😈 [ thefLinkk, thefLink ]
Just pushed a detection idea for Foliage/AceLdr to Hunt-Sleeping-Beacons.
State Wait:UserRequest is triggered by KiUserApcDispatcher? Probably a Beacon :-)
https://t.co/ro4WETq9Ox
🔗 https://github.com/thefLink/Hunt-Sleeping-Beacons
🐥 [ tweet ]
Just pushed a detection idea for Foliage/AceLdr to Hunt-Sleeping-Beacons.
State Wait:UserRequest is triggered by KiUserApcDispatcher? Probably a Beacon :-)
https://t.co/ro4WETq9Ox
🔗 https://github.com/thefLink/Hunt-Sleeping-Beacons
🐥 [ tweet ]
😈 [ _ZakSec, Zak ]
If you're interested by an alternative way to dump domain users' NT hashes and TGT without touching LSASS, take a look at the new Masky tool :)
Everything is explained in this article: https://t.co/jbcgupxvGi
Thanks @harmj0y, @tifkin_ and @ly4k_ for their amazing work on ADCS!
🔗 https://z4ksec.github.io/posts/masky-release-v0.0.3/
🐥 [ tweet ]
If you're interested by an alternative way to dump domain users' NT hashes and TGT without touching LSASS, take a look at the new Masky tool :)
Everything is explained in this article: https://t.co/jbcgupxvGi
Thanks @harmj0y, @tifkin_ and @ly4k_ for their amazing work on ADCS!
🔗 https://z4ksec.github.io/posts/masky-release-v0.0.3/
🐥 [ tweet ]
😈 [ albertzsigovits, Albert Zsigovits ]
"Don't write malware in Nim please."
17dcfd678baabb152dad73f8d2af3a6fe3504d98667f92795897c164a5983a39
C:\Users\abc\Desktop\NimShellCodeLoader_Winx64\NimShellCodeLoader\bin\OEP_Hiijack_Inject_Load.exe
@malwrhunterteam @vxunderground @HuskyHacksMK @Hexacorn @0verfl0w_
🐥 [ tweet ]
"Don't write malware in Nim please."
17dcfd678baabb152dad73f8d2af3a6fe3504d98667f92795897c164a5983a39
C:\Users\abc\Desktop\NimShellCodeLoader_Winx64\NimShellCodeLoader\bin\OEP_Hiijack_Inject_Load.exe
@malwrhunterteam @vxunderground @HuskyHacksMK @Hexacorn @0verfl0w_
🐥 [ tweet ]
😈 [ s4ntiago_p, S4ntiagoP ]
Just finished implementing the new Shtinkering technique on nanodump, credits to @asaf_gilboa!
https://t.co/yEutAPBnS8
🔗 https://github.com/helpsystems/nanodump/pull/25
🐥 [ tweet ]
Just finished implementing the new Shtinkering technique on nanodump, credits to @asaf_gilboa!
https://t.co/yEutAPBnS8
🔗 https://github.com/helpsystems/nanodump/pull/25
🐥 [ tweet ]
😈 [ bohops, bohops ]
[Blog] Investigating .NET CLR Usage Log Tampering Techniques For EDR Evasion (Part 2)
https://t.co/02HD37quHe
I finally had the time to finish this post! Included are two 'new' Usage Log tampering techniques and additional defensive recommendations.
🔗 https://bohops.com/2022/08/22/investigating-net-clr-usage-log-tampering-techniques-for-edr-evasion-part-2/
🐥 [ tweet ]
[Blog] Investigating .NET CLR Usage Log Tampering Techniques For EDR Evasion (Part 2)
https://t.co/02HD37quHe
I finally had the time to finish this post! Included are two 'new' Usage Log tampering techniques and additional defensive recommendations.
🔗 https://bohops.com/2022/08/22/investigating-net-clr-usage-log-tampering-techniques-for-edr-evasion-part-2/
🐥 [ tweet ]
😈 [ ORCx41, ORCA ]
released a poc on etw session hijacking, blocking network events monitoring on procmon
https://t.co/E2BPjdVIBj
🔗 https://github.com/ORCx41/EtwSessionHijacking
🐥 [ tweet ]
released a poc on etw session hijacking, blocking network events monitoring on procmon
https://t.co/E2BPjdVIBj
🔗 https://github.com/ORCx41/EtwSessionHijacking
🐥 [ tweet ]
😈 [ m3g9tr0n, Spiros Fraganastasis ]
Creating Shellcode from any Code Using Visual Studio and C++
https://t.co/p10vUufQEH
🔗 https://www.codeproject.com/Articles/5304605/Creating-Shellcode-from-any-Code-Using-Visual-Stud
🐥 [ tweet ]
Creating Shellcode from any Code Using Visual Studio and C++
https://t.co/p10vUufQEH
🔗 https://www.codeproject.com/Articles/5304605/Creating-Shellcode-from-any-Code-Using-Visual-Stud
🐥 [ tweet ]
👹 [ snovvcrash, sn🥶vvcr💥sh ]
I don’t think it’s suitable for the upstream (just too lazy to clean up the code for a proper PR) but here’s a dirty PoC of semi-execute-assembly with #CrackMapExec. Enjoy 😈
https://t.co/1nfUudCpZI
🔗 https://github.com/snovvcrash/CrackMapExec/tree/dotnetassembly
🐥 [ tweet ][ quote ]
I don’t think it’s suitable for the upstream (just too lazy to clean up the code for a proper PR) but here’s a dirty PoC of semi-execute-assembly with #CrackMapExec. Enjoy 😈
https://t.co/1nfUudCpZI
🔗 https://github.com/snovvcrash/CrackMapExec/tree/dotnetassembly
🐥 [ tweet ][ quote ]
😈 [ mansk1es, MANSK1ES ]
An article of mine called "Attacking on Behalf on Defense" which talks about abusing EDRs/XDRs to dump lsass (and much beyond), plus a bonus collab with @dec0ne.
https://t.co/9JxS9tjXxH
🔗 https://mansk1es.gitbook.io/edr-binary-abuse/
🐥 [ tweet ]
An article of mine called "Attacking on Behalf on Defense" which talks about abusing EDRs/XDRs to dump lsass (and much beyond), plus a bonus collab with @dec0ne.
https://t.co/9JxS9tjXxH
🔗 https://mansk1es.gitbook.io/edr-binary-abuse/
🐥 [ tweet ]
😈 [ MsftSecIntel, Microsoft Security Intelligence ]
Microsoft has observed various threat actors adopting and integrating the Sliver C2 framework in intrusion campaigns with—or as a replacement for—Cobalt Strike. Get technical info and hunting queries from this blog by Microsoft Security Experts: https://t.co/FBXYRsif0K
🔗 https://msft.it/6010jdC1q
🐥 [ tweet ]
Microsoft has observed various threat actors adopting and integrating the Sliver C2 framework in intrusion campaigns with—or as a replacement for—Cobalt Strike. Get technical info and hunting queries from this blog by Microsoft Security Experts: https://t.co/FBXYRsif0K
🔗 https://msft.it/6010jdC1q
🐥 [ tweet ]
лол🔥1
😈 [ m8sec, Mike Brown ]
Just released a new blog post on "Exploiting PrintNightmare (CVE-2021-34527)" - which includes my version of the exploit that uses a built-in SMB server for payload delivery (no more open file shares!)
https://t.co/61dPOeD6ok
https://t.co/a9KXbbghe3
🔗 https://github.com/m8sec/CVE-2021-34527
🔗 https://infosecwriteups.com/exploiting-printnightmare-cve-2021-34527-10c6e0f5b83f?source=social.tw
🐥 [ tweet ]
Just released a new blog post on "Exploiting PrintNightmare (CVE-2021-34527)" - which includes my version of the exploit that uses a built-in SMB server for payload delivery (no more open file shares!)
https://t.co/61dPOeD6ok
https://t.co/a9KXbbghe3
🔗 https://github.com/m8sec/CVE-2021-34527
🔗 https://infosecwriteups.com/exploiting-printnightmare-cve-2021-34527-10c6e0f5b83f?source=social.tw
🐥 [ tweet ]
😈 [ PenTestPartners, Pen Test Partners ]
Last week our @_EthicalChaos_ promised something tasty: "Want to authenticate to RDP/Citrix using your abused ADCS certificate and live off the land? PIVert has got your back. Will be releasing soon!"
Well, here it is - Living off the land, AD CS style
https://t.co/SO1QK6fQ7y
🔗 https://www.pentestpartners.com/security-blog/living-off-the-land-ad-cs-style/
🐥 [ tweet ]
Last week our @_EthicalChaos_ promised something tasty: "Want to authenticate to RDP/Citrix using your abused ADCS certificate and live off the land? PIVert has got your back. Will be releasing soon!"
Well, here it is - Living off the land, AD CS style
https://t.co/SO1QK6fQ7y
🔗 https://www.pentestpartners.com/security-blog/living-off-the-land-ad-cs-style/
🐥 [ tweet ]
😈 [ _mohemiv, Arseniy Sharoglazov ]
🔥 I've created a new Twitter account: @OffensiveTg
This account will try to share useful posts from Telegram or other non-Twitter sources.
🍏 May be run by the community later, and/or automation might be added.
🔗 https://twitter.com/offensivetg
🐥 [ tweet ]
🔥 I've created a new Twitter account: @OffensiveTg
This account will try to share useful posts from Telegram or other non-Twitter sources.
🍏 May be run by the community later, and/or automation might be added.
🔗 https://twitter.com/offensivetg
🐥 [ tweet ]
опасность рекурсии!👎1
😈 [ akaclandestine, Clandestine ]
GitHub - khast3x/Redcloud: Automated Red Team Infrastructure deployement using Docker https://t.co/FPivhR11Fo
🔗 https://github.com/khast3x/Redcloud
🐥 [ tweet ]
GitHub - khast3x/Redcloud: Automated Red Team Infrastructure deployement using Docker https://t.co/FPivhR11Fo
🔗 https://github.com/khast3x/Redcloud
🐥 [ tweet ]
😈 [ _Kudaes_, Kurosh Dabbagh ]
Elevator (UAC bypass) is finally released: https://t.co/nuVm6aAFus. One of the most curious UAC bypasses that I've ever seen, and also it works like a charm. Give it a try and send me your feedback!
🔗 https://github.com/Kudaes/Elevator
🐥 [ tweet ]
Elevator (UAC bypass) is finally released: https://t.co/nuVm6aAFus. One of the most curious UAC bypasses that I've ever seen, and also it works like a charm. Give it a try and send me your feedback!
🔗 https://github.com/Kudaes/Elevator
🐥 [ tweet ]
😈 [ m3g9tr0n, Spiros Fraganastasis ]
Harvesting Active Directory Credentials via HTTP Request Smuggling https://t.co/SYQVpKJ5WO
🔗 https://northwave-security.com/harvesting-active-directory-credentials-via-http-request-smuggling/
🐥 [ tweet ]
Harvesting Active Directory Credentials via HTTP Request Smuggling https://t.co/SYQVpKJ5WO
🔗 https://northwave-security.com/harvesting-active-directory-credentials-via-http-request-smuggling/
🐥 [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ zux0x3a, Lawrence 勞倫斯 ]
the beta version of https://t.co/X6JcXARx0u is live; what inside
✅ online wiki in terminal style made for red teamers
✅ can search for a specific topic (.e.g search "pass the hash")
✅ you can look up specific modules for specific command line (e.g lookup mimikatz "golden")
🔗 http://terminal.ired.dev
🐥 [ tweet ]
the beta version of https://t.co/X6JcXARx0u is live; what inside
✅ online wiki in terminal style made for red teamers
✅ can search for a specific topic (.e.g search "pass the hash")
✅ you can look up specific modules for specific command line (e.g lookup mimikatz "golden")
🔗 http://terminal.ired.dev
🐥 [ tweet ]
😈 [ embee_research, Matthew ]
In depth analysis of a 6-stage #asyncrat #malware loader using #cyberchef + #dnspy🐀
Persistent .lnk -> .py noscript -> 2nd .py noscript -> .NET DLL (reflection) -> .NET DLL (injected into msbuild.exe) -> .NET dll (custom obfuscation) -> .NET .exe (asyncrat)
https://t.co/e2Y5jHOOYy
🔗 https://www.huntress.com/blog/snakes-on-a-domain-an-analysis-of-a-python-malware-loader
🐥 [ tweet ]
In depth analysis of a 6-stage #asyncrat #malware loader using #cyberchef + #dnspy🐀
Persistent .lnk -> .py noscript -> 2nd .py noscript -> .NET DLL (reflection) -> .NET DLL (injected into msbuild.exe) -> .NET dll (custom obfuscation) -> .NET .exe (asyncrat)
https://t.co/e2Y5jHOOYy
🔗 https://www.huntress.com/blog/snakes-on-a-domain-an-analysis-of-a-python-malware-loader
🐥 [ tweet ]