Startup folder Copy payload to startup folder SharpPersist Registry keys Query and set reg key Can use HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run or HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce Cleanup reg delete “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run” /v MSUpdate /f Launch programs or set folder items SharpPersist Scheduled task Create, Query and run task Create task the user session is idle for…
MITRE ATT&CK
Explore our comprehensive article on MITRE ATT&CK, a knowledge base for cyber threat behaviors. Uncover insights, uses, and how it improves cyber defense tactics.
1. AVET – Anti Virus Evasion Tool Post-process exploits containing executable files targeted for Windows machines to avoid being recognized by antivirus software. 2. CarbonCopy Tool that creates a spoofed certificate of any online website and signs an Executable for AV evasion. 3. Hyperion Runtime…
Find existing local admin access for the current user: Hunt for sessions of interesting users on machines where you have access: Search for kerberoastable users: Search for AS-REP roastable users: Look for interesting ACLs within the domain, filtering on a specific user or group you…
A comprehensive guide to understanding the bypass AMSI feature to skirting Microsoft’s built-in antimalware scan interface. Get an in-depth look at what the feature is and how it’s used to prevent malware from executing through scripting languages, allowing for a more secure experience. Learn the…
Port forwarding using Netsh is a simple process that allows you to remotely access a computer or network from another device. With a few simple commands, you can route traffic from one application to another, and even control how data is sent over the network….
This article provides a detailed overview of Pass-the-Hash (PtH), an exploitation technique used in cybersecurity attacks. Learn how PtH works, its implications for authentication security, and strategies to mitigate the risks. In the realm of cybersecurity, Pass-the-Hash (PtH) has emerged as a potent technique employed…
Learn about Pass-the-Ticket (PtT) attacks, a sophisticated method used by cybercriminals to compromise network security. Discover how PtT attacks exploit Kerberos authentication in Active Directory environments, enabling unauthorized access and lateral movement. Understand the mechanisms, detection techniques, and preventive measures against PtT attacks. Pass-the-Ticket (PtT)…
External Reconnaissance – As technology continues to evolve, so do cyber threats, making cybersecurity an essential aspect of any modern organization. Ethical hacking, or hacking with a lawful and legitimate purpose, has become an integral part of ensuring the safety and security of an organization’s…
Learn about the dcsync attack and its potential impact on network security. This comprehensive guide explores the attack’s intricacies, detection mechanisms, and preventive measures to safeguard your organization’s sensitive information from cyber threats. In today’s digital landscape, where cybersecurity threats continue to evolve and new…