unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
Relaying Kerberos Authentication from DCOM OXID Resolving
Recently, there's been some good research into further exploiting DCOM authentication that I initia...
2024-4-30 09:8:0 | 阅读: 7 |
收藏
|
Tyranid's Lair - www.tiraniddo.dev
rpcss
oxid
machine
targetinfo
Issues Resolving Symbols on Windows 11 on ARM64
This is a short blog post about an issue I encountered during some development work on my OleViewDo...
2024-4-26 06:9:0 | 阅读: 2 |
收藏
|
Tyranid's Lair - www.tiraniddo.dev
dbghelp
library
combase
machine
dia
Sudo On Windows a Quick Rundown
BackgroundThe Windows Insider Preview build 26052 just shipped with a sudo command, I thought I'd j...
2024-2-9 17:10:0 | 阅读: 9 |
收藏
|
Tyranid's Lair - www.tiraniddo.dev
elevated
security
microsoft
powershell
privileged
Access Checking Active Directory
Like many Windows related technologies Active Directory uses a security descriptor and the access c...
2022-7-17 12:49:0 | 阅读: 30 |
收藏
|
www.tiraniddo.dev
security
modifiable
powershell
username
Finding Running RPC Server Information with NtObjectManager
When doing security research I regularly use my NtObjectManager PowerShell module to discover and c...
2022-6-27 05:56:0 | 阅读: 31 |
收藏
|
www.tiraniddo.dev
appinfo
mapper
rpcendpoint
rpcserver
lrpc
Exploiting RBCD Using a Normal User Account*
* Caveats apply.Resource Based Constrained Delegate (RBCD) privilege escalation, described by Elad...
2022-5-14 10:29:0 | 阅读: 101 |
收藏
|
www.tiraniddo.dev
s4u2self
s4u2proxy
win10test
s4u
cifs
Bypassing UAC in the most Complex Way Possible!
While it's not something I spend much time on, finding a new way to bypass UAC is always amusing. W...
2022-3-20 17:52:0 | 阅读: 57 |
收藏
|
www.tiraniddo.dev
kerb
bypass
restriction
machine
LowBox Token Permissive Learning Mode
I was recently asked about this topic and so I thought it'd make sense to put it into a public blog...
2021-9-7 06:53:0 | 阅读: 7 |
收藏
|
www.tiraniddo.dev
lowbox
powershell
windows
etl
How the Windows Firewall RPC Filter Works
I did promise that I'd put out a blog post on how the Windows RPC filter works. Now that I released...
2021-8-22 05:32:0 | 阅读: 16 |
收藏
|
www.tiraniddo.dev
fwpm
rawdata
layerfwpm
um
proxy
How to secure a Windows RPC Server, and how not to.
The PetitPotam technique is still fresh in people's minds. While it's not directly an exploit it's...
2021-8-15 02:4:0 | 阅读: 76 |
收藏
|
www.tiraniddo.dev
security
client
anonymous
authn
A Little More on the Task Scheduler's Service Account Usage
Recently I was playing around with a service which was running under a full virtual service account...
2021-6-12 05:42:0 | 阅读: 6 |
收藏
|
www.tiraniddo.dev
scm
privileges
The Much Misunderstood SeRelabelPrivilege
Based on my previous blog post I recently had a conversation with a friend and well-known Windows s...
2021-6-2 21:49:0 | 阅读: 10 |
收藏
|
www.tiraniddo.dev
privileges
mic
god
elevated
Dumping Stored Credentials with SeTrustedCredmanAccessPrivilege
I've been going through the various token privileges on Windows trying to find where they're used....
2021-5-21 07:3:0 | 阅读: 16 |
收藏
|
www.tiraniddo.dev
backup
winlogon
credwiz
genericread
Standard Activating Yourself to Greatness
This week @decoder_it and @splinter_code disclosed a new way of abusing DCOM/RPC NTLM relay attacks...
2021-4-27 23:45:0 | 阅读: 7 |
收藏
|
www.tiraniddo.dev
moniker
activation
hresult
istorage
Creating your own Virtual Service Accounts
Following on from the previous blog post, if you can't map arbitrary SIDs to names to make displayi...
2020-10-26 23:54:0 | 阅读: 7 |
收藏
|
www.tiraniddo.dev
nttoken
rid
username
Using LsaManageSidNameMapping to add a name to a SID.
I was digging into exactly how service SIDs are mapped back to a name when I came across the API Ls...
2020-10-24 23:23:0 | 阅读: 16 |
收藏
|
www.tiraniddo.dev
mappings
msdn
sids
lsasrv
Generating NDR Type Serializers for C#
As part of updating NtApiDotNet to v1.1.28 I added support for Kerberos authentication tokens. To s...
2020-7-1 21:32:0 | 阅读: 19 |
收藏
|
www.tiraniddo.dev
ndr
midl
idl
serializers
OBJ_DONT_REPARSE is (mostly) Useless.
Continuing a theme from the last blog post, I think it's great that the two additional OBJECT_ATTRI...
2020-5-23 10:21:0 | 阅读: 7 |
收藏
|
www.tiraniddo.dev
reparse
encountered
symbolic
ntfile
windows
Silent Exploit Mitigations for the 1%
With the accelerated release schedule of Windows 10 it's common for new features to be regularly in...
2020-5-22 23:59:0 | 阅读: 7 |
收藏
|
www.tiraniddo.dev
windows
microsoft
ntloadkey3
ntloadkeyex
Writing Windows File System Drivers is Hard.
A tweet by @jonasLyk reminded me of a bug I found in NTFS a few months back, which I've verified st...
2020-5-20 21:29:0 | 阅读: 6 |
收藏
|
www.tiraniddo.dev
inherit
inherited
network
security
windows
Previous
1
2
3
4
5
6
7
8
Next