Thanks to the teachers on the road of growth
Hashcat Blasting Method Hashcat Blasting Method
IntroductionHashcat claims to be the world's fastest password recovery tool. It had a proprietary code base until 20
2021-09-04 Tips
Hashcat
ADCS&DomainGoldenCertificate ADCS&DomainGoldenCertificate
Some of the wordsMost of the time domain set branch of CA and AD authentication system, using the CA certificate issued
2021-09-02 Learning record
Redteam Domain Environment Golden Certificate PTT
ADCS&ESC2-7Attack ADCS&ESC2-7Attack
前言关于最基本的一些知识点、ESC1、ESC8的攻击方式,请看我先前写的文章 https://yangsirrr.github.io/2021/08/16/adcs-esc1-es
2021-09-01 Learning record
Redteam Domain Environment PTT DPE ADCS ESC2 ESC3 ESC4 ESC5 ESC6 ESC7
Discovery of multiple logic vulnerabilities in a project Discovery of multiple logic vulnerabilities in a project
Some of the wordsAll cases are authorized legal compliance projects. Do not carry out any penetration attacks without au
2021-08-29 Actual combat record
Logical Vulnerability Discovery Vulnerability
How to download remote target file How to download remote target file
Some of the wordsPlease be sure to obey the law. Don't download what you shouldn't download, watch what you shouldn't re
2021-08-29 Tips
Bypass Download file
A few command exec bypass tips A few command exec bypass tips
Some of the wordsWhen executing commands against Linux targets, I found that some commands were somewhat limited, so I r
2021-08-29 Tips
Redteam Command execution Bypass
CVE-2021-1675 Windows Privilege Promotion CVE-2021-1675 Windows Privilege Promotion
IntroductionThis vulnerability level belongs to one of the powerful tools for domain opening slightly inferior to zerolo
2021-08-20 Learning record
Redteam Windows Privilege Promotion LPE CVE-2021-1675 Mimikatz RCE
CVE-2021-36934 Windows Privilege Promotion CVE-2021-36934 Windows Privilege Promotion
IntroductionA privilege promotion vulnerability exists because access control lists (ACLs) are too loose on multiple sys
2021-08-17 Learning record
Redteam Windows Privilege Promotion LPE Mimikatz CVE-2021-36934
Sqlserver focus command Sqlserver focus command
Record a tips, maybe somebody&RT can use The other day ON the T00ls forum, I saw a tool released by a black product
2021-08-16 Tips
Redteam Command execution Information collection Sqlserver Database
ADCS&ESC1&ESC8攻击方式 ADCS&ESC1&ESC8攻击方式
内容太多了,实在不想翻出来英文版本了,这回就中文冲了,凑合看即可 前言利用方式Certified Pre-Owned: Abusing Active Directory Certificate Services出自于black hat20
2021-08-16 Learning record
Redteam Domain Environment PTT DPE ADCS ESC1 ESC8
Powershell bypass tips Powershell bypass tips
Command EXECString Add the & &“hostname” IEX()、Invoke-Expression() command exec IEX("whoami") Invoke
2021-08-11 Learning record
Redteam Bypass RCE Powershell Cobaltstrike
Use IPC BypassUAC Use IPC BypassUAC
After the actual test, some environments can be successfulIn many scenarios, you do not have write permission to the sys
2021-08-08 Tips
Redteam Bypass UAC IPC
5 / 7