write-ups and what not
»Output Encoding for Dummies«
Values received from a data source should only be treated as what it should be (only as data) and nothing else.
»CORS for Dummies«
This is a brief introduction to Cross Origin Resource Sharing along with common misconfigurations that might lead to exploitation. This was an entry to mubix’s OSCP giveaway challenge 3. I did not win but I still really learned a lot which is still a great takeaway.
An elastalert rule tester built using python. Tests could be set-up uniquely and could be run by batch. Specified logs are indexed using Elasticsearch 7.4.0 and are used with a custom elastalert alerter. This program covers testing for single matches and log aggregation with field mapping capabilities. (source code)
»Setting up a Windows Event Collector«
This lays out how to create a sbuscription (both source and collector initiated) that collects selected forwarded
.evtxevent logs from a workstation to a domain controller.
»Creating Custom .evtx Logfiles«
This shows the process of how to create custom
.evtxlog files using
ecmangen.exeand other utilities present in the Windows Development Kit. The log file(s) created could be used as a destination log for forwarded events.
»Pass-the-Ticket: PSRemoting Double-hop Bypass«
The double-hop problem occurs when, for example, a local PowerShell instance connected via PSRemoting to a remote server which is connected to the target server and an attempt to execute commands on the target server was made and was rejected. The end goal of this proof-of-concept is to execute a pass-the-ticket attack on an active directory while being remotely connected to a domain computer with administrator privileges.