Thursday, November 2, 2017

Windows Exploitation resources

The web site below is a list of exploits for the Windows platform.

https://github.com/enddo/awesome-windows-exploitation/blob/master/README.md

PowerShell Module Browser Site

The PowerShell Module Browser site is a location to find scripts or modules.  In running some tests, the current version appears to be focused on Azure.

https://docs.microsoft.com/en-us/powershell/module/

CrackMapExec

CrackMapExec (CME) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.  CME can be used to assess account privileges, find possible misconfigurations and simulate attack scenarios.

https://github.com/byt3bl33d3r/CrackMapExec

Pestudio

Pestudio is an utility can be used for malware analysis. The application will attempt to display the imports, the resources and it will send the MD5 hash of the file to VirusTotal.

https://isc.sans.edu/forums/diary/Triaging+suspicious+files+with+pestudio/22706/

https://www.winitor.com/binaries.html

image

EFA

EFA (Email Filter Appliance) is a virtual appliance for spam fighting using open-source tools.  Both VMware and Hyper-V appliances are available to download.

https://efa-project.org/

WINspect

WINspect is a PowerShell script that will return security-based information.  Examples of returned data would be:

  • Checking for installed security products.
  • Enumerating world-exposed local filesystem shares.
  • Enumerating domain users and groups with local group membership.
  • Enumerating registry autoruns.
  • Enumerating local services that are configurable by Authenticated Users group members.
  • Enumerating local services for which corresponding binary is writable by Authenticated Users group members.
  • Enumerating non-system32 Windows Hosted Services and their associated DLLs.
  • Enumerating local services with unquoted path vulnerability.
  • Enumerating non-system scheduled tasks.
  • Checking for DLL hijackability.
  • Checking for User Account Control settings.
  • Checking for unattended installs leftovers.

https://github.com/A-mIn3/WINspect

https://isc.sans.edu/forums/diary/Windows+Auditing+with+WINspect/22810/

nbtscan

Nbtscan is a command-line NetBIOS scanner for Windows that scans for open NetBIOS name servers on a local or remote TCP/IP network.

http://www.unixwiz.net/tools/nbtscan.html

Yuki Chan

Yuki Chan is an Automated Penetration Testing Tool that carries out a whole range of standard security auditing tasks automatically.

The standard functions performed by this tool out of the box are:

  • Automated
  • Intel Gathering
  • Vulnerability Analysis
  • Security Auditing
  • OSINT
  • Tracking
  • System Enumeration
  • Fuzzing
  • CMS Auditing
  • SSL Security Auditing

https://github.com/Yukinoshita47/Yuki-Chan-The-Auto-Pentest

Use older file formats for photos and videos with iOS 11

With iOS version 11, the operating system uses newer file formats for photos and videos.  To use the previous .JPG and .MP4 file formats, access Settings –> Camera -> Format and select Most Compatible instead of High Efficiency.

image

Sunday, October 1, 2017

How to check flash wear via PowerShell within Windows 10

To check the wear value of an internal SSD drive via PowerShell within Windows 10, launch an elevated PowerShell session and use the following command.

Get-PhysicalDisk | Get-StorageReliabilityCounter | Select Wear

image

Not all drives accurately report this value to Windows. In some cases, the counter may be blank. Check with your manufacturer to see if they have proprietary tooling you can use to retrieve this value.

https://blogs.technet.microsoft.com/filecab/2017/08/11/understanding-dwpd-tbw/