 year top total 30 2012 year top total 30 2011 year top total 30 2010 year top total 30 2009 year top total 30 2008 year top to

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft windows server 2016 1803
microsoft windows server 2019 -
microsoft windows 10 1803
microsoft windows 10 1809
microsoft windows 10 1903
microsoft windows server 2016 1903

CVE-2019-1322

Vulnerability Summary

Most Upvoted Vulmon Research Post

Vulnerability Trend

Exploits

Mailing Lists

Metasploit Modules

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect