0prrr

Recommended Read / Watch

• https://blog.xpnsec.com/
• https://www.hexacorn.com/
• https://modexp.wordpress.com/
• https://klezvirus.github.io/
• https://zerosum0x0.blogspot.com/
• https://www.binarly.io/posts/index.html
• https://0xdarkvortex.dev/blogs/
• https://cocomelonc.github.io/
• https://pre.empt.blog/

0prrr

• AAD
• Active Directory
• Cloud
• Cobalt Strike / Aggressor Scripts
• Recon
• UAC
• Metasploit
• Infrastructure
• SMB
• VBA

0prrr

Install FlareVM on Windows 10 VM Machine

Credit to Flare VM for the script.

This gist is to pick a former version of the install script and have it installed successfully on a Windows 10 x64 1809 VM machine becuase the latest one doesn't work.

Note: FLARE VM should ONLY be installed on a virtual machine!

• Prepare a Windows 10+ virtual machine
• FLARE VM has been tested on Windows 10 1809 x64 and 20H2

0prrr

• Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation
  https://www.cybereason.com/blog/operation-cuckoobees-cybereason-uncovers-massive-chinese-intellectual-property-theft-operation

• Blowing Cobalt Strike Out of the Water With Memory Analysis https://unit42.paloaltonetworks.com/cobalt-strike-memory-analysis/#post-125875-_e2rkiblq96ad

0prrr

References

https://www.youtube.com/watch?v=Ts-ofIVRMo4
https://notes.netbytesec.com/2023/06/install-elastic-kibana.html
https://www.elastic.co/guide/en/kibana/current/deb.html

All commands are from the video, and the two documents above.

It's suggested to watch the video first, then follow along with the following commands.

0prrr

#define WIN32_LEAN_AND_MEAN
#include <winsock2.h>
#include <windows.h>
#define SECURITY_WIN32
#include <security.h>
#define SCHANNEL_USE_BLACKLISTS
#include <subauth.h>
#include <schnlsp.h>
#include <shlwapi.h>
#include <assert.h>