Outer Web | Explore

Explore >> Select a destination

You are here		bohops.com Vshadow: Abusing the Volume Shadow Service for Evasion, Persistence, and Active Directory Database Extraction - bohops
\|	\|	ogmini.github.io David Cowen Sunday Funday Challenge - Browser Password Extraction Evidence (LaZagne) \| ogmini - Exploration of DFIR	4.6 parsecs away Travel
\|	\|	Messing around with Windows Defender just to download and execute LaZagne locally leaves artifacts behind related to exclusions. There are of course other more stealthy ways to run LaZagne by using RATs such as Pupy or Meterpreter/Metasploit. This post will list out the Registry Keys and Event Logs related to Windows Defender.	4.6 parsecs away Travel
\|	\|	www.cybereason.com THREAT ANALYSIS REPORT: Bumblebee Loader - The High Road to Enterprise Domain Control	2.6 parsecs away Travel
\|	\|	Cybereason GSOC observed distribution of the Bumblebee Loader and post-exploitation activities including privilege escalation, reconnaissance and credential theft. Bumblebee operators use the Cobalt Strike framework throughout the attack and abuse credentials for privilege escalation to access Active Directory, as well as abusing a domain administrator account to move laterally, create local user accounts and exfiltrate data...	2.6 parsecs away Travel
\|	\|	scriptjunkie.us Authenticated Remote Code Execution Methods in Windows « Thoughts on Security	3.7 parsecs away Travel
\|	\|	[AI summary] The post details eight specific Windows features and services, such as SCM and Task Scheduler, that can be exploited to perform authenticated remote code execution on networked systems.	3.7 parsecs away Travel
\|	\|	blog.cyber5w.com CyberGate Technical Analysis	21.1 parsecs away Travel
\|		Analysis of CyberGate RAT	21.1 parsecs away Travel