https://wechat2rss.xlab.app/feed/1c1f6eeede24a34f08ac362de07be36f79a7e986.xml 专注于AD域渗透和免杀的优质红队平台 (wechat feed made by @ttttmr https://wechat2rss.xlab.app) 花指令安全实验室 https://wechat2rss.xlab.app (ttttmr) Sat, 18 Dec 2021 10:34:25 +0800 Sat, 18 Dec 2021 10:34:25 +0800 http://wx.qlogo.cn/mmhead/Q3auHgzwzM7PFOhrsosTzNwkbs8LtPFNPnw1cVYsiasXMthjGES2WPw/0 https://mp.weixin.qq.com/s?__biz=Mzg3MDUwMjE3Nw==&mid=2247484436&idx=1&sn=af67621b74aa171aedfd64cbf13b9ba4&chksm=ce8d9e5af9fa174c356181fe44ba3c574ff23d3335890bb167ff17ad99fe96bbf514ebb2d92f&scene=58&subscene=0#rd 跟进一下最近爆出的打域控的洞 Sat, 18 Dec 2021 10:34:25 +0800 https://mp.weixin.qq.com/s?__biz=Mzg3MDUwMjE3Nw==&mid=2247484289&idx=1&sn=d2c24e3f5c5964aa897e9054c128c5fb&chksm=ce8d99cff9fa10d97f11cbc0ea5493e4acee899232b63d47bcbcc4d331ae885bd3bf68b7c637&scene=58&subscene=0#rd 如何应对面试喜欢问的域管与域控定位问题？今天给大家做个总结，无论是实战还是面试都能给各位有所帮助。 Mon, 30 Aug 2021 08:50:07 +0800 https://mp.weixin.qq.com/s?__biz=Mzg3MDUwMjE3Nw==&mid=2247484205&idx=1&sn=1b3941ec1f89ede69790c955f14cda9c&chksm=ce8d9963f9fa10759de00b5d65615cbbe21d681ab6283d1ff9614b50282494c0d3bcca6c1315&scene=58&subscene=0#rd 分享俩个免杀转储lsass进程的方式。 Tue, 17 Aug 2021 09:07:10 +0800 https://mp.weixin.qq.com/s?__biz=Mzg3MDUwMjE3Nw==&mid=2247484182&idx=1&sn=ec59859b86272570296bace5f30694c1&chksm=ce8d9958f9fa104ec4d589dfe5377e523b9814aa5b096528f3321e9140eadb9f03eff3457034&scene=58&subscene=0#rd 前言PTH攻击在内网横向中利用广泛，今天给大家从NTLM原理，到PTH在内网横向中的利用，进一步的认识PTH Tue, 10 Aug 2021 08:39:24 +0800 https://mp.weixin.qq.com/s?__biz=Mzg3MDUwMjE3Nw==&mid=2247484138&idx=1&sn=2f6e7a59e6605fc16e9054e111dd26c8&chksm=ce8d98a4f9fa11b2f13689c69aa39807e05b53b26cf98479349b511bba8dc74bfe66feb460be&scene=58&subscene=0#rd 分享两个利用powershell来bypass杀软抓密码技巧，亲测目前不杀。 Tue, 03 Aug 2021 07:49:16 +0800 https://mp.weixin.qq.com/s?__biz=Mzg3MDUwMjE3Nw==&mid=2247484093&idx=1&sn=94b3574ff166c3e1e2fdbe2eeda9727a&chksm=ce8d98f3f9fa11e5c0d828c7a7f3ae847cd1440d78e5087b9290778f93960e5460c1e44da277&scene=58&subscene=0#rd WMI是Windows操作系统上WBEM和CIM标准的实现，允许用户、管理员和开发人员（包括攻击者）在操作系 Wed, 21 Jul 2021 08:45:19 +0800 https://mp.weixin.qq.com/s?__biz=Mzg3MDUwMjE3Nw==&mid=2247484058&idx=1&sn=9ab921c0ee0e11256db9f405c541a52d&chksm=ce8d98d4f9fa11c24494506d3a9621eaf45aecf7e865c3d7bb1a1d7cf3450dd60b509016d9c6&scene=58&subscene=0#rd Windows认证协议——NTLM（NT Lan Manager）。NTLM使用在Windows NT和Wi Mon, 19 Jul 2021 08:35:21 +0800 https://mp.weixin.qq.com/s?__biz=Mzg3MDUwMjE3Nw==&mid=2247484039&idx=1&sn=430e1cd958dbf63801e2eda1f7f5b7b9&chksm=ce8d98c9f9fa11df0af4886bc3728c2b6ba1a05cddf0c8200da69ab4a9181f613b02a2c95940&scene=58&subscene=0#rd 前几天受到某位红队大佬指点了一波amsi接口限制powershell脚本的问题,随即便深知自己的知识面不足， Fri, 16 Jul 2021 08:33:37 +0800 https://mp.weixin.qq.com/s?__biz=Mzg3MDUwMjE3Nw==&mid=2247483955&idx=1&sn=89df46f49df09dcd193d6263fa32c467&chksm=ce8d987df9fa116be7b26739a5e741f9b7f33334c50af3de53eeab65c3d50b6023c7f0b646f4&scene=58&subscene=0#rd 本篇文章将给大家介绍 Windows NTLM 认证的相关内容，包括 NTLM 的概念与相关安全问题的介绍 Sat, 10 Jul 2021 10:30:26 +0800 https://mp.weixin.qq.com/s?__biz=Mzg3MDUwMjE3Nw==&mid=2247483927&idx=1&sn=9e7b17202d114e3deacb33f3256c10f1&chksm=ce8d9859f9fa114f579ffbe9cc12f49327d3ceb77e718b1192e54222d49c351ae9c3c242e330&scene=58&subscene=0#rd 本文将介绍powershell执行策略问题与绕过策略方式，以及命令混淆与代码混淆来达到绕过AV上线的方式，从基础出发,实现对powershell不了解的小白也可Bypass AV上线CS Tue, 06 Jul 2021 20:39:27 +0800