😈 [ theluemmel, S4U2LuemmelSec ]
Not sure if ADCS ESC 3 is abusable, because Certify and Certipy only give info on the 1st prerequisit "Certificate Request Agent"?
Use ldapfilter
(&(objectclass=pkicertificatetemplate)(msPKI-RA-Application-Policies=1.3.6.1.4.1.311.20.2.1)(pkiextendedkeyusage=1.3.6.1.5.5.7.3.2))'
🐥 [ tweet ]
Not sure if ADCS ESC 3 is abusable, because Certify and Certipy only give info on the 1st prerequisit "Certificate Request Agent"?
Use ldapfilter
(&(objectclass=pkicertificatetemplate)(msPKI-RA-Application-Policies=1.3.6.1.4.1.311.20.2.1)(pkiextendedkeyusage=1.3.6.1.5.5.7.3.2))'
🐥 [ tweet ]
😈 [ doc_guard, DOCGuard - Detect Maldocs in Seconds! ]
Strange PPT maldoc with low detection rates since 2022-02-02.
MD5: c0060c0741833af67121390922c44f91
PPT file>wnoscript.exe>powershell.exe>rundll32.exe
[+]Exec wnoscript when user moves mouse
[+]Wnoscript exec powershell
[+]PS download the XORed DLL.
[+]Exec it using rundll32.exe
🐥 [ tweet ]
Strange PPT maldoc with low detection rates since 2022-02-02.
MD5: c0060c0741833af67121390922c44f91
PPT file>wnoscript.exe>powershell.exe>rundll32.exe
[+]Exec wnoscript when user moves mouse
[+]Wnoscript exec powershell
[+]PS download the XORed DLL.
[+]Exec it using rundll32.exe
🐥 [ tweet ]
🔥3
😈 [ lkarlslund, Lars Karlslund ]
Stuck on a network with no credentials? No worry, you can anonymously bruteforce Active Directory controllers for usernames over LDAP Pings (cLDAP) using my new tool - with parallelization I get 10K usernames/sec
https://t.co/ETeKR4OVFP
🔗 https://github.com/lkarlslund/ldapnomnom
🐥 [ tweet ]
Stuck on a network with no credentials? No worry, you can anonymously bruteforce Active Directory controllers for usernames over LDAP Pings (cLDAP) using my new tool - with parallelization I get 10K usernames/sec
https://t.co/ETeKR4OVFP
🔗 https://github.com/lkarlslund/ldapnomnom
🐥 [ tweet ]
🔥1
😈 [ splinter_code, Antonio Cocomazzi ]
After more than 2 years, RunasCs got a big update! 🥳
Biggest changes:
- NetworkCleartext (8) default logon type
- UAC bypass (when admin pass is known)
Enjoy :D
https://t.co/WgAH4qpbZ6
🔗 https://github.com/antonioCoco/RunasCs/releases/tag/v1.4
🐥 [ tweet ]
After more than 2 years, RunasCs got a big update! 🥳
Biggest changes:
- NetworkCleartext (8) default logon type
- UAC bypass (when admin pass is known)
Enjoy :D
https://t.co/WgAH4qpbZ6
🔗 https://github.com/antonioCoco/RunasCs/releases/tag/v1.4
🐥 [ tweet ]
😈 [ mrd0x, mr.d0x ]
Stealing Access Tokens From Office Desktop Applications
https://t.co/12bMrugfe9
🔗 https://mrd0x.com/stealing-tokens-from-office-applications/
🐥 [ tweet ]
Stealing Access Tokens From Office Desktop Applications
https://t.co/12bMrugfe9
🔗 https://mrd0x.com/stealing-tokens-from-office-applications/
🐥 [ tweet ]
😈 [ cube0x0, Cube0x0 ]
A new blog post about relaying YubiKeys is up and tools have been uploaded to GitHub!
This would not have been possible without the previous work of @_EthicalChaos_ so big thanks to him
https://t.co/zfEV7RUAV5
🔗 https://cube0x0.github.io/Relaying-YubiKeys/
🐥 [ tweet ]
A new blog post about relaying YubiKeys is up and tools have been uploaded to GitHub!
This would not have been possible without the previous work of @_EthicalChaos_ so big thanks to him
https://t.co/zfEV7RUAV5
🔗 https://cube0x0.github.io/Relaying-YubiKeys/
🐥 [ tweet ]
😈 [ an0n_r0, an0n ]
Here is why NetNTLMv1 should be disabled in prod networks ASAP. Besides cracking the hash back to NTLM (and then forging Silver Tickets) is straightforward, there is also a lesser known but immediate relay attack path by removing the MIC and doing RBCD abuse. Demo in screenshots.
🐥 [ tweet ]
Here is why NetNTLMv1 should be disabled in prod networks ASAP. Besides cracking the hash back to NTLM (and then forging Silver Tickets) is straightforward, there is also a lesser known but immediate relay attack path by removing the MIC and doing RBCD abuse. Demo in screenshots.
🐥 [ tweet ]
😈 [ aniqfakhrul, Aniq Fakhrul ]
Thanks for the detailed poc! You can also do this without password by relaying ms-efsrpc to target computer, store the socks session and use it with printerbug
🐥 [ tweet ][ quote ]
Thanks for the detailed poc! You can also do this without password by relaying ms-efsrpc to target computer, store the socks session and use it with printerbug
🐥 [ tweet ][ quote ]
😈 [ alukatsky, Alexey Lukatsky ]
Последние нашумевшие взломы (Uber, Okta, Microsoft, LastPass, Cisco и т.п.) объединяет одно - обход MFA. Не пора ли выбросить ее на свалку или все-таки у этой защитной меры есть шанс на достойное существование и надо просто правильно ее использовать? https://t.co/IRNwbbj2lU
🔗 https://lukatsky.ru/technology/vzlom-uber-cisco-i-okta-ili-ne-pora-li-vykinut-mfa-na-pomoyku.html
🐥 [ tweet ]
Последние нашумевшие взломы (Uber, Okta, Microsoft, LastPass, Cisco и т.п.) объединяет одно - обход MFA. Не пора ли выбросить ее на свалку или все-таки у этой защитной меры есть шанс на достойное существование и надо просто правильно ее использовать? https://t.co/IRNwbbj2lU
🔗 https://lukatsky.ru/technology/vzlom-uber-cisco-i-okta-ili-ne-pora-li-vykinut-mfa-na-pomoyku.html
🐥 [ tweet ]
😈 [ gentilkiwi, 🥝🏳️🌈 Benjamin Delpy ]
Want to play with Djoin file ? Citrix SSO passwords?
A new #mimikatz 🥝release here for you!
> https://t.co/kG0WlIHOlQ
(no digital signature, OpenSource certificates are expensive😒)
🔗 https://github.com/gentilkiwi/mimikatz
🐥 [ tweet ]
Want to play with Djoin file ? Citrix SSO passwords?
A new #mimikatz 🥝release here for you!
> https://t.co/kG0WlIHOlQ
(no digital signature, OpenSource certificates are expensive😒)
🔗 https://github.com/gentilkiwi/mimikatz
🐥 [ tweet ]
😈 [ ippsec, ippsec ]
Uploaded a video on detecting Responder when it is setup to respond to LLMNR Requests. Nothing fancy, and there are tools that have done this for a long time like Respounder. However, we keep it simple with just powershell and a scheduled task https://t.co/0DOccIhMHF
🔗 https://youtu.be/h_cWWL-yyb0
🐥 [ tweet ]
Uploaded a video on detecting Responder when it is setup to respond to LLMNR Requests. Nothing fancy, and there are tools that have done this for a long time like Respounder. However, we keep it simple with just powershell and a scheduled task https://t.co/0DOccIhMHF
🔗 https://youtu.be/h_cWWL-yyb0
🐥 [ tweet ]
😈 [ _choisec, Sunggwan Choi ]
New blog post:
https://t.co/68Epz4z0ke
poc Github:
https://t.co/fGbKBZjsv4
Blogged about recreating/simulating an MSI payload from the recent ASEC's blog post(https://t.co/g7KSbhg4tj) and @HuskyHacksMK 's blog post(https://t.co/F7T8DoE6ec). Learned MSI payload generation.
🔗 https://blog.sunggwanchoi.com/recreating-a-msi-payload-for-fun-and-no-profit/
🔗 https://github.com/ChoiSG/GwisinMsi
🔗 https://asec.ahnlab.com/en/37483/
🔗 https://notes.huskyhacks.dev/notes/ms-interloper-on-the-subject-of-malicious-msis
🐥 [ tweet ]
New blog post:
https://t.co/68Epz4z0ke
poc Github:
https://t.co/fGbKBZjsv4
Blogged about recreating/simulating an MSI payload from the recent ASEC's blog post(https://t.co/g7KSbhg4tj) and @HuskyHacksMK 's blog post(https://t.co/F7T8DoE6ec). Learned MSI payload generation.
🔗 https://blog.sunggwanchoi.com/recreating-a-msi-payload-for-fun-and-no-profit/
🔗 https://github.com/ChoiSG/GwisinMsi
🔗 https://asec.ahnlab.com/en/37483/
🔗 https://notes.huskyhacks.dev/notes/ms-interloper-on-the-subject-of-malicious-msis
🐥 [ tweet ]
😈 [ Markak_, Zhenpeng Lin ]
I just released the #DirtyCred version of exploit to CVE-2022-2588 (an 8-year-old bug) along with a brief write-up. Ideally, the exploit could work on different distros if the kernel is vulnerable. Feel free to check it out at https://t.co/IUuvuoLUbX!
🔗 https://github.com/Markakd/CVE-2022-2588
🐥 [ tweet ]
I just released the #DirtyCred version of exploit to CVE-2022-2588 (an 8-year-old bug) along with a brief write-up. Ideally, the exploit could work on different distros if the kernel is vulnerable. Feel free to check it out at https://t.co/IUuvuoLUbX!
🔗 https://github.com/Markakd/CVE-2022-2588
🐥 [ tweet ]
😈 [ pdiscoveryio, ProjectDiscovery.io ]
A Guide to DNS Takeovers: The Misunderstood Cousin of Subdomain Takeovers by @pry0cc / @hakluke
https://t.co/E25vgmyCN4
#hackwithautomation #security #bugbounty
🔗 https://blog.projectdiscovery.io/guide-to-dns-takeovers/
🐥 [ tweet ]
A Guide to DNS Takeovers: The Misunderstood Cousin of Subdomain Takeovers by @pry0cc / @hakluke
https://t.co/E25vgmyCN4
#hackwithautomation #security #bugbounty
🔗 https://blog.projectdiscovery.io/guide-to-dns-takeovers/
🐥 [ tweet ]
👹 [ snovvcrash, sn🥶vvcr💥sh ]
I’m not a big fan of the Cyberpunk 2077 game itself but these new #Edgerunners series are surprisingly very cool and full of the classic “high tech, low life” spirit 🤤
🐥 [ tweet ]
I’m not a big fan of the Cyberpunk 2077 game itself but these new #Edgerunners series are surprisingly very cool and full of the classic “high tech, low life” spirit 🤤
🐥 [ tweet ]
реально супер топ, зацените🔥5