|
You are here |
perl-users.jp | ||
| | | | |
adsecurity.org
|
|
| | | | | [AI summary] This technical article details essential security features in PowerShell version 5, including script block logging, system-wide transcripts, constrained mode, and Antimalware Scan Interface (AMSI) integration to defend against enterprise attacks. | |
| | | | |
blog.cyber5w.com
|
|
| | | | | Analysis of some famous JS obfuscation techniques | |
| | | | |
www.darkoperator.com
|
|
| | | | | [AI summary] The provided text discusses various methods to secure PowerShell environments against potential threats, focusing on monitoring, logging, and policy enforcement. It outlines the use of Group Policy to enable module logging, which helps track PowerShell cmdlet activities. The text also covers the use of Software Restriction Policies (SRP) and AppLocker for controlling application execution. Additionally, it mentions the PowerShell v3 feature __PSLockdownPolicy as a tool for restricting PowerShell functionalities. The author emphasizes the importance of planning and testing these security measures in a controlled environment to ensure effectiveness. | |
| | | | |
0xdf.gitlab.io
|
|
| | | I loved Sizzle. It was just a really tough box that reinforced Windows concepts that I hear about from pentesters in the real world. I'll start with some SMB access, use a .scf file to capture a users NetNTLM hash, and crack it to get creds. From there I can create a certificate for the user and then authenticate over WinRM. I'll Kerberoast to get a second user, who is able to run the DCSync attack, leading to an admin shell. I'll have two beyond root sections, the first to show two unintended paths, and the second to exploit NTLM authentication over HTTP, and how Burp breaks it. | ||