During a penetration test, once you get a local access to a target, you should start a local assessment of the machine in order to plan a correct tactic for privileges escalation and lateral movement.
During the #malware #analysis process is useful to know how a #keylogger works, so I want to share a brief #example, written in #Powershell – #DFIR #cybersecurity
How attackers can exploit Group Policy Preferences file in order to discover passwords?
And how SysAdmins can mitigate this vulnerability?
During the creation of a long article about lateral movement using WMI, i’ve collected a good number of techniques to remotely manipulate Windows Services using WMI and Powershell.
Application whitelisting is the practice of specifying an index of approved software applications that are permitted to be present and active on a computer system.