Killer-Exercice: An Exercice for Red Team to Reverse & Exploit, that's a valid BYOVD Killer, not HVCI Blocklisted, and not in LOLBIN
RAIWhateverTrigger: Local SYSTEM auth trigger for relaying - based on the original RAITrigger technique that abuses the RAiForceElevationPromptForCOM RPC function in appinfo.dll to trigger SYSTEM auth
Escaping the Confines of Port 445 - "TL;DR NTLM relay attacks on SMB restrict lateral movement to port 445/TCP capabilities. To extend beyond, leverage the Service Control Manager (SCM) remotely"
theProtector: Linux Bash Script for the Paranoid Admin on a Budget - real-time monitoring and active threat response
Microsoft Probing If Chinese Hackers Learned SharePoint Flaws Through Alert - Microsoft Corp. is investigating whether a leak from its early alert system for cybersecurity companies allowed Chinese ha
