Configuring a Pretty and Usable Terminal Emulator for WSL
I'm a big fan of Bash on Windows (WSL), but was unable to find a good terminal emulator to use. In this post I talk about configuring Terminator for WSL
[Read More]
Remotely Managing Hyper-V in a Workgroup Environment
After lots of mucking around, this is the bare minimum configuration I found to successfully connect to and mange Hyper-V in a non-domain network
[Read More]
Upgrading Simple Shells to Fully Interactive TTYs
Catching a reverse shell over netcat is great...until you accidentally Ctrl-C and lose it. These techniques let you upgrade your shell to a proper TTY
[Read More]
Extracting Hashes and Domain Info From ntds.dit
If you end up with a copy of NTDS.dit and the SYSTEM registry hive, you can extract domain computer info offline and user NTLM hashes for cracking.
[Read More]
Cracking OpenNMS Password Hashes
After compromising an OpenNMS server, I recovered salted password hashes. I couldn't find any info online, so I reversed them and wrote a tool to crack them
[Read More]
Sans Holiday Hack 2016 - Writeup
After my last report for work went out the door and my company entered its end-of-year shutdown period, I found myself at my parents house for several days for the holidays, relaxed and with nothing to do. I saw some people on Twitter talking about the SANS Holiday Hack Challenge, and decided I would finally give it a try.
I started on Christmas Eve and after several days of borderline dangerous obsessive completion-compulsion, I had solved all the challenges.
[Read More]
Transferring Files from Linux to Windows (post-exploitation)
I often need to copy a tool or a payload from my Kali linux attack box to a compromised Windows machine. These are some of my favorite techniques.
[Read More]
Practical Usage of NTLM Hashes
I've shown all the different ways to own a Windows environment when you have a password - but having a hash is just as good! Don't bother cracking - PTH!
[Read More]
Abusing Linux Trust Relationships - Thotcon Talk
Had an awesome time presenting at Thotcon this year. I plan to expand on this topic quite a bit and eventually turn it into a blog posts/series, but in the meantime, here's the slides and the demo video
[Read More]
Using Credentials to Own Windows Boxes - Part 3 (WMI and WinRM)
WMI and WinRM are two Windows administrative "features" that are ripe for abuse if you have credentials. In this post, I'll show how to (mis)use them...
[Read More]