😈 [ m8sec, Mike Brown ]
Just released a new blog post on "Exploiting PrintNightmare (CVE-2021-34527)" - which includes my version of the exploit that uses a built-in SMB server for payload delivery (no more open file shares!)
https://t.co/61dPOeD6ok
https://t.co/a9KXbbghe3
🔗 https://github.com/m8sec/CVE-2021-34527
🔗 https://infosecwriteups.com/exploiting-printnightmare-cve-2021-34527-10c6e0f5b83f?source=social.tw
🐥 [ tweet ]
Just released a new blog post on "Exploiting PrintNightmare (CVE-2021-34527)" - which includes my version of the exploit that uses a built-in SMB server for payload delivery (no more open file shares!)
https://t.co/61dPOeD6ok
https://t.co/a9KXbbghe3
🔗 https://github.com/m8sec/CVE-2021-34527
🔗 https://infosecwriteups.com/exploiting-printnightmare-cve-2021-34527-10c6e0f5b83f?source=social.tw
🐥 [ tweet ]
😈 [ PenTestPartners, Pen Test Partners ]
Last week our @_EthicalChaos_ promised something tasty: "Want to authenticate to RDP/Citrix using your abused ADCS certificate and live off the land? PIVert has got your back. Will be releasing soon!"
Well, here it is - Living off the land, AD CS style
https://t.co/SO1QK6fQ7y
🔗 https://www.pentestpartners.com/security-blog/living-off-the-land-ad-cs-style/
🐥 [ tweet ]
Last week our @_EthicalChaos_ promised something tasty: "Want to authenticate to RDP/Citrix using your abused ADCS certificate and live off the land? PIVert has got your back. Will be releasing soon!"
Well, here it is - Living off the land, AD CS style
https://t.co/SO1QK6fQ7y
🔗 https://www.pentestpartners.com/security-blog/living-off-the-land-ad-cs-style/
🐥 [ tweet ]
😈 [ _mohemiv, Arseniy Sharoglazov ]
🔥 I've created a new Twitter account: @OffensiveTg
This account will try to share useful posts from Telegram or other non-Twitter sources.
🍏 May be run by the community later, and/or automation might be added.
🔗 https://twitter.com/offensivetg
🐥 [ tweet ]
🔥 I've created a new Twitter account: @OffensiveTg
This account will try to share useful posts from Telegram or other non-Twitter sources.
🍏 May be run by the community later, and/or automation might be added.
🔗 https://twitter.com/offensivetg
🐥 [ tweet ]
опасность рекурсии!👎1
😈 [ akaclandestine, Clandestine ]
GitHub - khast3x/Redcloud: Automated Red Team Infrastructure deployement using Docker https://t.co/FPivhR11Fo
🔗 https://github.com/khast3x/Redcloud
🐥 [ tweet ]
GitHub - khast3x/Redcloud: Automated Red Team Infrastructure deployement using Docker https://t.co/FPivhR11Fo
🔗 https://github.com/khast3x/Redcloud
🐥 [ tweet ]
😈 [ _Kudaes_, Kurosh Dabbagh ]
Elevator (UAC bypass) is finally released: https://t.co/nuVm6aAFus. One of the most curious UAC bypasses that I've ever seen, and also it works like a charm. Give it a try and send me your feedback!
🔗 https://github.com/Kudaes/Elevator
🐥 [ tweet ]
Elevator (UAC bypass) is finally released: https://t.co/nuVm6aAFus. One of the most curious UAC bypasses that I've ever seen, and also it works like a charm. Give it a try and send me your feedback!
🔗 https://github.com/Kudaes/Elevator
🐥 [ tweet ]
😈 [ m3g9tr0n, Spiros Fraganastasis ]
Harvesting Active Directory Credentials via HTTP Request Smuggling https://t.co/SYQVpKJ5WO
🔗 https://northwave-security.com/harvesting-active-directory-credentials-via-http-request-smuggling/
🐥 [ tweet ]
Harvesting Active Directory Credentials via HTTP Request Smuggling https://t.co/SYQVpKJ5WO
🔗 https://northwave-security.com/harvesting-active-directory-credentials-via-http-request-smuggling/
🐥 [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ zux0x3a, Lawrence 勞倫斯 ]
the beta version of https://t.co/X6JcXARx0u is live; what inside
✅ online wiki in terminal style made for red teamers
✅ can search for a specific topic (.e.g search "pass the hash")
✅ you can look up specific modules for specific command line (e.g lookup mimikatz "golden")
🔗 http://terminal.ired.dev
🐥 [ tweet ]
the beta version of https://t.co/X6JcXARx0u is live; what inside
✅ online wiki in terminal style made for red teamers
✅ can search for a specific topic (.e.g search "pass the hash")
✅ you can look up specific modules for specific command line (e.g lookup mimikatz "golden")
🔗 http://terminal.ired.dev
🐥 [ tweet ]
😈 [ embee_research, Matthew ]
In depth analysis of a 6-stage #asyncrat #malware loader using #cyberchef + #dnspy🐀
Persistent .lnk -> .py noscript -> 2nd .py noscript -> .NET DLL (reflection) -> .NET DLL (injected into msbuild.exe) -> .NET dll (custom obfuscation) -> .NET .exe (asyncrat)
https://t.co/e2Y5jHOOYy
🔗 https://www.huntress.com/blog/snakes-on-a-domain-an-analysis-of-a-python-malware-loader
🐥 [ tweet ]
In depth analysis of a 6-stage #asyncrat #malware loader using #cyberchef + #dnspy🐀
Persistent .lnk -> .py noscript -> 2nd .py noscript -> .NET DLL (reflection) -> .NET DLL (injected into msbuild.exe) -> .NET dll (custom obfuscation) -> .NET .exe (asyncrat)
https://t.co/e2Y5jHOOYy
🔗 https://www.huntress.com/blog/snakes-on-a-domain-an-analysis-of-a-python-malware-loader
🐥 [ tweet ]
😈 [ pentest_swissky, Swissky @ Home ]
Hackers No Hashing: Randomizing API Hashes to Evade Cobalt Strike Shellcode Detection
https://t.co/oUz0tt5T6x
🔗 https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
🐥 [ tweet ]
Hackers No Hashing: Randomizing API Hashes to Evade Cobalt Strike Shellcode Detection
https://t.co/oUz0tt5T6x
🔗 https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
🐥 [ tweet ]
😈 [ ShitSecure, S3cur3Th1sSh1t ]
Awesome talk by @thefLinkk for all those interested in malware dev 👏:
https://t.co/7BGEVSMiiX
Plus the tool release Lastenzug/SpiderPIC, used that just today and it works like a charm. No socks module in your C2? This can be used as burnable standalone shellcode 🔥 really cool!
🔗 https://m.youtube.com/watch?v=AucQUjJBJuw&list=PL7ZDZo2Xu332DOLSQlWlJPWRRAlpsLZQ-&index=12
🐥 [ tweet ]
Awesome talk by @thefLinkk for all those interested in malware dev 👏:
https://t.co/7BGEVSMiiX
Plus the tool release Lastenzug/SpiderPIC, used that just today and it works like a charm. No socks module in your C2? This can be used as burnable standalone shellcode 🔥 really cool!
🔗 https://m.youtube.com/watch?v=AucQUjJBJuw&list=PL7ZDZo2Xu332DOLSQlWlJPWRRAlpsLZQ-&index=12
🐥 [ tweet ]
🔥1
😈 [ 7h3h4ckv157, 7h3h4ckv157 ]
AD MindMap
#ActiveDirectory #pwn #infosec
https://t.co/4XY5sF1qMR
🔗 https://www.xmind.app/m/874LNH/
🐥 [ tweet ]
AD MindMap
#ActiveDirectory #pwn #infosec
https://t.co/4XY5sF1qMR
🔗 https://www.xmind.app/m/874LNH/
🐥 [ tweet ]
🔥2
😈 [ N4k3dTurtl3, NA ]
My first blog post on our new team website is up. Walking through manually reversing an undocumented struct and getting sleep obfuscation to work in CFG protected processes using NT calls.
https://t.co/BuRWSRwQPi
🔗 https://icebreaker.team/blogs/sleeping-with-control-flow-guard/
🐥 [ tweet ]
My first blog post on our new team website is up. Walking through manually reversing an undocumented struct and getting sleep obfuscation to work in CFG protected processes using NT calls.
https://t.co/BuRWSRwQPi
🔗 https://icebreaker.team/blogs/sleeping-with-control-flow-guard/
🐥 [ tweet ]
😈 [ hashcat, hashcat ]
Official Team Hashcat write-up of this year's @CrackMeIfYouCan contest at @defcon 2022: https://t.co/w2KCfySXrO @CynoPrime @john_users
🔗 https://github.com/hashcat/team-hashcat/blob/main/CMIYC2022/CMIYC2022TeamHashcatWriteup.pdf
🐥 [ tweet ]
Official Team Hashcat write-up of this year's @CrackMeIfYouCan contest at @defcon 2022: https://t.co/w2KCfySXrO @CynoPrime @john_users
🔗 https://github.com/hashcat/team-hashcat/blob/main/CMIYC2022/CMIYC2022TeamHashcatWriteup.pdf
🐥 [ tweet ]
😈 [ n00py1, n00py ]
"Relaying from SMB to the LDAP service ... requires an attacker to specify the –remove-mic flag ... This allows relaying from SMB to the LDAP service to work since NTLMv1 doesn’t include a message integrity code (MIC)."
https://t.co/1o7d6DquoL
@praetorianlabs
🔗 https://www.praetorian.com/blog/ntlmv1-vs-ntlmv2/
🐥 [ tweet ]
"Relaying from SMB to the LDAP service ... requires an attacker to specify the –remove-mic flag ... This allows relaying from SMB to the LDAP service to work since NTLMv1 doesn’t include a message integrity code (MIC)."
https://t.co/1o7d6DquoL
@praetorianlabs
🔗 https://www.praetorian.com/blog/ntlmv1-vs-ntlmv2/
🐥 [ tweet ]
😈 [ mrgretzky, Kuba Gretzky ]
I've just published a new blog post about Discord account hacks in the wild, using JavaScript injection through bookmarklets. I try to propose guidelines to mitigate these kind of attacks.
Thanks to @zh4ck and @buherator for inspiration and ideas!
https://t.co/amkC0Ty09d
🔗 https://breakdev.org/hacked-discord-bookmarklet-attacks/
🐥 [ tweet ]
I've just published a new blog post about Discord account hacks in the wild, using JavaScript injection through bookmarklets. I try to propose guidelines to mitigate these kind of attacks.
Thanks to @zh4ck and @buherator for inspiration and ideas!
https://t.co/amkC0Ty09d
🔗 https://breakdev.org/hacked-discord-bookmarklet-attacks/
🐥 [ tweet ]