Getting Started with Windows Defender Application Control (WDAC)

Windows Defender Application Control (WDAC), formerly known as Device Guard, is a Microsoft Windows secure feature that restricts executable code, including scripts run by enlightened Windows script hosts, to those »

Bypassing LSA Protection (aka Protected Process Light) without Mimikatz on Windows 10

Note: This is a cross-post of a blog entry I wrote for Red Cursor. The original can be found here: https://www.redcursor.com.au/blog/bypassing-lsa-protection-aka-protected-process-light-without-mimikatz-on-windows-10 Starting with Windows »

Bypassing CrowdStrike Endpoint Detection and Response

Note: This is a cross-post of a blog entry I wrote for Red Cursor. The original can be found here: https://www.redcursor.com.au/blog/bypassing-crowdstrike-endpoint-detection-and-response In a recent »

Game Over Privileges

Note: This is a cross-post of a blog entry I wrote for Red Cursor. The original can be found here: https://www.redcursor.com.au/blog/game-over-privileges On Windows a »

Capturing and Relaying NTLM Authentication: Methods and Techniques

Note: This is a cross-post of a blog entry I wrote for Red Cursor. The original can be found here: https://www.redcursor.com.au/blog/capturing-and-relaying-ntlm-authentication-methods-and-techniques This blog post »