😈 [ ippsec, ippsec ]

HTB Scanned video is up! I haven't seen anything like this box. It's a Malware Sandbox Platform - Tou can exfil data by via syscalls. User requires escaping a chroot jail. This enables you to manipulate the jail and exploit a race for root by creating libs https://t.co/d2gFiC1aCt

🔗 https://youtu.be/FoQuNsCyQz0

🐥 [ tweet ]

😈 [ 0xdf_, 0xdf ]

Scanned from @hackthebox_eu was really hard. It's a clinic in Linux system exploitation where details matter, and once I learned how all of it worked, the box is a work of art. It's all about abusing a chroot jail through some slight misconfigurations.
https://t.co/NWnJKcyUoa

🔗 https://0xdf.gitlab.io/2022/09/10/htb-scanned.html

🐥 [ tweet ]

😈 [ mpgn_x64, mpgn ]

You can now dump only enabled users/computers or a specific user/computer when running ntds option on CrackMapExec 🚀

Because yeah, sometime dumping can take a very very long time while you only want the krbtgt hash to forge golden ticket 😅

🐥 [ tweet ]

😈 [ daem0nc0re, daem0nc0re ]

Added my implementation of Ghostly Hollowing and WMI execution.
The PoC for WMI process execution supports not only local machine process but also remote machine process.
It can use NTLM authentication and Kerberos authentication.
https://t.co/z49sc9DYFw
https://t.co/Dukz9j9jmU

🔗 https://github.com/daem0nc0re/TangledWinExec/tree/main/WmiSpawn
🔗 https://github.com/daem0nc0re/TangledWinExec/commit/7eecbc25f1a636c357373faa5639d8a3136f4403

🐥 [ tweet ]

😈 [ Alh4zr3d, Alh4zr3d ]

Red Teamers: Signed code tends to be scrutinized less. Sign your code with a fake cert: https://t.co/8MZ8pkuv4s. Or, clone the cert from a valid DLL for sneaker DLL hijacking: https://t.co/S4wn2X0to1. Caution with this against ATP, though: Microsoft knows its own certs. #redteam

🔗 https://github.com/Tylous/Limelighter
🔗 https://github.com/jfmaes/Invoke-DLLClone

🐥 [ tweet ]

😈 [ ippsec, ippsec ]

Just uploaded a video showing off the Sensitive Commands Token Canary Token https://t.co/V1C0IU6X2N - It's a pretty simple video but I really wanted to talk about the phrase "So much offense in my defense" from this blog post: https://t.co/H83n0HnTQi

🔗 https://youtu.be/xFlH3DV0J7I
🔗 https://blog.thinkst.com/2022/09/sensitive-command-token-so-much-offense.html

🐥 [ tweet ]

😈 [ SEKTOR7net, SEKTOR7 Institute ]

If you happen to click on non-existing Microsoft KB link, do not despair, @betaarchive's got your back.

Huge repository containing old and recent KB articles and lots of other good info.

Check it out!

https://t.co/To0dcuqUYx

🔗 https://www.betaarchive.com/wiki/index.php?noscript=Microsoft_KB_Archive

🐥 [ tweet ]

😈 [ HuskyHacksMK, Matt | HuskyHacks ]

🔬A new, FREE PMAT section is now available on my blog!

It attempts to answer a common question that I get about the PMAT Host Only lab set up and offers steps to configure an Internal Network malware analysis network

You spoke, I listened ♥

https://t.co/XKdwWmlRn2

🔗 https://notes.huskyhacks.dev/blog/malware-analysis-labs-internal-network-vs-host-only

🐥 [ tweet ]

😈 [ M4yFly, Mayfly ]

Let's have some fun with MSSQL in GOAD this time 😁
https://t.co/x7exgnliAS

🔗 https://mayfly277.github.io/posts/GOADv2-pwning-part7/

🐥 [ tweet ]

😈 [ C5pider, 5pider ]

Talon
A (demo) 3rd party agent for the Havoc Framework.
https://t.co/BGmHOXkSCD

🔗 https://github.com/HavocFramework/Talon

🐥 [ tweet ]

😈 [ SEKTOR7net, SEKTOR7 Institute ]

Here we go!

Pre-sale of RTO: MalDev Advanced (Vol.1) is now open
Pre-sale end: Sep 27th
Course release date: Sep 28th

Userland rootkit tech, building MSVC COFFs, custom "RPC" instrumentation and more...

You can't miss it!
https://t.co/nEYFgyS0pE

#RTO #redteam #onlinelearning

🔗 https://institute.sektor7.net/rto-maldev-adv1

🐥 [ tweet ]

😈 [ m8sec, Mike Brown ]

Current state of infosec Twitter...

🐥 [ tweet ]

😈 [ BushidoToken, Will ]

Hey @MicrosoftTeams

🐥 [ tweet ]

так жизненно прастите