Home Posts tagged Hacking
Blog Archives

Cracking Open PowerShell’s Constrained Runspace

Posted on June 25, 2014 by clymb3r 2 Comments

Recently at the PowerShell Summit, Lee Holmes and I did a talk on PowerShell security. One of the demonstrations we did showed how to find and exploit a command injection bug in a constrained runspace. I figured I’d write a

Read more ›

Tagged with: , , ,
Posted in Hacking, PowerShell

PowerShell and Token Impersonation

Posted on November 3, 2013 by clymb3r 3 Comments

This post will discuss bringing incognito-like functionality to PowerShell in the form of a new PowerShell script (Invoke-TokenManipulation), with some important differences. I’ll split this post up in to three sections: An overview on tokens and Windows authentication An overview

Read more ›

Tagged with: , , , , ,
Posted in Hacking, PowerShell, Uncategorized

Using PowerShell to Copy NTDS.dit / Registry Hives, Bypass SACL’s / DACL’s / File Locks

Posted on June 13, 2013 by clymb3r 13 Comments

Currently there are a few ways to dump Active Directory and local password hashes. Until recently, the techniques I had seen used to get the hashes either relied on injecting code in to LSASS or using the Volume Shadow Copy

Read more ›

Tagged with: , , , , , ,
Posted in Hacking