PowerShell, Azure, and Password Hashes in 4 steps

In our previous blog post, we talked about how you can obtain the password hashes from a Domain Controller within Azure without ever needing to interact

Continue Reading
Obtain D.C. Hashes within Azure in 4 Easy Steps

Extraction without InteractionA while back, I read this article from @_StaticFlow_ about a tool release for stealing hashes from a domain controller running in AWS. I

Continue Reading
How to Bypass WDAC with dbgsrv.exe

Microsoft Applications and BlocklistNote: This blog post contains the details from Casey Smith and Ross Wolf’s BlackHat USA 2019 presentation Most application whitelisting bypasses that

Continue Reading
Aggressive MSBuild - Bypass Detection

It’s no secret that Casey Smith’s research into bypasses has changed how nearly everyone in the industry approaches testing and circumventing application whitelisting solutions.

Continue Reading
Under-the-hood: WMImplant Invoking PowerShell

WMImplant is a powerful PowerShell based tool that enables its users to conduct nearly any post-exploitation action and exclusively using WMI to do so. We’ve

Continue Reading