PwC安全技术小组
  • PwC安全技术小组须知
  • 技术
    • 技术 - Web安全测试技术点
      • XS-Search
      • XSSI (Cross-Site Script Inclusion)
      • XSS (Cross Site Scripting)
        • PDF Injection
        • DOM XSS
        • Server Side XSS (Dynamic PDF)
        • XSS Tools
      • XXE - XEE - XML External Entity
      • XSLT Server Side Injection (Extensible Stylesheet Languaje Transformations)
      • XPATH injection
      • Web Tool - WFuzz
      • Unicode Normalization vulnerability
      • SSTI (Server Side Template Injection)
      • SSRF (Server Side Request Forgery)
      • SQL Injection
        • MSSQL Injection
        • Oracle injection
        • PostgreSQL injection
          • dblink/lo_import data exfiltration
          • PL/pgSQL Password Bruteforce
          • Network - Privesc, Port Scanner and NTLM chanllenge response disclosure
          • Big Binary Files Upload (PostgreSQL)
          • RCE with PostgreSQL Extensions
        • MySQL injection
          • Mysql SSRF
        • SQLMap - Cheetsheat
        • sqlmap
          • Second Order Injection - SQLMap
      • Reset/Forgotten Password Bypass
      • Regular expression Denial of Service - ReDoS
      • Rate Limit Bypass
      • Race Condition
      • PostMessage Vulnerabilities
      • Parameter Pollution
      • OAuth to Account takeover
      • LDAP Injection
      • NoSQL injection
      • JWT Vulnerabilities (Json Web Tokens)
      • IDOR
      • HTTP Request Smuggling / HTTP Desync Attack
      • Formula Injection
      • File Upload
        • PDF Upload - XXE and CORS bypass
      • File Inclusion/Path traversal
        • phar:// deserialization
        • LFI - Linux List
      • Email Header Injection
      • Deserialization
        • Java JSF ViewState (.faces) Deserialization
        • NodeJS - __proto__ & prototype Pollution
        • Basic Java Deserialization (ObjectInputStream, readObject)
        • Java DNS Deserialization, GadgetProbe and Java Deserialization Scanner
        • CommonsCollection1 Payload - Java Transformers to Rutime exec() and Thread Sleep
        • Basic .Net deserialization (ObjectDataProvider gadget, ExpandedWrapper, and Json.Net)
        • Exploiting __VIEWSTATE knowing the secrets
        • Exploiting __VIEWSTATE without knowing the secrets
      • Domain/Subdomain takeover
      • CSRF (Cross Site Request Forgery)
      • Dangling Markup - HTML scriptless injection
      • CRLF (%0D%0A) Injection
      • Cross-site WebSocket hijacking (CSWSH)
      • CORS - Misconfigurations & Bypass
      • Cookies Hacking
      • Content Security Policy (CSP) Bypass
      • Client Side Template Injection (CSTI)
      • Command Injection
      • Clickjacking
      • Cache Poisoning and Cache Deception
      • Captcha Bypass
      • Bypass Payment Process
      • Abusing hop-by-hop headers
      • 2FA/OTP Bypass
    • 技术 - 安全开发知识库
      • 代码审计
        • Cobra安装与使用
        • 智能合约代码审计
        • FindSecBugs安装与使用
        • SonarQube踩坑记
        • SonarQube安装与使用
      • 移动安全
        • 移动安全扫描
        • 移动安全工具
      • 安全开发
        • API网关
        • API网关设计
      • 安全防护
        • 全站https
        • waf
        • waf
        • waf
      • 安全测试
        • API安全测试
        • APP安全测试
        • 安全测试checklist
        • DAST&SAST&IAST
        • tools-skills
          • APP脱壳技巧
          • https抓包
          • 抓包技巧
          • 信息泄漏漏洞利用
          • Web安全工具
      • 漏洞管理
    • 技术 - 红队攻击手段介绍
      • offensive-security-experiments
        • Active Directory & Kerberos Abuse
        • Pentesting Cheatsheets
        • active-directory-kerberos-abuse
          • From Domain Admin to Enterprise Admin
          • Kerberoasting
          • Kerberos: Golden Tickets
          • Kerberos: Silver Tickets
          • AS-REP Roasting
          • Kerberoasting: Requesting RC4 Encrypted TGS when AES is Enabled
          • Kerberos Unconstrained Delegation
          • Kerberos Constrained Delegation
          • Kerberos Resource-based Constrained Delegation: Computer Object Take Over
          • Domain Compromise via DC Print Server and Kerberos Delegation
      • offensive-security
        • Red Team Infrastructure
        • Initial Access
        • Code Execution
        • Code & Process Injection
        • Defense Evasion
        • Enumeration and Discovery
        • Privilege Escalation
        • Credential Access & Dumping
        • Lateral Movement
        • Persistence
        • Exfiltration
      • miscellaneous-reversing-forensics
        • Windows / OS Internals
        • Cloud
        • Neo4j
        • Dump Virtual Box Memory
        • AES Encryption Using Crypto++ .lib in Visual Studio C++
        • Reversing Password Checking Routine
  • 工具
    • 工具 - BloodHound基础使用
    • 工具 - CobaltStrike基础使用
      • 目录
      • Cobalt Strike简介
      • Cobalt Strike基本使用
      • Cobalt Strike Beacon命令
      • Cobalt Strike脚本使用
      • Cobalt Strike脚本编写
      • Cobalt Strike扩展
      • Cobalt Strike原理介绍
        • 介绍
        • Payload生成分析
      • Cobalt Strike攻击防御
      • 说明
      • cobalt-strikejiao-ben-bian-xie
        • COM劫持利用脚本编写
        • aggressor-script文档翻译
        • ArtifactPayloadGenerator.cna脚本bug修复
        • TODO
      • cobalt-strikeji-ben-shi-yong
        • 界面功能介绍
        • CS4.0功能演示
        • 监听器(Listener)
      • cobalt-strikekuo-zhan
        • Malleable C2
        • External C2
        • CS证书相关
        • CS Beacon和监听器
        • 转发重定向
        • CDN代理转发
        • CDN与转发器
        • CS部分功能启用
        • CS检测工具CobaltStrikeScan绕过
        • 联动Core impact
由 GitBook 提供支持
在本页

这有帮助吗?

  1. 技术
  2. 技术 - 红队攻击手段介绍
  3. offensive-security

Credential Access & Dumping

上一页Privilege Escalation下一页Lateral Movement

最后更新于4年前

这有帮助吗?

Here are the articles in this section:

Dumping Credentials from Lsass Process Memory with MimikatzLocal Security Authority (LSA) credential dumping with in-memory Mimikatz using powershell.
Dumping Lsass Without Mimikatz
Dumping Lsass without Mimikatz with MiniDumpWriteDumpEvasion, Credential Dumping
Dumping Hashes from SAM via RegistrySecurity Accounts Manager (SAM) credential dumping with living off the land binary.
Dumping SAM via esentutl.exe
Dumping LSA Secrets
Dumping and Cracking mscash - Cached Domain Credentials
Dumping Domain Controller Hashes Locally and RemotelyDumping NTDS.dit with Active Directory users hashes
Dumping Domain Controller Hashes via wmic and Vssadmin Shadow Copy
Network vs Interactive LogonsThis lab explores/compares when credentials are susceptible to credential dumping.
Reading DPAPI Encrypted Secrets with Mimikatz and C++
Credentials in RegistryInternal recon, hunting for passwords in Windows registry
Password FilterCredential Access
Forcing WDigest to Store Credentials in Plaintext
Dumping Delegated Default Kerberos and NTLM Credentials w/o Touching Lsass
Intercepting Logon Credentials via Custom Security Support Provider and Authentication PackagesCredential Access, Persistence
Pulling Web Application Passwords by Hooking HTML Input FieldsCredential Access, Keylogger
Intercepting Logon Credentials by Hooking msv1_0!SpAcceptCredentialsHooking, Credential Stealing
Credentials Collection via CredUIPromptForCredentials