Home
Crypt0ace
Cancel

AD Pwnage: Ninja Hackers Academy Part 4

Introduction At this point, we have the domain. But we need to find any trust relationships that this domain has and if any, we need to move to that domain. Enumerating Trusts We can check the tru...

AD Pwnage: Ninja Hackers Academy Part 3

Introduction In the previous one, we pivoted from one machine to another using the GenericAll privileges over a container and then using RBCD to successfully generate a ticket that gave us the keys...

AD Pwnage: Ninja Hackers Academy Part 2

Introduction In the previous one, we went from a scope of subnet to initial access using an SQL injection and also escalated our privileges to SYSTEM to get more access. This time, we are going to ...

AD Pwnage: Ninja Hackers Academy Part 1

Introduction In these series of posts we are going to look into an AD lab called Ninja Hackers Academy (NHA) which can be found here. This is part of some great Active Directory labs from OrangeCyb...

Using D/Invoke for Offensive Tool Development in C#

Introduction: In this post we are going to have a look into the D/Invoke project by TheWover. He also wrote a really good blog post which you can read here where he demonstrates in detail how the w...

Staying Under the Radar - Part 3 - Unhooking DLLs

Introduction In this post we will look into how we can manually unhook DLLs that are attached by the EDRs. We can do this by swiping out the hooked version of ntdll.dll, the DLL to which all the fu...

Staying Under the Radar - Part 2 - Hiding IAT using Delegates

Introduction In this post we are going to loo kat another technique we can use in C# that can help us keep our imports hidden and the Import Address Table (IAT) clean. This is done by the use of de...

Staying Under the Radar - Part 1 - PPID Spoofing and Blocking DLLs

Introduction In this post we are going to look at two “features” (lol) that Microsoft provided which can allow us to spoof our parent process ID and also block third party DLLs that are not Microso...

Shellcode Injection in C# - Part 3 - QueueUserAPC | EarlyBird

Introduction In this post we are going to look at another method for shellcode execution. THis involves using the API call QueueUserAPC. Like previous Process Hollowing, in this we are going to ope...

Shellcode Injection in C# - Part 2 - Process Hollowing

Introduction This post is part 2 of shellcode injection techniques. You can read part 1 here. In this one, we will look into Process Hollowing in C#. Process Hollowing Process Hollowing is a techn...