😈 [ embee_research, Matthew ]
In depth analysis of a 6-stage #asyncrat #malware loader using #cyberchef + #dnspy🐀
Persistent .lnk -> .py noscript -> 2nd .py noscript -> .NET DLL (reflection) -> .NET DLL (injected into msbuild.exe) -> .NET dll (custom obfuscation) -> .NET .exe (asyncrat)
https://t.co/e2Y5jHOOYy
🔗 https://www.huntress.com/blog/snakes-on-a-domain-an-analysis-of-a-python-malware-loader
🐥 [ tweet ]
In depth analysis of a 6-stage #asyncrat #malware loader using #cyberchef + #dnspy🐀
Persistent .lnk -> .py noscript -> 2nd .py noscript -> .NET DLL (reflection) -> .NET DLL (injected into msbuild.exe) -> .NET dll (custom obfuscation) -> .NET .exe (asyncrat)
https://t.co/e2Y5jHOOYy
🔗 https://www.huntress.com/blog/snakes-on-a-domain-an-analysis-of-a-python-malware-loader
🐥 [ tweet ]
😈 [ pentest_swissky, Swissky @ Home ]
Hackers No Hashing: Randomizing API Hashes to Evade Cobalt Strike Shellcode Detection
https://t.co/oUz0tt5T6x
🔗 https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
🐥 [ tweet ]
Hackers No Hashing: Randomizing API Hashes to Evade Cobalt Strike Shellcode Detection
https://t.co/oUz0tt5T6x
🔗 https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
🐥 [ tweet ]
😈 [ ShitSecure, S3cur3Th1sSh1t ]
Awesome talk by @thefLinkk for all those interested in malware dev 👏:
https://t.co/7BGEVSMiiX
Plus the tool release Lastenzug/SpiderPIC, used that just today and it works like a charm. No socks module in your C2? This can be used as burnable standalone shellcode 🔥 really cool!
🔗 https://m.youtube.com/watch?v=AucQUjJBJuw&list=PL7ZDZo2Xu332DOLSQlWlJPWRRAlpsLZQ-&index=12
🐥 [ tweet ]
Awesome talk by @thefLinkk for all those interested in malware dev 👏:
https://t.co/7BGEVSMiiX
Plus the tool release Lastenzug/SpiderPIC, used that just today and it works like a charm. No socks module in your C2? This can be used as burnable standalone shellcode 🔥 really cool!
🔗 https://m.youtube.com/watch?v=AucQUjJBJuw&list=PL7ZDZo2Xu332DOLSQlWlJPWRRAlpsLZQ-&index=12
🐥 [ tweet ]
🔥1
😈 [ 7h3h4ckv157, 7h3h4ckv157 ]
AD MindMap
#ActiveDirectory #pwn #infosec
https://t.co/4XY5sF1qMR
🔗 https://www.xmind.app/m/874LNH/
🐥 [ tweet ]
AD MindMap
#ActiveDirectory #pwn #infosec
https://t.co/4XY5sF1qMR
🔗 https://www.xmind.app/m/874LNH/
🐥 [ tweet ]
🔥2
😈 [ N4k3dTurtl3, NA ]
My first blog post on our new team website is up. Walking through manually reversing an undocumented struct and getting sleep obfuscation to work in CFG protected processes using NT calls.
https://t.co/BuRWSRwQPi
🔗 https://icebreaker.team/blogs/sleeping-with-control-flow-guard/
🐥 [ tweet ]
My first blog post on our new team website is up. Walking through manually reversing an undocumented struct and getting sleep obfuscation to work in CFG protected processes using NT calls.
https://t.co/BuRWSRwQPi
🔗 https://icebreaker.team/blogs/sleeping-with-control-flow-guard/
🐥 [ tweet ]
😈 [ hashcat, hashcat ]
Official Team Hashcat write-up of this year's @CrackMeIfYouCan contest at @defcon 2022: https://t.co/w2KCfySXrO @CynoPrime @john_users
🔗 https://github.com/hashcat/team-hashcat/blob/main/CMIYC2022/CMIYC2022TeamHashcatWriteup.pdf
🐥 [ tweet ]
Official Team Hashcat write-up of this year's @CrackMeIfYouCan contest at @defcon 2022: https://t.co/w2KCfySXrO @CynoPrime @john_users
🔗 https://github.com/hashcat/team-hashcat/blob/main/CMIYC2022/CMIYC2022TeamHashcatWriteup.pdf
🐥 [ tweet ]
😈 [ n00py1, n00py ]
"Relaying from SMB to the LDAP service ... requires an attacker to specify the –remove-mic flag ... This allows relaying from SMB to the LDAP service to work since NTLMv1 doesn’t include a message integrity code (MIC)."
https://t.co/1o7d6DquoL
@praetorianlabs
🔗 https://www.praetorian.com/blog/ntlmv1-vs-ntlmv2/
🐥 [ tweet ]
"Relaying from SMB to the LDAP service ... requires an attacker to specify the –remove-mic flag ... This allows relaying from SMB to the LDAP service to work since NTLMv1 doesn’t include a message integrity code (MIC)."
https://t.co/1o7d6DquoL
@praetorianlabs
🔗 https://www.praetorian.com/blog/ntlmv1-vs-ntlmv2/
🐥 [ tweet ]
😈 [ mrgretzky, Kuba Gretzky ]
I've just published a new blog post about Discord account hacks in the wild, using JavaScript injection through bookmarklets. I try to propose guidelines to mitigate these kind of attacks.
Thanks to @zh4ck and @buherator for inspiration and ideas!
https://t.co/amkC0Ty09d
🔗 https://breakdev.org/hacked-discord-bookmarklet-attacks/
🐥 [ tweet ]
I've just published a new blog post about Discord account hacks in the wild, using JavaScript injection through bookmarklets. I try to propose guidelines to mitigate these kind of attacks.
Thanks to @zh4ck and @buherator for inspiration and ideas!
https://t.co/amkC0Ty09d
🔗 https://breakdev.org/hacked-discord-bookmarklet-attacks/
🐥 [ tweet ]
😈 [ podalirius_, Podalirius ]
Today with my friend @_Worty we're releasing a technique to coerce an NTLM authentication on #Windows #SQL #Server as the machine account (in most cases). 🥳
A step by step demonstration is here: https://t.co/woCDA1M0Zr
🔗 https://github.com/p0dalirius/MSSQL-Analysis-Coerce
🐥 [ tweet ]
Today with my friend @_Worty we're releasing a technique to coerce an NTLM authentication on #Windows #SQL #Server as the machine account (in most cases). 🥳
A step by step demonstration is here: https://t.co/woCDA1M0Zr
🔗 https://github.com/p0dalirius/MSSQL-Analysis-Coerce
🐥 [ tweet ]
😈 [ r_redteamsec, /r/redteamsec ]
WinAPI and P/Invoke in C# https://t.co/2GL1Fg8udi #redteamsec
🔗 https://crypt0ace.github.io/posts/WinAPI-and-PInvoke-in-CSharp/
🐥 [ tweet ]
WinAPI and P/Invoke in C# https://t.co/2GL1Fg8udi #redteamsec
🔗 https://crypt0ace.github.io/posts/WinAPI-and-PInvoke-in-CSharp/
🐥 [ tweet ]
Forwarded from Внутрянка
Ardent101
Kerberos для специалиста по тестированию на проникновение. Часть 3. Неограниченное делегирование
Вступление Ранее уже было рассмотрено устройство протокола Kerberos и некоторые классические атаки с его использованием в Active Directory. Теперь рассмотрим еще один вид атак на Active Directory, связанный с неограниченным делегированием при помощи Kerberos.…
🔥2
😈 [ 0x6d69636b, Michael Schneider ]
I'm one of the 25%😫 However, I wrote an article about the basic configuration of squid with Kerberos to help those from the 75% who have never done it but need to do it😅 https://t.co/xrlvT9ziNF
🔗 https://www.scip.ch/en/?labs.20220901
🐥 [ tweet ][ quote ]
I'm one of the 25%😫 However, I wrote an article about the basic configuration of squid with Kerberos to help those from the 75% who have never done it but need to do it😅 https://t.co/xrlvT9ziNF
🔗 https://www.scip.ch/en/?labs.20220901
🐥 [ tweet ][ quote ]
В преддверии ИБ-мероприятия от «BSS-Безопасность» и Yandex Cloud и после разговоров про реверсы и пывны в грядущем цЭтЭэФе меня пробило на ностальжи, и я вспомнил про мою провалившуюся попытку найти себе применение в этой области.
Для этого 3 года назад, когда деревья были зеленее, я заставил себя написать цикл из четырёх статей для ][ — «В королевстве PWN» — в надежде, что меня увлечет бинарщина, и что я хоть чему-то смогу тут научиться. Будучи особенным ребенком в семье, я провалил как первый, так и второй таск 🤷🏻♂️
Anyways, мб кто-то сможет извлечь пользу из этого цикла — там можно найти вступительные гайды по разным вариациям срыва стека. А я уже все забыл.
Для этого 3 года назад, когда деревья были зеленее, я заставил себя написать цикл из четырёх статей для ][ — «В королевстве PWN» — в надежде, что меня увлечет бинарщина, и что я хоть чему-то смогу тут научиться. Будучи особенным ребенком в семье, я провалил как первый, так и второй таск 🤷🏻♂️
Anyways, мб кто-то сможет извлечь пользу из этого цикла — там можно найти вступительные гайды по разным вариациям срыва стека. А я уже все забыл.
🔥1😁1
😈 [ PortSwiggerRes, PortSwigger Research ]
Using Hackability to uncover a Chrome infoleak by @garethheyes
https://t.co/8gIjJoAio4
🔗 https://portswigger.net/research/using-hackability-to-uncover-a-chrome-infoleak
🐥 [ tweet ]
Using Hackability to uncover a Chrome infoleak by @garethheyes
https://t.co/8gIjJoAio4
🔗 https://portswigger.net/research/using-hackability-to-uncover-a-chrome-infoleak
🐥 [ tweet ]