Also Node.js has been used to perform a Living off the Land (LotL) attack

Researchers from Cisco Talos recently discovered a new malware loader being used to deliver and infect systems using NodeJS as well as the legitimate open-source utility WinDivert.

Continue reading “Also Node.js has been used to perform a Living off the Land (LotL) attack”

Windows information gathering using Powershell: a brief cheatsheet

During a penetration test, once you get a local access to a target, you should start a local assessment of the machine in order to plan a correct tactic for privileges escalation and lateral movement.

Continue reading “Windows information gathering using Powershell: a brief cheatsheet”

How a keylogger works: a simple Powershell example

Some months ago i’ve written a post about keyloggers (because “during a malware analysis process is useful to know how a keylogger works”), where I’ve shared a simple Windows keylogger written in Python.

Continue reading “How a keylogger works: a simple Powershell example”

Abusing Group Policy Preference files for password discovery

How attackers can exploit Group Policy Preferences file in order to discover passwords?
And how SysAdmins can mitigate this vulnerability?
Continue reading “Abusing Group Policy Preference files for password discovery”

Create and manage Windows Services using PowerShell and WMI

During the creation of a long article about lateral movement using WMI, i’ve collected a good number of techniques to remotely manipulate Windows Services using WMI and Powershell.

Continue reading “Create and manage Windows Services using PowerShell and WMI”