😈 [ M4yFly, Mayfly ]
Let's have some fun with MSSQL in GOAD this time 😁
https://t.co/x7exgnliAS
🔗 https://mayfly277.github.io/posts/GOADv2-pwning-part7/
🐥 [ tweet ]
Let's have some fun with MSSQL in GOAD this time 😁
https://t.co/x7exgnliAS
🔗 https://mayfly277.github.io/posts/GOADv2-pwning-part7/
🐥 [ tweet ]
😈 [ C5pider, 5pider ]
Talon
A (demo) 3rd party agent for the Havoc Framework.
https://t.co/BGmHOXkSCD
🔗 https://github.com/HavocFramework/Talon
🐥 [ tweet ]
Talon
A (demo) 3rd party agent for the Havoc Framework.
https://t.co/BGmHOXkSCD
🔗 https://github.com/HavocFramework/Talon
🐥 [ tweet ]
😈 [ SEKTOR7net, SEKTOR7 Institute ]
Here we go!
Pre-sale of RTO: MalDev Advanced (Vol.1) is now open
Pre-sale end: Sep 27th
Course release date: Sep 28th
Userland rootkit tech, building MSVC COFFs, custom "RPC" instrumentation and more...
You can't miss it!
https://t.co/nEYFgyS0pE
#RTO #redteam #onlinelearning
🔗 https://institute.sektor7.net/rto-maldev-adv1
🐥 [ tweet ]
Here we go!
Pre-sale of RTO: MalDev Advanced (Vol.1) is now open
Pre-sale end: Sep 27th
Course release date: Sep 28th
Userland rootkit tech, building MSVC COFFs, custom "RPC" instrumentation and more...
You can't miss it!
https://t.co/nEYFgyS0pE
#RTO #redteam #onlinelearning
🔗 https://institute.sektor7.net/rto-maldev-adv1
🐥 [ tweet ]
😈 [ netero_1010, Chris Au ]
Having some fun to re-implement indirect syscall in C#.
https://t.co/7E0Ebk0Uub
🔗 https://www.netero1010-securitylab.com/evasion/indirect-syscall-in-csharp
🐥 [ tweet ]
Having some fun to re-implement indirect syscall in C#.
https://t.co/7E0Ebk0Uub
🔗 https://www.netero1010-securitylab.com/evasion/indirect-syscall-in-csharp
🐥 [ tweet ]
😈 [ TrimarcSecurity, Trimarc ]
If you happened to miss our webinar back in June on 10 Ways to Secure AD Quickly, @JimSycurity wrote you a whitepaper on how to do the very things we talked about. He's a champion.
It's available for download right now:
https://t.co/3wPehRbWP5
🔗 https://www.hub.trimarcsecurity.com/post/ten-ways-to-improve-ad-security-quickly
🐥 [ tweet ]
If you happened to miss our webinar back in June on 10 Ways to Secure AD Quickly, @JimSycurity wrote you a whitepaper on how to do the very things we talked about. He's a champion.
It's available for download right now:
https://t.co/3wPehRbWP5
🔗 https://www.hub.trimarcsecurity.com/post/ten-ways-to-improve-ad-security-quickly
🐥 [ tweet ]
Offensive Xwitter
😈 [ TrimarcSecurity, Trimarc ] If you happened to miss our webinar back in June on 10 Ways to Secure AD Quickly, @JimSycurity wrote you a whitepaper on how to do the very things we talked about. He's a champion. It's available for download right now: h…
Improving AD Security Quickly Whitepaper.pdf
2.8 MB
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ gentilkiwi, 🥝 Benjamin Delpy ]
Always fabulous to see editors low the Windows Security level
When Citrix SSO is enabled... passwords are stored in *user processes* (in addition to system ones)
Ho yeah, *even if you have Credential Guard*
Yeah, that's what Citrix is calling "SSO"
> Will be in #mimikatz 3 🥝
🐥 [ tweet ]
Always fabulous to see editors low the Windows Security level
When Citrix SSO is enabled... passwords are stored in *user processes* (in addition to system ones)
Ho yeah, *even if you have Credential Guard*
Yeah, that's what Citrix is calling "SSO"
> Will be in #mimikatz 3 🥝
🐥 [ tweet ]
😈 [ TrustedSec, TrustedSec ]
Does crack[.]sh being offline got you down? 😔 Don't worry, you have options.
Find out how @n00py1 uses two different techniques to exploit systems that allow for the NTLMv1 authentication protocol.
https://t.co/eMqdnbZHLP
🔗 https://hubs.la/Q01mpY-j0
🐥 [ tweet ]
Does crack[.]sh being offline got you down? 😔 Don't worry, you have options.
Find out how @n00py1 uses two different techniques to exploit systems that allow for the NTLMv1 authentication protocol.
https://t.co/eMqdnbZHLP
🔗 https://hubs.la/Q01mpY-j0
🐥 [ tweet ]
😈 [ SkelSec, SkelSec ]
Python. Asyncio. SSH. Client. (library)
Don't use it if you need security, use it when you want to test security :)
Public, MIT license.
As usual, thank you for all supporters of @porchetta_ind
https://t.co/hc6izOo6Xd
🔗 https://github.com/skelsec/amurex
🐥 [ tweet ]
Python. Asyncio. SSH. Client. (library)
Don't use it if you need security, use it when you want to test security :)
Public, MIT license.
As usual, thank you for all supporters of @porchetta_ind
https://t.co/hc6izOo6Xd
🔗 https://github.com/skelsec/amurex
🐥 [ tweet ]
👹 [ snovvcrash, sn🥶vvcr💥sh ]
Being on a vacation I couldn’t resist from playing with a slightly modified example of internal credential phishing by @zux0x3a (which is not as complex as the CredentialPhisher from @foxit). Below is a quick demo of invoking a credential dialog with CME, DInjector and donut 🍩
🔗 https://github.com/0xsp-SRD/0xsp.com/tree/main/creds_hunt
🐥 [ tweet ]
Being on a vacation I couldn’t resist from playing with a slightly modified example of internal credential phishing by @zux0x3a (which is not as complex as the CredentialPhisher from @foxit). Below is a quick demo of invoking a credential dialog with CME, DInjector and donut 🍩
🔗 https://github.com/0xsp-SRD/0xsp.com/tree/main/creds_hunt
🐥 [ tweet ]
😈 [ 0xdf_, 0xdf ]
Streamio retires from @hackthebox_eu. A Windows box with MSSQL injection in a PHP site, local and remote file includes, and LAPS.
https://t.co/dE4dFy3n9F
🔗 https://0xdf.gitlab.io/2022/09/17/htb-streamio.html
🐥 [ tweet ]
Streamio retires from @hackthebox_eu. A Windows box with MSSQL injection in a PHP site, local and remote file includes, and LAPS.
https://t.co/dE4dFy3n9F
🔗 https://0xdf.gitlab.io/2022/09/17/htb-streamio.html
🐥 [ tweet ]
😈 [ ippsec, ippsec ]
#HackTheBox StreamIO video is live, this box has an excellent primer on manually enumerating MSSQL Databases after a successful inject. There’s a lot more to the box than that like active director and LAPS.
https://t.co/of1Puv1EBR
🔗 https://youtu.be/qKcUKlwoGw8
🐥 [ tweet ]
#HackTheBox StreamIO video is live, this box has an excellent primer on manually enumerating MSSQL Databases after a successful inject. There’s a lot more to the box than that like active director and LAPS.
https://t.co/of1Puv1EBR
🔗 https://youtu.be/qKcUKlwoGw8
🐥 [ tweet ]
🤯1