Whether it's on HackTheBox, at work, or just for fun, sometimes you need to infect a Windows system with some C2 software or malware. In my case, I most often use CobaltStrike (link) or the equally effective Sliver (link). Since I've done this many times, I immediately thought, "I'll disable AMSI, u…

How many times you have run into the problem of replacing the current user Kerberos TGT? Creating the sacrificial process is the way to prevent that from happening. If the current user TGT will be replaced, the authentication to the domain resources will be done using the new TGT. To get back to th…