😈 [ Jean_Maes_1994, Jean ]
decided to cut the blogpost shorter so its more digestible - part 1 is up now.
Disclaimer, I am not an expert in C so if I dun goofed reach out to correct me.
https://t.co/WzZ895si1R
🔗 https://redteamer.tips/help-i-need-to-write-code-in-c-part-1-setup-and-intro/
🐥 [ tweet ]
decided to cut the blogpost shorter so its more digestible - part 1 is up now.
Disclaimer, I am not an expert in C so if I dun goofed reach out to correct me.
https://t.co/WzZ895si1R
🔗 https://redteamer.tips/help-i-need-to-write-code-in-c-part-1-setup-and-intro/
🐥 [ tweet ]
😈 [ r4wd3r, Sebastián Castro (at Black Hat & DEFCON) ]
I had a blast releasing 'Suborner: A Windows Bribery for Invisible Persistence' at @BlackHatEvents.
Blog and GH of the attack:
Blog: https://t.co/FFZ39e4q7T
GitHub: https://t.co/TAi5zpAU2y
Thanks to all the attendees! #BHUSA #BHUSA2022 #DEFCON30 #DEFCON
🔗 https://r4wsec.com/notes/the_suborner_attack/
🔗 https://github.com/r4wd3r/Suborner
🐥 [ tweet ]
I had a blast releasing 'Suborner: A Windows Bribery for Invisible Persistence' at @BlackHatEvents.
Blog and GH of the attack:
Blog: https://t.co/FFZ39e4q7T
GitHub: https://t.co/TAi5zpAU2y
Thanks to all the attendees! #BHUSA #BHUSA2022 #DEFCON30 #DEFCON
🔗 https://r4wsec.com/notes/the_suborner_attack/
🔗 https://github.com/r4wd3r/Suborner
🐥 [ tweet ]
🔥1
😈 [ HuskyHacksMK, Matt | HuskyHacks ]
Good morning and happy friday! 📝New note is up on https://t.co/DIZF98hUtO
🛡 I am a Responsible Red Teamer. This is my manifesto.
https://t.co/MSXhvhIKMR
🔗 http://notes.huskyhacks.dev
🔗 https://notes.huskyhacks.dev/notes/the-responsible-red-teamers-manifesto
🐥 [ tweet ]
Good morning and happy friday! 📝New note is up on https://t.co/DIZF98hUtO
🛡 I am a Responsible Red Teamer. This is my manifesto.
https://t.co/MSXhvhIKMR
🔗 http://notes.huskyhacks.dev
🔗 https://notes.huskyhacks.dev/notes/the-responsible-red-teamers-manifesto
🐥 [ tweet ]
😈 [ kyleavery_, Kyle Avery ]
Incase you missed it, check out my new tool from #DEFCON30 !
https://t.co/tQLGr8Dvl6
🔗 https://github.com/kyleavery/AceLdr
🐥 [ tweet ]
Incase you missed it, check out my new tool from #DEFCON30 !
https://t.co/tQLGr8Dvl6
🔗 https://github.com/kyleavery/AceLdr
🐥 [ tweet ]
👹 [ snovvcrash, sn🥶vvcr💥sh ]
[#HackTip ⚒] Looking for a legitimate way of achieving #persistence on Windows? How about #AnyDesk silent deployment? 😉
🐥 [ tweet ]
[#HackTip ⚒] Looking for a legitimate way of achieving #persistence on Windows? How about #AnyDesk silent deployment? 😉
🐥 [ tweet ]
🔥2
😈 [ monoxgas, Nick Landers ]
Slides are up for our (w/ @tiraniddo) Kerberos LPE presentation from #blackhat2022. Hope you enjoy, and thank for to everyone who attended!
https://t.co/uojv3cI8np
🔗 https://i.blackhat.com/USA-22/Wednesday/US-22-Forshaw-Taking-Kerberos-To-The-Next-Level.pdf
🐥 [ tweet ]
Slides are up for our (w/ @tiraniddo) Kerberos LPE presentation from #blackhat2022. Hope you enjoy, and thank for to everyone who attended!
https://t.co/uojv3cI8np
🔗 https://i.blackhat.com/USA-22/Wednesday/US-22-Forshaw-Taking-Kerberos-To-The-Next-Level.pdf
🐥 [ tweet ]
😈 [ HenriNurmi, Henri Nurmi ]
In-memory token vault BOF for #CobaltStrike. Allows you to hot swap/re-use already stolen tokens without re-duplicating, and store tokens for later use in case of a person logs out. https://t.co/34iIm5XfAw
🔗 https://github.com/Henkru/cs-token-vault
🐥 [ tweet ]
In-memory token vault BOF for #CobaltStrike. Allows you to hot swap/re-use already stolen tokens without re-duplicating, and store tokens for later use in case of a person logs out. https://t.co/34iIm5XfAw
🔗 https://github.com/Henkru/cs-token-vault
🐥 [ tweet ]
👹 [ snovvcrash, sn🥶vvcr💥sh ]
[#Tooling ⚔️] Updated my SharpBin2SelfInject gist with the recent H/Invoke technique by @dr4k0nia for a stealthier GetModuleHandle / GetProcAddress resolution and invocation 🥷🏻
https://t.co/JZd3YCXfPh
#maldev #dinvoke #hinvoke
🔗 https://gist.github.com/snovvcrash/30bd25b1a5a18d8bb7ce3bb8dc2bae37
🐥 [ tweet ]
[#Tooling ⚔️] Updated my SharpBin2SelfInject gist with the recent H/Invoke technique by @dr4k0nia for a stealthier GetModuleHandle / GetProcAddress resolution and invocation 🥷🏻
https://t.co/JZd3YCXfPh
#maldev #dinvoke #hinvoke
🔗 https://gist.github.com/snovvcrash/30bd25b1a5a18d8bb7ce3bb8dc2bae37
🐥 [ tweet ]
😈 [ chvancooten, Cas van Cooten ]
. @Wietze rocking it on stage and launching https://t.co/X0GOVPaFsB, a community-driven project that maintains a repository of binaries vulnerable to variety of different DLL hijacks 🔥
🔗 https://hijacklibs.net/
🐥 [ tweet ]
. @Wietze rocking it on stage and launching https://t.co/X0GOVPaFsB, a community-driven project that maintains a repository of binaries vulnerable to variety of different DLL hijacks 🔥
🔗 https://hijacklibs.net/
🐥 [ tweet ]
😈 [ nachoskrnl, Ben Barnea ]
Long time has passed since the last authentication coercion vulnerability (DFSCoerce) so I think it's time for a new one. A vulnerability in the Server service leading to auth coerce.
Details: https://t.co/L3u8ZUVsaL
PoC:
https://t.co/6XqCqipwjX
🔗 https://www.akamai.com/blog/security/authentication-coercion-windows-server-service
🔗 https://github.com/akamai/akamai-security-research/tree/main/cve-2022-30216
🐥 [ tweet ]
Long time has passed since the last authentication coercion vulnerability (DFSCoerce) so I think it's time for a new one. A vulnerability in the Server service leading to auth coerce.
Details: https://t.co/L3u8ZUVsaL
PoC:
https://t.co/6XqCqipwjX
🔗 https://www.akamai.com/blog/security/authentication-coercion-windows-server-service
🔗 https://github.com/akamai/akamai-security-research/tree/main/cve-2022-30216
🐥 [ tweet ]
😈 [ m3g9tr0n, Spiros Fraganastasis ]
Zoom Persistence via Symlink Abuse
https://t.co/YTnbUuamj1
🔗 https://github.com/aahmad097/ZoomPersistence
🐥 [ tweet ]
Zoom Persistence via Symlink Abuse
https://t.co/YTnbUuamj1
🔗 https://github.com/aahmad097/ZoomPersistence
🐥 [ tweet ]
😈 [ HuntressLabs, Huntress ]
Credential stealing like #NPPSPY has probably been deployed in the wild before.
From what we can tell, we seem to be the first to share findings from NPPSPY deployed in a real attack.
Check it out: https://t.co/SoETRzZS8d
🔗 https://hubs.ly/Q01k9bcs0
🐥 [ tweet ]
Credential stealing like #NPPSPY has probably been deployed in the wild before.
From what we can tell, we seem to be the first to share findings from NPPSPY deployed in a real attack.
Check it out: https://t.co/SoETRzZS8d
🔗 https://hubs.ly/Q01k9bcs0
🐥 [ tweet ]
😈 [ DirectoryRanger, DirectoryRanger ]
Red Team Privilege Escalation
Part 1 Local Privilege Escalation – Writable SYSTEM Path Privilege Escalation https://t.co/mDzvM6ZP6S
Part 2 RBCD Based Privilege Escalation https://t.co/Q7Xbydpse8
🔗 https://www.praetorian.com/blog/red-team-local-privilege-escalation-writable-system-path-privilege-escalation-part-1/
🔗 https://www.praetorian.com/blog/red-team-privilege-escalation-rbcd-based-privilege-escalation-part-2/
🐥 [ tweet ]
Red Team Privilege Escalation
Part 1 Local Privilege Escalation – Writable SYSTEM Path Privilege Escalation https://t.co/mDzvM6ZP6S
Part 2 RBCD Based Privilege Escalation https://t.co/Q7Xbydpse8
🔗 https://www.praetorian.com/blog/red-team-local-privilege-escalation-writable-system-path-privilege-escalation-part-1/
🔗 https://www.praetorian.com/blog/red-team-privilege-escalation-rbcd-based-privilege-escalation-part-2/
🐥 [ tweet ]
😈 [ mariuszbit, mgeeky | Mariusz Banach ]
🔥 Whooah, that's a really huge update to #CobaltStrike 4.7: enormous efforts made by @gregdarwin & Team, who once again pushed the Adversary Emulation industry by giving us:
SOCKS5, more BOFs memory mgmt primitives, greatly increased Sleep Mask size! 🔥
https://t.co/NEtyRiIQv3
🔗 https://bit.ly/3wbtNff
🐥 [ tweet ]
🔥 Whooah, that's a really huge update to #CobaltStrike 4.7: enormous efforts made by @gregdarwin & Team, who once again pushed the Adversary Emulation industry by giving us:
SOCKS5, more BOFs memory mgmt primitives, greatly increased Sleep Mask size! 🔥
https://t.co/NEtyRiIQv3
🔗 https://bit.ly/3wbtNff
🐥 [ tweet ]
👹 [ snovvcrash, sn🥶vvcr💥sh ]
So much fun automating this sick NPLogonNotify clear-text credential harvesting technique by @0gtweet! There’s a pretty cool blog post from @0x6d69636b on this subject, check it out 👇🏻👇🏻👇🏻
https://t.co/g2J1KkBdtt
🔗 https://www.scip.ch/en/?labs.20220217
🐥 [ tweet ]
So much fun automating this sick NPLogonNotify clear-text credential harvesting technique by @0gtweet! There’s a pretty cool blog post from @0x6d69636b on this subject, check it out 👇🏻👇🏻👇🏻
https://t.co/g2J1KkBdtt
🔗 https://www.scip.ch/en/?labs.20220217
🐥 [ tweet ]
😈 [ ORCA10K, ORCA ]
released a stable library that handles forwarded functions and does compile time hashing, replacing GetModuleHandle and GetProcAddress :
https://t.co/2rkTO2oNJ5
🔗 https://github.com/ORCx41/ApiHashing
🐥 [ tweet ]
released a stable library that handles forwarded functions and does compile time hashing, replacing GetModuleHandle and GetProcAddress :
https://t.co/2rkTO2oNJ5
🔗 https://github.com/ORCx41/ApiHashing
🐥 [ tweet ]
😈 [ _Qazeer, Qazeer ]
Aaand it's a wrap! EDRSandblast v1.1 and the slides from the DefCon30 DemoLab "EDR detection mechanisms and bypass techniques with EDRSandblast" with @th3m4ks can now be found on GitHub: https://t.co/sKK1QPqOlx 1/2
🔗 https://github.com/wavestone-cdt/EDRSandblast/tree/DefCon30Release
🐥 [ tweet ]
Aaand it's a wrap! EDRSandblast v1.1 and the slides from the DefCon30 DemoLab "EDR detection mechanisms and bypass techniques with EDRSandblast" with @th3m4ks can now be found on GitHub: https://t.co/sKK1QPqOlx 1/2
🔗 https://github.com/wavestone-cdt/EDRSandblast/tree/DefCon30Release
🐥 [ tweet ]