We begin on the Domain Controller, where the Group Policy setting “Network security: Restrict NTLM: NTLM authentication in this domain” is initially set to Disabled. This allows NTLM-based authentication to proceed – opening the door for potential relay attacks. On the attacker machine (running Kali Linux), the Responder and Impacket’s ntlmrelayx tools are launched. Once […]
Setting up the Attack We start with three machines: On Kali, we enable packet forwarding and run the arpspoof tool to trick both the client and the domain controller into believing that Kali is the other host. This successfully poisons the ARP cache, redirecting their communication through our machine. Sniffing ICMP Traffic With ARP spoofing […]
Understanding Hidden Services Let’s learn how to hide and uncover a service. This is a very important technique for post-incident investigation, as manipulating a service’s security descriptor can be a powerful method for persistence. There’s no direct mechanism to hide a service in Windows, but we can manipulate the Security Descriptor Definition Language (SDDL). We […]
The threat is real – legitimate users can engineer malicious programs that deceive target systems into establishing authentication with a fake SMB server. This exploitation method delivers maximum system authority to attackers, granting them comprehensive dominance over the infiltrated machine. So, let’s see how granting this access looks like in practice. Before attempting exploitation, two […]
During the demonstration, you will see how to use PowerShell to gather more information about a user, generate a Ticket Granting Service (TGS) ticket using the S4U2proxy protocol with Rubeus, and perform a DCSync attack using Mimikatz. This attack will show you how an account with constrained delegation rights, when compromised, can be leveraged to […]
By leveraging snapshots, attackers can bypass security mechanisms and extract passwords or access tokens, allowing privilege escalation across the entire network. Watch the video above to find out how hackers can lay their hands on passwords by taking a snapshot of the running VM along with the memory and downloading the snapshot memory status files, […]
How can the Windows Mark-of-the-Web Protection be bypassed? 🦝 Amr Thabet, Malware Researcher & Incident Handler, presented some of the scenarios in episode 62 of our #HacksWeekly series! Windows Mark-of-the-Web Protection is just the first layer of protection. The problems start when users use 7-ZIP or delete the specific version of the file and download […]
What is MITM6? MITM6 is an advanced penetration testing tool that exploits default Windows DNS configurations to facilitate man-in-the-middle (MITM) attacks. It targets mainly networks where IPv6 is enabled but not actively used. By responding to DHCPv6 messages, MITM6 can redirect traffic from vulnerable Windows machines to an attacker’s system. These redirections take place because […]
We’re happy to share that the 2024 edition is also taking place with our involvement! And we have to admit, this year’s agenda looks promising. As always, we’re ready to share only the most relevant skills, thoroughly tested during real-life scenarios. System Forensics, Incident Handling and Threat Hunting On December 9, you’ll have the opportunity […]
Over the years, the Advanced Windows Security Course has amassed hundreds of satisfied students, building a supportive community of cybersecurity enthusiasts and rising talents. We repeat it yearly, each time brainstorming to deliver the freshest techniques for combating cyber threats. As a result, the formula just keeps getting better. At CQURE Academy, our Experts consolidate […]
Do you want to receive the geekiest cybersecurity solutions, tools, and tricks, straight to your inbox?
Learn more about our offer in terms of Consulting. Our Cybersecurity Experts perform consulting work on a daily basis, hence we are fully prepared for any challenge.
Learn more about our offer in terms of Consulting. Our Cybersecurity Experts perform consulting work on a daily basis, hence we are fully prepared for any challenge.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.
