Host-Based Tools and Attacks

0.0(0)
studied byStudied by 3 people
GameKnowt Play
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/10

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

11 Terms

1
New cards

Mimikatz

An open-source tool that has several modules. Some of the functions include the ability to create a Microsoft Kerberos API, list active processes and view credential information stored on a Windows computer.

2
New cards

Rubeus

A command-line tool that is used to exploit Kerberos authentication in a Windows Domain environment.

3
New cards

Certify

A C# tool that is used to exploit weaknesses in Active Directory Certificate Services.

4
New cards

Seatbelt

A C# tool that can be used to scan a Windows machine for potential misconfigurations. Note that this tool must be compiled first.

5
New cards

PowerShell/PowerShell Integrated Scripting Environment (ISE)

PowerShell is a command-line tool in Windows that can be used to run standard commands, tiny applications called cmdlets, and scripts. The PowerShell ISE provides a GUI environment to develop and test PowerShell scripts.

6
New cards

Evill-WinRM

Windows Remote Management shell tool used for pentesting. Evil-WinRM contains many tools for carrying out specific attacks against Windows host machines.

7
New cards

Living off the land binaries (LOLbins)

LOLbins refer to legitimate binaries that are a part of the Operating System, but have been exploited to carry out and hide malicious activity.

8
New cards

User-Controlled Access Bypass

Access controls are implemented to protect against unauthorized access to sensitive data and applications. If access controls are not properly implemented, then a user may be able to gain access to restricted functionalities, resources, or data. This type of vulnerability can be exploited using a variety of methods including:

9
New cards

Process Hollowing

a stealthy attack in which the pentester injects malicious code into a legitimate process that is already running on the computer. In this attack, the memory space of the process is hollowed out and replaced with malicious code. Because the malicious code is running inside of a legitimate process, this attack can be extremely difficult to detect.

10
New cards

Unquoted Servicce Path Injeciton

Because many of these services have spaces in their full path (ie: C:\Program Files\Comptia\example.exe), the path must be enclosed in quotes. If not, then Windows will stop reading the path at the first space. The pentester can take advantage of this by placing a malicious executable in the location that will be read when the service is run.

11
New cards