Articles

• Digging for secrets on corporate shares

  Apr 3, 2023
  Sometimes during red team engagements there is no obvious path to escalate and the only way to move forward is to perform an evaluation of the filesystem and network shares. This article discusses how to perform such evaluation efficiently to find the needles in the haystack.

  Read More »

• Dealing with large BloodHound datasets

  Jun 27, 2022
  Article discussing some of the challenges I faced importing large datasets into BloodHound including some scripts to overcome these challenges. Additionally some tricks are discussed on how to use Neo4j's Cypher language from PowerShell to get the right results quickly.

  Read More »

• Windows Security Updates for Hackers

  Nov 11, 2021
  Windows versions, releases and patch levels are a rather complex matter. This post brings structure in how Windows versioning and patching works and how to identify which vulnerabilities a Windows installation is vulnerable to.

  Read More »

• Spying on users using Remote Desktop Shadowing - Living off the Land

  Mar 26, 2021
  How to spy on users on remote computers making only use of Windows' built-in functionality? This post will explain the steps to (ab)use Windows' Remote Desktop feature to view a remote user's desktop using native Windows functionality without them noticing it.

  Read More »

• Extracting credentials from a remote Windows system - Living off the Land

  May 26, 2020
  How to obtain the credentials from a remote machine or Domain Controller making only use of Windows' built-in functionality? This post will go through the steps of using WMI and SMB in PowerShell from an attacker Windows machine to get hold of the remote files storing the credentials and subsequently extracting them.

  Read More »