01 2020 档案
摘要:Client-Side Attacks - Social Engineering Tool: The FAT RAT Just like Veil, it generates Undetectable Metasploit backdoors. Uses a different method to
阅读全文
摘要:Backup the GPO to a second server is very important. Restore a GPO if necessary. Note: WMI filter and Links need to be re-configured after restoration
阅读全文
摘要:Create a GPO to disable Task Manager Access to normal users. Add an exception to Domain Admins.
阅读全文
摘要:AppLocker can help you: Define rules based on file attributes that persist across app updates, such as the publisher name (derived from the digital si
阅读全文
摘要:WMI filtering Setting - Differentiating Installation Between Operations and Architecture. WMI SQL General script: 64-bit select * from Win32_Operating
阅读全文
摘要:Creating local folders and copying files Mapping printers via GPO Deny logon locally. Installation Software Key Settings for silent installation We ca
阅读全文
摘要:Prohibit access to Control Panel and PC settings Disable GPO for Administrators and /or User Groups Custom wallpaper Account lockout and security poli
阅读全文
摘要:Create a Group Policy on AD DC Server. The GPO policy will come into effect on the next login, or use the following command to force the GPO to update
阅读全文
摘要:Create and save the following scripts on the DC folder \\Winsever2019\sysvol\pandabusiness.local\scripts. net use P: \\WINSEVER2019\Public net use S:
阅读全文
摘要:Method1: Create a user by executing the following PowerShell Script. New-ADUser -name 'Michael Jordan' -SamAccountName jordan.michael -UserPrincipalNa
阅读全文
摘要:CLIENT SIDE ATTACKS Backdooring ANY file Combine backdoor with any file - Generic solution. Users are more likely to run a pdf, image or audio file th
阅读全文
摘要:CLIENT SIDE ATTACKS - Backdooring exe' s Download an executable file first. VEIL - FRAMEWORK A backdoor is a file that gives us full control over the
阅读全文
摘要:CLIENT SIDE ATTACKS - Social Engineering Social Engineering Information gathering Tool: Maltego Gathering Information About Target's Facebook Account,
阅读全文
摘要:CLIENT SIDE ATTACKS Social Engineering Gather info about the user(s). Build a strategy based on the info. Build a backdoor based on the info.
阅读全文
摘要:CLIENT SIDE ATTACKS Protecting against smart delivery methods Ensure you're not being MITM'ed -> use trusted networks, xarp. Only download from HTTPS
阅读全文
摘要:CLIENT SIDE ATTACKS Backdoor delivery method2 - backdooring exe downloads Backdoor any exe the target downloads. We need to be in the middle of the co
阅读全文
该文被密码保护。
摘要:CLIENT SIDE ATTACKS - Listening for connections 1. Run Metasploit Move the backdoor file to the webserver folder. And download it on the target machin
阅读全文
摘要:CLIENT SIDE ATTACKS Use if server-side attacks fail. If IP is probably useless. Require user interaction. Social engineering can be very useful. Infor
阅读全文
