😈 [ netero_1010, Chris Au ]
Having some fun to re-implement indirect syscall in C#.
https://t.co/7E0Ebk0Uub
🔗 https://www.netero1010-securitylab.com/evasion/indirect-syscall-in-csharp
🐥 [ tweet ]
Having some fun to re-implement indirect syscall in C#.
https://t.co/7E0Ebk0Uub
🔗 https://www.netero1010-securitylab.com/evasion/indirect-syscall-in-csharp
🐥 [ tweet ]
😈 [ TrimarcSecurity, Trimarc ]
If you happened to miss our webinar back in June on 10 Ways to Secure AD Quickly, @JimSycurity wrote you a whitepaper on how to do the very things we talked about. He's a champion.
It's available for download right now:
https://t.co/3wPehRbWP5
🔗 https://www.hub.trimarcsecurity.com/post/ten-ways-to-improve-ad-security-quickly
🐥 [ tweet ]
If you happened to miss our webinar back in June on 10 Ways to Secure AD Quickly, @JimSycurity wrote you a whitepaper on how to do the very things we talked about. He's a champion.
It's available for download right now:
https://t.co/3wPehRbWP5
🔗 https://www.hub.trimarcsecurity.com/post/ten-ways-to-improve-ad-security-quickly
🐥 [ tweet ]
Offensive Xwitter
😈 [ TrimarcSecurity, Trimarc ] If you happened to miss our webinar back in June on 10 Ways to Secure AD Quickly, @JimSycurity wrote you a whitepaper on how to do the very things we talked about. He's a champion. It's available for download right now: h…
Improving AD Security Quickly Whitepaper.pdf
2.8 MB
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ gentilkiwi, 🥝 Benjamin Delpy ]
Always fabulous to see editors low the Windows Security level
When Citrix SSO is enabled... passwords are stored in *user processes* (in addition to system ones)
Ho yeah, *even if you have Credential Guard*
Yeah, that's what Citrix is calling "SSO"
> Will be in #mimikatz 3 🥝
🐥 [ tweet ]
Always fabulous to see editors low the Windows Security level
When Citrix SSO is enabled... passwords are stored in *user processes* (in addition to system ones)
Ho yeah, *even if you have Credential Guard*
Yeah, that's what Citrix is calling "SSO"
> Will be in #mimikatz 3 🥝
🐥 [ tweet ]
😈 [ TrustedSec, TrustedSec ]
Does crack[.]sh being offline got you down? 😔 Don't worry, you have options.
Find out how @n00py1 uses two different techniques to exploit systems that allow for the NTLMv1 authentication protocol.
https://t.co/eMqdnbZHLP
🔗 https://hubs.la/Q01mpY-j0
🐥 [ tweet ]
Does crack[.]sh being offline got you down? 😔 Don't worry, you have options.
Find out how @n00py1 uses two different techniques to exploit systems that allow for the NTLMv1 authentication protocol.
https://t.co/eMqdnbZHLP
🔗 https://hubs.la/Q01mpY-j0
🐥 [ tweet ]
😈 [ SkelSec, SkelSec ]
Python. Asyncio. SSH. Client. (library)
Don't use it if you need security, use it when you want to test security :)
Public, MIT license.
As usual, thank you for all supporters of @porchetta_ind
https://t.co/hc6izOo6Xd
🔗 https://github.com/skelsec/amurex
🐥 [ tweet ]
Python. Asyncio. SSH. Client. (library)
Don't use it if you need security, use it when you want to test security :)
Public, MIT license.
As usual, thank you for all supporters of @porchetta_ind
https://t.co/hc6izOo6Xd
🔗 https://github.com/skelsec/amurex
🐥 [ tweet ]
👹 [ snovvcrash, sn🥶vvcr💥sh ]
Being on a vacation I couldn’t resist from playing with a slightly modified example of internal credential phishing by @zux0x3a (which is not as complex as the CredentialPhisher from @foxit). Below is a quick demo of invoking a credential dialog with CME, DInjector and donut 🍩
🔗 https://github.com/0xsp-SRD/0xsp.com/tree/main/creds_hunt
🐥 [ tweet ]
Being on a vacation I couldn’t resist from playing with a slightly modified example of internal credential phishing by @zux0x3a (which is not as complex as the CredentialPhisher from @foxit). Below is a quick demo of invoking a credential dialog with CME, DInjector and donut 🍩
🔗 https://github.com/0xsp-SRD/0xsp.com/tree/main/creds_hunt
🐥 [ tweet ]
😈 [ 0xdf_, 0xdf ]
Streamio retires from @hackthebox_eu. A Windows box with MSSQL injection in a PHP site, local and remote file includes, and LAPS.
https://t.co/dE4dFy3n9F
🔗 https://0xdf.gitlab.io/2022/09/17/htb-streamio.html
🐥 [ tweet ]
Streamio retires from @hackthebox_eu. A Windows box with MSSQL injection in a PHP site, local and remote file includes, and LAPS.
https://t.co/dE4dFy3n9F
🔗 https://0xdf.gitlab.io/2022/09/17/htb-streamio.html
🐥 [ tweet ]
😈 [ ippsec, ippsec ]
#HackTheBox StreamIO video is live, this box has an excellent primer on manually enumerating MSSQL Databases after a successful inject. There’s a lot more to the box than that like active director and LAPS.
https://t.co/of1Puv1EBR
🔗 https://youtu.be/qKcUKlwoGw8
🐥 [ tweet ]
#HackTheBox StreamIO video is live, this box has an excellent primer on manually enumerating MSSQL Databases after a successful inject. There’s a lot more to the box than that like active director and LAPS.
https://t.co/of1Puv1EBR
🔗 https://youtu.be/qKcUKlwoGw8
🐥 [ tweet ]
🤯1
😈 [ theluemmel, S4U2LuemmelSec ]
Not sure if ADCS ESC 3 is abusable, because Certify and Certipy only give info on the 1st prerequisit "Certificate Request Agent"?
Use ldapfilter
(&(objectclass=pkicertificatetemplate)(msPKI-RA-Application-Policies=1.3.6.1.4.1.311.20.2.1)(pkiextendedkeyusage=1.3.6.1.5.5.7.3.2))'
🐥 [ tweet ]
Not sure if ADCS ESC 3 is abusable, because Certify and Certipy only give info on the 1st prerequisit "Certificate Request Agent"?
Use ldapfilter
(&(objectclass=pkicertificatetemplate)(msPKI-RA-Application-Policies=1.3.6.1.4.1.311.20.2.1)(pkiextendedkeyusage=1.3.6.1.5.5.7.3.2))'
🐥 [ tweet ]
😈 [ doc_guard, DOCGuard - Detect Maldocs in Seconds! ]
Strange PPT maldoc with low detection rates since 2022-02-02.
MD5: c0060c0741833af67121390922c44f91
PPT file>wnoscript.exe>powershell.exe>rundll32.exe
[+]Exec wnoscript when user moves mouse
[+]Wnoscript exec powershell
[+]PS download the XORed DLL.
[+]Exec it using rundll32.exe
🐥 [ tweet ]
Strange PPT maldoc with low detection rates since 2022-02-02.
MD5: c0060c0741833af67121390922c44f91
PPT file>wnoscript.exe>powershell.exe>rundll32.exe
[+]Exec wnoscript when user moves mouse
[+]Wnoscript exec powershell
[+]PS download the XORed DLL.
[+]Exec it using rundll32.exe
🐥 [ tweet ]
🔥3
😈 [ lkarlslund, Lars Karlslund ]
Stuck on a network with no credentials? No worry, you can anonymously bruteforce Active Directory controllers for usernames over LDAP Pings (cLDAP) using my new tool - with parallelization I get 10K usernames/sec
https://t.co/ETeKR4OVFP
🔗 https://github.com/lkarlslund/ldapnomnom
🐥 [ tweet ]
Stuck on a network with no credentials? No worry, you can anonymously bruteforce Active Directory controllers for usernames over LDAP Pings (cLDAP) using my new tool - with parallelization I get 10K usernames/sec
https://t.co/ETeKR4OVFP
🔗 https://github.com/lkarlslund/ldapnomnom
🐥 [ tweet ]
🔥1
😈 [ splinter_code, Antonio Cocomazzi ]
After more than 2 years, RunasCs got a big update! 🥳
Biggest changes:
- NetworkCleartext (8) default logon type
- UAC bypass (when admin pass is known)
Enjoy :D
https://t.co/WgAH4qpbZ6
🔗 https://github.com/antonioCoco/RunasCs/releases/tag/v1.4
🐥 [ tweet ]
After more than 2 years, RunasCs got a big update! 🥳
Biggest changes:
- NetworkCleartext (8) default logon type
- UAC bypass (when admin pass is known)
Enjoy :D
https://t.co/WgAH4qpbZ6
🔗 https://github.com/antonioCoco/RunasCs/releases/tag/v1.4
🐥 [ tweet ]
😈 [ mrd0x, mr.d0x ]
Stealing Access Tokens From Office Desktop Applications
https://t.co/12bMrugfe9
🔗 https://mrd0x.com/stealing-tokens-from-office-applications/
🐥 [ tweet ]
Stealing Access Tokens From Office Desktop Applications
https://t.co/12bMrugfe9
🔗 https://mrd0x.com/stealing-tokens-from-office-applications/
🐥 [ tweet ]
😈 [ cube0x0, Cube0x0 ]
A new blog post about relaying YubiKeys is up and tools have been uploaded to GitHub!
This would not have been possible without the previous work of @_EthicalChaos_ so big thanks to him
https://t.co/zfEV7RUAV5
🔗 https://cube0x0.github.io/Relaying-YubiKeys/
🐥 [ tweet ]
A new blog post about relaying YubiKeys is up and tools have been uploaded to GitHub!
This would not have been possible without the previous work of @_EthicalChaos_ so big thanks to him
https://t.co/zfEV7RUAV5
🔗 https://cube0x0.github.io/Relaying-YubiKeys/
🐥 [ tweet ]
😈 [ an0n_r0, an0n ]
Here is why NetNTLMv1 should be disabled in prod networks ASAP. Besides cracking the hash back to NTLM (and then forging Silver Tickets) is straightforward, there is also a lesser known but immediate relay attack path by removing the MIC and doing RBCD abuse. Demo in screenshots.
🐥 [ tweet ]
Here is why NetNTLMv1 should be disabled in prod networks ASAP. Besides cracking the hash back to NTLM (and then forging Silver Tickets) is straightforward, there is also a lesser known but immediate relay attack path by removing the MIC and doing RBCD abuse. Demo in screenshots.
🐥 [ tweet ]