//Posts

Offensive Windows IPC Internals 2: RPC 2021-02-21
Remote Procedure Calls (RPC) is a technology to enable data communication between a client and a server across process and machine boundaries (network communication). Therefore RPC is an Inter Process Communication (IPC) technology... Read more...
Offensive Windows IPC Internals 1: Named Pipes 2021-01-10
Although the name might sound a bit odd Pipes are very basic and simple technology to enable communication and share data between two processes, where the term pipe simply describes ... Read more...
Kerberos Delegation: A Reference Overview 2020-02-15
There are 3 Delegation types: Unconstrained, Constrained and Resources Based. This post is will list the attributes used to define these types and outline attack paths to abuse misplaced delegation settings Read more...
Kerberos Delegation: A Wrap Up 2020-02-10
Delegation allows a server application to impersonate a client when the server connects to other network resources.
In other words: Delegation specifies the client's action to authorize a server in order to allow this server to impersonate itself (the client).
Read more...
A Beginner's Guide to Windows Shellcode Execution Techniques 2019-07-24
This blog post is aimed to cover basic techniques of how to execute shellcode within the memory space of a process. The background idea for this post is simple: New techniques to achieve stealthy code execution appear every day and it’s not always trivial to break these new concepts into their basic parts to understand how they work. By explaining basic concepts of In-Memory code execution i'm aiming to improve everyone’s ability to do this... Read more...
A Windows Authorization Guide 2018-06-14
Compared to Linux, the Window’s authorization process is quite complex and quite a few actors and objects are involved in this process. As a result, there a lot of terms and acronyms that must be known in order to understand and follow up on the topic. To get an idea of what is covered in this guide take a look on this overview of terms and acronyms... Read more...
Downgrade SPNEGO Authentication 2018-04-04
Microsoft’s SPNEGO protocol is a less well known sub protocol used by better known protocols to negotiate authentication. This blog post covers weaknesses i've discovered in SPNEGO and leverages this to highlight an inconsistency in the SMBv2 protocol, both of which lead to user credentials being sent over the wire in a way which makes them vulnerable to offline cracking... Read more...
Kerberos Authentication: A Wrap Up 2017-09-12
This post is intended as a wrap-up to refresh/update your understanding of how Kerberos works in a Windows domain network... Read more...
NTLM Authentication: A Wrap Up 2017-09-10
This post is intended as a wrap-up to refresh/update your understanding of how the NTLM authentication scheme works in a Windows domain network... Read more...