Persistence - Visual Studio Code Extensions pentestlab.blog/2024/03/04/p...
It is not uncommon developers or users responsible to write code (i.e. detection engineers using Sigma) to utilize Visual Studio Code as their code editor. The default capability of the product can be...
Detection Rules Development Framework ipurple.team/2024/02/21/d...
Organizations who invest in detection engineering have an edge towards identification of threats. However, there is no industry standard to define the framework around the development of detection rul...
FormThief - a project designed for spoofing Windows desktop login applications using WinForms and WPF github.com/mlcsec/FormT...
Spoofing desktop login applications with WinForms and WPF - mlcsec/FormThief
Persistence - Windows Setup Script pentestlab.blog/2024/02/05/p...
When the Windows Operating system is installed via a clean installation or via an upgrade, the Windows Setup binary is executed. The Windows setup allows custom scripts to be executed such as the Setu...
DLL Shellcode self-injector/runner based on HWSyscalls, ideally thought to be executed with rundll32 github.com/florylsk/Exe...
Execute shellcode files with rundll32. Contribute to florylsk/ExecIT development by creating an account on GitHub.
Domain Escalation - Backup Operator pentestlab.blog/2024/01/22/d...
The Backup Operators is a Windows built-in group. Users which are part of this group have permissions to perform backup and restore operations. More specifically, these users have the SeBackupPrivileg...
Lateral Movement - Visual Studio DTE pentestlab.blog/2024/01/15/l...
A lot of organizations have some sort of application development program and it is highly likely that developers will utilize Visual Studio for their development needs. Outside of the risk of from mal...