This blog post will cover what these assemblies are and how to use them.
The main impetus behind this post was me experimenting with ways to leverage TikiSpawn with some of the popular lolbins.
In my previous post, I described how one could leverage CVE-2019-0841 to backdoor the LAPS
AdmPwd.dll for EoP to
NT AUTHORITY\SYSTEM. The obvious question is that if a machine is not using LAPS, what can you do…? Well Rich Warren provided one solution, by using the Windows Diagnostics Hub Standard Collector Service.
I recently created the EWSToolkit off the back of an assessment for Exchange Client Access Services. I realise I committed it with basically no explanation, so this blog post will serve as a quick introduction and a look at perhaps one of its more interesting features.
Before we can really dive into modifying GPOs, we need to try and understand some of the intricacies of how they’re updated normally in GPMC and AD. Because believe me, it aint as simple as it appears.
Group Policy Objects (GPOs) is a subject I’ve wanted to write about for a long time and I’m happy to have finally started.
As 2018 rapidly comes to an end, I thought I’d close out the year by clearing up some confusions over this AmsiScanBuffer bypass and why it appears to fail under some circumstances.