https://1dnu11.github.io/Recent content in Hello, Friend on 🕵 1dnu11Hugo -- gohugo.ioen-USCopyright © 2024, 1dnu11.Sat, 23 Mar 2024 00:00:00 +0000https://1dnu11.github.io/zet/file-system-vulnerability-alternate-data-streams/Sat, 23 Mar 2024 00:00:00 +0000https://1dnu11.github.io/zet/file-system-vulnerability-alternate-data-streams/Alternate Data Streams (ADS) NTFS (New Technology File System) is the default file system for Windows. Alternate Data Streams (ADS) is an NTFS file attribute designed to provide compatibility with MacOS HFS (Hierarchical File System). Whenever we work with a file on an NTFS formatted drive, there will be two different forks/streams: Data stream: Default stream that contains the actual data of the file Resource stream: Contains the metadata of the file ADS can then be abused to hide malicious code or executables in legitimate files, thus avoiding detection.https://1dnu11.github.io/windows-credential-dumping/Sat, 23 Mar 2024 00:00:00 +0000https://1dnu11.github.io/windows-credential-dumping/Windows Password Hashes Windows stores hashes user account passwords locally in the SAM (Security Accounts Manager) database. Authentication and verification of user credentials is facilitated by the LSA (Local Security Authority). SAM Database SAM is a database file that manages user accounts and passwords. All passwords stored in SAM are hashed. This database cannot be copied while the operating system is running. Windows NT keeps the SAM db file locked. Attackrs tipically use in-memory techniques to dump SAM hashes from the LSASS process.https://1dnu11.github.io/zet/privesc-bypassing-uac-with-uacme/Fri, 22 Mar 2024 00:00:00 +0000https://1dnu11.github.io/zet/privesc-bypassing-uac-with-uacme/UAC (User Account Control) UAC is a security feature introduced in Windows Vista. It is used to prevent changes to the operating system without the proper adminitrative approval. A non-privileged user attempting to execute a program with elevated privileges will be prompted with the UAC credential prompt, where a privileged user will just be prompted with a consent prompt. It’s possible to bypass UAC in order to execute malicious executables with elevated privileges.https://1dnu11.github.io/zet/privesc-access-token-impersonation/Fri, 22 Mar 2024 00:00:00 +0000https://1dnu11.github.io/zet/privesc-access-token-impersonation/Windows Access Tokens Created and managed by the *LSASS, access tokens are the core element of the authentication process on Windows. They are responsible for identifying and describing the security context of a process or thread. They can be seen as a temporary key that provides users with the required access to a system, without having to provide credentials each time a process is started or resources is used. They are generated by the winlogon.https://1dnu11.github.io/about/Mon, 01 Jan 0001 00:00:00 +0000https://1dnu11.github.io/about/Welcome, friend Before you question why this blog exists, you can go and read this post here. How to Navigate this Website To see an index of my entire Zettelkasten sorted in chronological order, visit Zet. Longer articles can be viewed at the Blog page. About This Website What you are seeing here is the public section of my personal Zettelkasten. I keep a large collection of notes which are stored as markdown files on my harddisk.