Acebond

9 posts
    

EdgeGdi.dll for Persistence and Lateral Movement

I recently read https://chadduffey.com/2020/10/10/edgegdi.html which describes how EdgeGdi.dll can be used for persistence, although with the caveat that “Windows wont tolerate the »

Getting Started with Windows Defender Application Control (WDAC)

Windows Defender Application Control (WDAC), formerly known as Device Guard, is a Microsoft Windows secure feature that restricts executable code, including scripts run by enlightened Windows script hosts, to those »

Bypassing LSA Protection (aka Protected Process Light) without Mimikatz on Windows 10

Note: This is a cross-post of a blog entry I wrote for Red Cursor. The original can be found here: https://www.redcursor.com.au/blog/bypassing-lsa-protection-aka-protected-process-light-without-mimikatz-on-windows-10 Starting with Windows »

Bypassing CrowdStrike Endpoint Detection and Response

Note: This is a cross-post of a blog entry I wrote for Red Cursor. The original can be found here: https://www.redcursor.com.au/blog/bypassing-crowdstrike-endpoint-detection-and-response In a recent »

Game Over Privileges

Note: This is a cross-post of a blog entry I wrote for Red Cursor. The original can be found here: https://www.redcursor.com.au/blog/game-over-privileges On Windows a »