unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
Working your way Around an ACL
There's been plenty of recent discussion about Windows 11's Recall feature and how much of it is a...
2024-6-4 12:20:0 | 阅读: 10 |
收藏
|
Tyranid's Lair - www.tiraniddo.dev
windowsapps
sysappid
security
nttoken
packaged
Relaying Kerberos Authentication from DCOM OXID Resolving
Recently, there's been some good research into further exploiting DCOM authentication that I initia...
2024-4-30 09:8:0 | 阅读: 8 |
收藏
|
Tyranid's Lair - www.tiraniddo.dev
rpcss
oxid
machine
targetinfo
Issues Resolving Symbols on Windows 11 on ARM64
This is a short blog post about an issue I encountered during some development work on my OleViewDo...
2024-4-26 06:9:0 | 阅读: 3 |
收藏
|
Tyranid's Lair - www.tiraniddo.dev
dbghelp
library
combase
machine
dia
Sudo On Windows a Quick Rundown
BackgroundThe Windows Insider Preview build 26052 just shipped with a sudo command, I thought I'd j...
2024-2-9 17:10:0 | 阅读: 11 |
收藏
|
Tyranid's Lair - www.tiraniddo.dev
elevated
security
microsoft
powershell
privileged
Access Checking Active Directory
Like many Windows related technologies Active Directory uses a security descriptor and the access c...
2022-7-17 12:49:0 | 阅读: 30 |
收藏
|
www.tiraniddo.dev
security
modifiable
powershell
username
Finding Running RPC Server Information with NtObjectManager
When doing security research I regularly use my NtObjectManager PowerShell module to discover and c...
2022-6-27 05:56:0 | 阅读: 31 |
收藏
|
www.tiraniddo.dev
appinfo
mapper
rpcendpoint
rpcserver
lrpc
Exploiting RBCD Using a Normal User Account*
* Caveats apply.Resource Based Constrained Delegate (RBCD) privilege escalation, described by Elad...
2022-5-14 10:29:0 | 阅读: 102 |
收藏
|
www.tiraniddo.dev
s4u2self
s4u2proxy
win10test
s4u
cifs
Bypassing UAC in the most Complex Way Possible!
While it's not something I spend much time on, finding a new way to bypass UAC is always amusing. W...
2022-3-20 17:52:0 | 阅读: 57 |
收藏
|
www.tiraniddo.dev
kerb
bypass
restriction
machine
LowBox Token Permissive Learning Mode
I was recently asked about this topic and so I thought it'd make sense to put it into a public blog...
2021-9-7 06:53:0 | 阅读: 7 |
收藏
|
www.tiraniddo.dev
lowbox
powershell
windows
etl
How the Windows Firewall RPC Filter Works
I did promise that I'd put out a blog post on how the Windows RPC filter works. Now that I released...
2021-8-22 05:32:0 | 阅读: 17 |
收藏
|
www.tiraniddo.dev
fwpm
rawdata
layerfwpm
um
proxy
How to secure a Windows RPC Server, and how not to.
The PetitPotam technique is still fresh in people's minds. While it's not directly an exploit it's...
2021-8-15 02:4:0 | 阅读: 78 |
收藏
|
www.tiraniddo.dev
security
client
anonymous
authn
A Little More on the Task Scheduler's Service Account Usage
Recently I was playing around with a service which was running under a full virtual service account...
2021-6-12 05:42:0 | 阅读: 6 |
收藏
|
www.tiraniddo.dev
scm
privileges
The Much Misunderstood SeRelabelPrivilege
Based on my previous blog post I recently had a conversation with a friend and well-known Windows s...
2021-6-2 21:49:0 | 阅读: 10 |
收藏
|
www.tiraniddo.dev
privileges
mic
god
elevated
Dumping Stored Credentials with SeTrustedCredmanAccessPrivilege
I've been going through the various token privileges on Windows trying to find where they're used....
2021-5-21 07:3:0 | 阅读: 16 |
收藏
|
www.tiraniddo.dev
backup
winlogon
credwiz
genericread
Standard Activating Yourself to Greatness
This week @decoder_it and @splinter_code disclosed a new way of abusing DCOM/RPC NTLM relay attacks...
2021-4-27 23:45:0 | 阅读: 7 |
收藏
|
www.tiraniddo.dev
moniker
activation
hresult
istorage
Creating your own Virtual Service Accounts
Following on from the previous blog post, if you can't map arbitrary SIDs to names to make displayi...
2020-10-26 23:54:0 | 阅读: 7 |
收藏
|
www.tiraniddo.dev
nttoken
rid
username
Using LsaManageSidNameMapping to add a name to a SID.
I was digging into exactly how service SIDs are mapped back to a name when I came across the API Ls...
2020-10-24 23:23:0 | 阅读: 16 |
收藏
|
www.tiraniddo.dev
mappings
msdn
sids
lsasrv
Generating NDR Type Serializers for C#
As part of updating NtApiDotNet to v1.1.28 I added support for Kerberos authentication tokens. To s...
2020-7-1 21:32:0 | 阅读: 19 |
收藏
|
www.tiraniddo.dev
ndr
midl
idl
serializers
OBJ_DONT_REPARSE is (mostly) Useless.
Continuing a theme from the last blog post, I think it's great that the two additional OBJECT_ATTRI...
2020-5-23 10:21:0 | 阅读: 8 |
收藏
|
www.tiraniddo.dev
reparse
encountered
symbolic
ntfile
windows
Silent Exploit Mitigations for the 1%
With the accelerated release schedule of Windows 10 it's common for new features to be regularly in...
2020-5-22 23:59:0 | 阅读: 7 |
收藏
|
www.tiraniddo.dev
windows
microsoft
ntloadkey3
ntloadkeyex
Previous
-237
-236
-235
-234
-233
-232
-231
-230
Next