Microsoft

Blue Team, Incident Response, Informational, InfoSec 301, Phishing, Red Team, Social Engineering, Steve Borosh Device Code, Microsoft

Dynamic Device Code Phishing

rvrsh3ll // Introduction This blog post is intended to give a light overview of device codes, access tokens, and refresh tokens. Here, I focus on the technical how-to for standing […]

Read the entire post here

Blue Team, Blue Team Tools, How-To, Informational, Red Team, Red Team Tools Certutil, Clip, Clipboard, Cmdkey, Curl, Microsoft, Net1, Sally Vandeven, Tar, Where, Whoami, Windows, Windows Command, Wslconfig

Rainy Day Windows Command Research Results

Sally Vandeven // We have all heard people talk about how much cooler Linux is than Windows, so much easier to use, etc. Well, they are not necessarily wrong… but we […]

Read the entire post here

Podcasts Blue Team, hacker tools, Microsoft, Red Team, Sysinternals Suite

PODCAST: Hacker Tools, Compliments of Microsoft

Sally Vandeven & David Fletcher // This is the podcast version of Sally & David’s webcast. For the whole webcast see our webcast post. Links that are mentioned in this […]

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS

Read the entire post here

Red Team, Red Team Tools, Webcasts hacker tools, Microsoft, webcast, webcasts

WEBCAST: Hacker Tools, Compliments of Microsoft

David Fletcher & Sally Vandeven// Join David “Fletch” and Sally as they explore the cornucopia of wonderful, free tools in the SysInternals Suite that conveniently are signed by Microsoft and […]

Read the entire post here

Red Team, Red Team Tools how to hide payload in MS docs, Malware, Microsoft, MS Word, pen-testing, penetration testing, pentest, Pentesting, Pentesting tips and tricks, PowerShell, PowerShell Scripts, Word

Hide Payload in MS Office Document Properties

Carrie Roberts* // Can you think of a reason why you might want to put a lengthy comment into the properties of an MS Office document? If you can, then […]

Read the entire post here

Author, Blue Team, Jordan Drysdale, Kent Ickler, Webcasts bloodhound, DLP, group policy, Hashcat, Microsoft, mitigation, Network Vulnerabilities, PowerSploit, recon, reconaissance, Windows

WEBCAST: Wrangling Internal Network Vulnerabilities

Jordan Drysdale & Kent Ickler // In this webcast, we demonstrate some standard methodologies utilized during an internal network review. We also discuss various tools used to test network defenses […]

Read the entire post here

Author, Beau Bullock, External/Internal, Red Team email attack, MailSniper, Microsoft, Microsoft Exchange, MS, Office365, OWA, pen-testing, tools

Abusing Exchange Mailbox Permissions with MailSniper

Beau Bullock // Overview Microsoft Exchange users have the power to grant other users various levels of access to their mailbox folders. For example, a user can grant other users […]

Read the entire post here

Author, Ethan Robish, Red Team, Red Team Tools author metadata, bugging documents, how to clear metadata, Microsoft, MS Excel, MS Word

Bugging Microsoft Files: Part 3 – Clearing Metadata

Ethan Robish // In my last two posts I showed how to insert tracking bugs in both .docx (Part 1) and .xlsx files (Part 2). But don’t let all that effort go […]

Read the entire post here

Author, Ethan Robish, Red Team, Red Team Tools ADHD, Bugging Word Files, Microsoft, MS Word, Pentesting, Web Word Bugs, Word

Bugging Microsoft Files: Part 1 – Docx Files using Microsoft Word

Ethan Robish // If you’re familiar with ADHD and Web Word Bugs, you likely already know the method to create web tracking software using .html files renamed as .doc files. […]

Read the entire post here

1 2