This is a short post on how to use stageless HTTP Grunt’s in Covenant + some staged vs stageless thoughts from my side.| s3cur3th1ssh1t.github.io
This blog is an introduction for my newly released post exploitation / privilege escalation tool SharpImpersonation. The code base makes heavy use of Tokenva...| s3cur3th1ssh1t.github.io
This post is about common misconfigurations and attack szenarios that enable an attacker to access separated networks with critical systems or sensitive data...| s3cur3th1ssh1t.github.io
This post will cover a little project I did last week and is about Named pipe Impersonation in combination with Pass-the-Hash (PTH) to execute binaries as an...| s3cur3th1ssh1t.github.io
Last year I had the idea for a new approach to block EDR DLLs from loading into a newly spawned process. After several months this idea lead to a PoC, which ...| s3cur3th1ssh1t.github.io
Some days ago I woke up in the middle of the night - thinking about the Advapi32.dll/SystemFunction032 function. Really? Yes. Strange, this InfoSec folks. Th...| s3cur3th1ssh1t.github.io
In this blog post, the main difference between signature-based and behavior-based Detections are explained. In addition, examples are shown with respective D...| s3cur3th1ssh1t.github.io
This post will explain my trials&fails and road to success for building scripts to dump LSASS from memory. It’s nothing new, existing tools, existing tec...| s3cur3th1ssh1t.github.io
In the last years my team at r-tec was confronted with many different company environments, in which we had to search for vulnerabilities and misconfiguratio...| s3cur3th1ssh1t.github.io
In the last months I was often asked about potential errors using PowerSharpPack or other PS1-scripts loading .NET assemblies via [System.Reflection.Assembly...| s3cur3th1ssh1t.github.io