PowerShell: In-Memory Injection Using CertUtil.exe

PowerShell: In-Memory Injection Using CertUtil.exe May 31, 2018, Shane Rudy, Senior Security Consultant, Coalfire Labs Have you ever heard the old saying, “The only constant in life is change?” Nothing is truer in the world of penetration testing and information security than the certainty of change. New defenses are always emerging, and the guys and gals in the red team game are always having to evolve our efforts to evade defenses. This week was one…

"PowerShell: In-Memory Injection Using CertUtil.exe"

Windows Server 2016 security auditing for enhanced threat detection

Windows Server 2016 security auditing for enhanced threat detection “Detecting malicious reconnaissance attempts to access SAM The Security Account Manager (SAM) is a database file, which stores users’ passwords. A common attack is to access SAM remotely to enumerate user groups, such as finding all the users in the local admin group on a server. On Windows Server 2016, when an attacker with insufficient privilege runs a query on the network to identify highly privileged…

"Windows Server 2016 security auditing for enhanced threat detection"