Researchers from Cisco Talos recently discovered a new malware loader being used to deliver and infect systems using NodeJS as well as the legitimate open-source utility WinDivert.Continue reading “Also Node.js has been used to perform a Living off the Land (LotL) attack”
During a penetration test, once you get a local access to a target, you should start a local assessment of the machine in order to plan a correct tactic for privileges escalation and lateral movement.Continue reading “Windows information gathering using Powershell: a brief cheatsheet”
Some months ago i’ve written a post about keyloggers (because “during a malware analysis process is useful to know how a keylogger works”), where I’ve shared a simple Windows keylogger written in Python.Continue reading “How a keylogger works: a simple Powershell example”
How attackers can exploit Group Policy Preferences file in order to discover passwords?
Continue reading “Abusing Group Policy Preference files for password discovery”
And how SysAdmins can mitigate this vulnerability?
During the creation of a long article about lateral movement using WMI, i’ve collected a good number of techniques to remotely manipulate Windows Services using WMI and Powershell.