😈 [ ippsec, ippsec ]
Just uploaded my favorite way to detect Password Sprays and Kerberoasting on a budget by combining Event Log Filters, Scheduled Tasks, and CanaryTokens. The ability to create scheduled tasks that fire upon specific eventlog events is super powerful. https://t.co/ek3qh1O8Gl
🔗 https://youtu.be/BT9pT1tAmX8
🐥 [ tweet ]
Just uploaded my favorite way to detect Password Sprays and Kerberoasting on a budget by combining Event Log Filters, Scheduled Tasks, and CanaryTokens. The ability to create scheduled tasks that fire upon specific eventlog events is super powerful. https://t.co/ek3qh1O8Gl
🔗 https://youtu.be/BT9pT1tAmX8
🐥 [ tweet ]
😈 [ SkelSec, SkelSec ]
New pypykatz version 0.6.1 is out on Github and PIP. Now all
networking commands use the new interface!
One new feature added: dpapi masterkeyfile decryption with domain backupkey (.pvk)
Thanks @ProcessusT for the contribution.
https://t.co/qZRCcJBviJ
🔗 https://github.com/skelsec/pypykatz
🐥 [ tweet ]
New pypykatz version 0.6.1 is out on Github and PIP. Now all
networking commands use the new interface!
One new feature added: dpapi masterkeyfile decryption with domain backupkey (.pvk)
Thanks @ProcessusT for the contribution.
https://t.co/qZRCcJBviJ
🔗 https://github.com/skelsec/pypykatz
🐥 [ tweet ]
😈 [ aetsu, 𝕬𝖊𝖙𝖘𝖚 ]
‘GIFShell’ — Covert Attack Chain and C2 Utilizing Microsoft Teams GIFs -> https://t.co/6nx18oZmIk
🔗 https://link.medium.com/xJDuMH0watb
🐥 [ tweet ]
‘GIFShell’ — Covert Attack Chain and C2 Utilizing Microsoft Teams GIFs -> https://t.co/6nx18oZmIk
🔗 https://link.medium.com/xJDuMH0watb
🐥 [ tweet ]
😈 [ splinter_code, Antonio Cocomazzi ]
We are releasing an alternative way for elevating to SYSTEM when you have SeTcbPrivilege
How?
Leveraging AcquireCredentialsHandle through an SSPI hook that allows authenticating as SYSTEM to SCM
Should be "lighter" than the classic S4U
cc @decoder_it
https://t.co/IQiMXoKIP7
🔗 https://gist.github.com/antonioCoco/19563adef860614b56d010d92e67d178
🐥 [ tweet ]
We are releasing an alternative way for elevating to SYSTEM when you have SeTcbPrivilege
How?
Leveraging AcquireCredentialsHandle through an SSPI hook that allows authenticating as SYSTEM to SCM
Should be "lighter" than the classic S4U
cc @decoder_it
https://t.co/IQiMXoKIP7
🔗 https://gist.github.com/antonioCoco/19563adef860614b56d010d92e67d178
🐥 [ tweet ]
😈 [ BlWasp_, BlackWasp ]
Just updated my ADCS cheatsheet with the new ESC9 & 10 attacks, and a refactor of the page : https://t.co/Ey8wayKWUz
Additionally, I have added these ESC to The Hacker Recipes of @_nwodtuhs with more explains on this page : https://t.co/vvbFhvLVaj
🔗 https://hideandsec.sh/books/cheatsheets-82c/page/active-directory-certificate-services
🔗 https://www.thehacker.recipes/ad/movement/ad-cs/certificate-templates
🐥 [ tweet ]
Just updated my ADCS cheatsheet with the new ESC9 & 10 attacks, and a refactor of the page : https://t.co/Ey8wayKWUz
Additionally, I have added these ESC to The Hacker Recipes of @_nwodtuhs with more explains on this page : https://t.co/vvbFhvLVaj
🔗 https://hideandsec.sh/books/cheatsheets-82c/page/active-directory-certificate-services
🔗 https://www.thehacker.recipes/ad/movement/ad-cs/certificate-templates
🐥 [ tweet ]
😈 [ ippsec, ippsec ]
HTB Scanned video is up! I haven't seen anything like this box. It's a Malware Sandbox Platform - Tou can exfil data by via syscalls. User requires escaping a chroot jail. This enables you to manipulate the jail and exploit a race for root by creating libs https://t.co/d2gFiC1aCt
🔗 https://youtu.be/FoQuNsCyQz0
🐥 [ tweet ]
HTB Scanned video is up! I haven't seen anything like this box. It's a Malware Sandbox Platform - Tou can exfil data by via syscalls. User requires escaping a chroot jail. This enables you to manipulate the jail and exploit a race for root by creating libs https://t.co/d2gFiC1aCt
🔗 https://youtu.be/FoQuNsCyQz0
🐥 [ tweet ]
😈 [ 0xdf_, 0xdf ]
Scanned from @hackthebox_eu was really hard. It's a clinic in Linux system exploitation where details matter, and once I learned how all of it worked, the box is a work of art. It's all about abusing a chroot jail through some slight misconfigurations.
https://t.co/NWnJKcyUoa
🔗 https://0xdf.gitlab.io/2022/09/10/htb-scanned.html
🐥 [ tweet ]
Scanned from @hackthebox_eu was really hard. It's a clinic in Linux system exploitation where details matter, and once I learned how all of it worked, the box is a work of art. It's all about abusing a chroot jail through some slight misconfigurations.
https://t.co/NWnJKcyUoa
🔗 https://0xdf.gitlab.io/2022/09/10/htb-scanned.html
🐥 [ tweet ]
😈 [ daem0nc0re, daem0nc0re ]
Added my implementation of Ghostly Hollowing and WMI execution.
The PoC for WMI process execution supports not only local machine process but also remote machine process.
It can use NTLM authentication and Kerberos authentication.
https://t.co/z49sc9DYFw
https://t.co/Dukz9j9jmU
🔗 https://github.com/daem0nc0re/TangledWinExec/tree/main/WmiSpawn
🔗 https://github.com/daem0nc0re/TangledWinExec/commit/7eecbc25f1a636c357373faa5639d8a3136f4403
🐥 [ tweet ]
Added my implementation of Ghostly Hollowing and WMI execution.
The PoC for WMI process execution supports not only local machine process but also remote machine process.
It can use NTLM authentication and Kerberos authentication.
https://t.co/z49sc9DYFw
https://t.co/Dukz9j9jmU
🔗 https://github.com/daem0nc0re/TangledWinExec/tree/main/WmiSpawn
🔗 https://github.com/daem0nc0re/TangledWinExec/commit/7eecbc25f1a636c357373faa5639d8a3136f4403
🐥 [ tweet ]
😈 [ Alh4zr3d, Alh4zr3d ]
Red Teamers: Signed code tends to be scrutinized less. Sign your code with a fake cert: https://t.co/8MZ8pkuv4s. Or, clone the cert from a valid DLL for sneaker DLL hijacking: https://t.co/S4wn2X0to1. Caution with this against ATP, though: Microsoft knows its own certs. #redteam
🔗 https://github.com/Tylous/Limelighter
🔗 https://github.com/jfmaes/Invoke-DLLClone
🐥 [ tweet ]
Red Teamers: Signed code tends to be scrutinized less. Sign your code with a fake cert: https://t.co/8MZ8pkuv4s. Or, clone the cert from a valid DLL for sneaker DLL hijacking: https://t.co/S4wn2X0to1. Caution with this against ATP, though: Microsoft knows its own certs. #redteam
🔗 https://github.com/Tylous/Limelighter
🔗 https://github.com/jfmaes/Invoke-DLLClone
🐥 [ tweet ]
😈 [ ippsec, ippsec ]
Just uploaded a video showing off the Sensitive Commands Token Canary Token https://t.co/V1C0IU6X2N - It's a pretty simple video but I really wanted to talk about the phrase "So much offense in my defense" from this blog post: https://t.co/H83n0HnTQi
🔗 https://youtu.be/xFlH3DV0J7I
🔗 https://blog.thinkst.com/2022/09/sensitive-command-token-so-much-offense.html
🐥 [ tweet ]
Just uploaded a video showing off the Sensitive Commands Token Canary Token https://t.co/V1C0IU6X2N - It's a pretty simple video but I really wanted to talk about the phrase "So much offense in my defense" from this blog post: https://t.co/H83n0HnTQi
🔗 https://youtu.be/xFlH3DV0J7I
🔗 https://blog.thinkst.com/2022/09/sensitive-command-token-so-much-offense.html
🐥 [ tweet ]
😈 [ SEKTOR7net, SEKTOR7 Institute ]
If you happen to click on non-existing Microsoft KB link, do not despair, @betaarchive's got your back.
Huge repository containing old and recent KB articles and lots of other good info.
Check it out!
https://t.co/To0dcuqUYx
🔗 https://www.betaarchive.com/wiki/index.php?noscript=Microsoft_KB_Archive
🐥 [ tweet ]
If you happen to click on non-existing Microsoft KB link, do not despair, @betaarchive's got your back.
Huge repository containing old and recent KB articles and lots of other good info.
Check it out!
https://t.co/To0dcuqUYx
🔗 https://www.betaarchive.com/wiki/index.php?noscript=Microsoft_KB_Archive
🐥 [ tweet ]
😈 [ HuskyHacksMK, Matt | HuskyHacks ]
🔬A new, FREE PMAT section is now available on my blog!
It attempts to answer a common question that I get about the PMAT Host Only lab set up and offers steps to configure an Internal Network malware analysis network
You spoke, I listened ♥
https://t.co/XKdwWmlRn2
🔗 https://notes.huskyhacks.dev/blog/malware-analysis-labs-internal-network-vs-host-only
🐥 [ tweet ]
🔬A new, FREE PMAT section is now available on my blog!
It attempts to answer a common question that I get about the PMAT Host Only lab set up and offers steps to configure an Internal Network malware analysis network
You spoke, I listened ♥
https://t.co/XKdwWmlRn2
🔗 https://notes.huskyhacks.dev/blog/malware-analysis-labs-internal-network-vs-host-only
🐥 [ tweet ]
😈 [ M4yFly, Mayfly ]
Let's have some fun with MSSQL in GOAD this time 😁
https://t.co/x7exgnliAS
🔗 https://mayfly277.github.io/posts/GOADv2-pwning-part7/
🐥 [ tweet ]
Let's have some fun with MSSQL in GOAD this time 😁
https://t.co/x7exgnliAS
🔗 https://mayfly277.github.io/posts/GOADv2-pwning-part7/
🐥 [ tweet ]
😈 [ C5pider, 5pider ]
Talon
A (demo) 3rd party agent for the Havoc Framework.
https://t.co/BGmHOXkSCD
🔗 https://github.com/HavocFramework/Talon
🐥 [ tweet ]
Talon
A (demo) 3rd party agent for the Havoc Framework.
https://t.co/BGmHOXkSCD
🔗 https://github.com/HavocFramework/Talon
🐥 [ tweet ]
😈 [ SEKTOR7net, SEKTOR7 Institute ]
Here we go!
Pre-sale of RTO: MalDev Advanced (Vol.1) is now open
Pre-sale end: Sep 27th
Course release date: Sep 28th
Userland rootkit tech, building MSVC COFFs, custom "RPC" instrumentation and more...
You can't miss it!
https://t.co/nEYFgyS0pE
#RTO #redteam #onlinelearning
🔗 https://institute.sektor7.net/rto-maldev-adv1
🐥 [ tweet ]
Here we go!
Pre-sale of RTO: MalDev Advanced (Vol.1) is now open
Pre-sale end: Sep 27th
Course release date: Sep 28th
Userland rootkit tech, building MSVC COFFs, custom "RPC" instrumentation and more...
You can't miss it!
https://t.co/nEYFgyS0pE
#RTO #redteam #onlinelearning
🔗 https://institute.sektor7.net/rto-maldev-adv1
🐥 [ tweet ]