SensePost | Blog | Internals

Building an offensive RPC interface

Reading time: ~28 min

Posted by aurelien.chalot@orangecyberdefense.com on 03 August 2021

Categories: Internals, Rpc, Windows

Using the Windows Remote Procedure Call (RPC) interface is an interesting concept when conssidering the fact that it allows you...

Chaining multiple techniques and tools for domain takeover using RBCD

Reading time: ~26 min

Posted by Sergio Lazaro on 09 March 2020

Categories: Active directory, Internals, Bloodhound, Dacls, Mimikatz, Powerview, Rubeus

Intro In this blog post I want to show a simulation of a real-world Resource Based Constrained Delegation attack scenario...

Being Stubborn Pays Off pt. 1 – CVE-2018-19204

Reading time: ~13 min

Posted by Javier Jimenez on 18 April 2019

Categories: Cve, Exploit development, Internals, Webapps, 0day, Cve-2018-19204, Exploit, Prtg network monitor, Web application

Intro During an internal assessment, I came across monitoring software that had default credentials configured. This monitoring software allowed for...

USaBUSe Linux updates

Reading time: ~6 min

Posted by Rogan Dawes on 10 March 2017

Categories: Abuse, Backdoor, Build-it, Conferences, Empire, Exploit, Hardware, Internals, Linux, Metasploit, Programming, Real-world, Research, Shells, Tunnelling

(If you’re new to this project, read the intro first) For the past few months, I’ve been working on porting...

AutoDane at BSides Cape Town

Reading time: ~6 min

Posted by Dane Goodwin on 07 December 2015

Categories: Active directory, B-sides, Conferences, Internals, Post-exploitation, Tools, Zacon

Given the prevalence of Microsoft Active Directory domains as the primary means of managing large corporate networks both globally and...

Something about sudo, Kingcope and re-inventing the wheel

Reading time: ~5 min

Posted by george on 27 May 2013

Categories: Backdoor, Fun, Howto, Infrastructure, Internals, Linux, Local, Post-exploitation, Shells, Silly-yammerings, Tricks