Ramblings

GetLoggedOn - Remote Registry Enumeration

Remote Registry to enumerate the logged on users?

During red team operations we, more time than not, are targeting the Active Directory. We have all been in the situation that we quickly want to check wether or not users are connected/logged in to certain devices, for let’s...

Introduction to Cobalt Strike UDRL-VS

Reflective Loading vs Native Windows DLL Loading?

The main idea of Reflective Loading is to load a PE file directly from memory rather than from disk. This is achieved by manually loading the DLL into memory, which means bypassing the Windows API functions that would typically be...