😈 [ gregdarwin, Greg Darwin ]
Cobalt Strike 4.7.1 is live. This is a patch release to fix an issue with the sleep mask, and a vulnerability in the teamserver. Full details on the blog: https://t.co/Jug1Qg3ede
If you may want to revert back to 4.7 at some point, make a backup of your CS folder before updating.
🔗 https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-1/
🐥 [ tweet ]
Cobalt Strike 4.7.1 is live. This is a patch release to fix an issue with the sleep mask, and a vulnerability in the teamserver. Full details on the blog: https://t.co/Jug1Qg3ede
If you may want to revert back to 4.7 at some point, make a backup of your CS folder before updating.
🔗 https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-1/
🐥 [ tweet ]
😈 [ 0xdf_, 0xdf ]
Really clever unintended solution to StreamIO from @xct_de!
https://t.co/lXQCr5y1D5
🔗 https://www.youtube.com/watch?v=3utO6ys2Rhg&t=1130s
🐥 [ tweet ]
Really clever unintended solution to StreamIO from @xct_de!
https://t.co/lXQCr5y1D5
🔗 https://www.youtube.com/watch?v=3utO6ys2Rhg&t=1130s
🐥 [ tweet ]
😈 [ SkelSec, SkelSec ]
My kerberoast project noscriptd... kerberoast has been updated and now it's available on PIP and Github.
No new features, the update is necessary to support the new kerberos and auth libraries that the other libraries using
https://t.co/NtuRqt1oV1
Thx @buherator for the headsup
🔗 https://github.com/skelsec/kerberoast
🐥 [ tweet ]
My kerberoast project noscriptd... kerberoast has been updated and now it's available on PIP and Github.
No new features, the update is necessary to support the new kerberos and auth libraries that the other libraries using
https://t.co/NtuRqt1oV1
Thx @buherator for the headsup
🔗 https://github.com/skelsec/kerberoast
🐥 [ tweet ]
😈 [ x86matthew, x86matthew ]
Exploiting a Seagate service to create a SYSTEM shell (CVE-2022-40286)
A brief overview of reverse-engineering a Windows service to discover local privilege escalation exploits.
https://t.co/zKLvaYzryf
🔗 https://www.x86matthew.com/view_post?id=windows_seagate_lpe
🐥 [ tweet ]
Exploiting a Seagate service to create a SYSTEM shell (CVE-2022-40286)
A brief overview of reverse-engineering a Windows service to discover local privilege escalation exploits.
https://t.co/zKLvaYzryf
🔗 https://www.x86matthew.com/view_post?id=windows_seagate_lpe
🐥 [ tweet ]
👹 [ snovvcrash, sn🥶vvcr💥sh ]
Making @ShitSecure’s dream of in-memory #LaZagne come true here 😅 Kudos to @naksyn and his awesome #Pyramid project 🔥🐍
P. S. Also fixed #KeeThief execution within LaZagne for Python 3
🐥 [ tweet ]
Making @ShitSecure’s dream of in-memory #LaZagne come true here 😅 Kudos to @naksyn and his awesome #Pyramid project 🔥🐍
P. S. Also fixed #KeeThief execution within LaZagne for Python 3
🐥 [ tweet ]
😈 [ splinter_code, Antonio Cocomazzi ]
#JuicyPotato is back! 🔥
Get instant SYSTEM access if you have SeImpersonate or SeAssignPrimaryToken privs!
Checkout our new #JuicyPotatoNG 👇
https://t.co/mqB9dZ3YCA
cc @decoder_it
🔗 https://decoder.cloud/2022/09/21/giving-juicypotato-a-second-chance-juicypotatong
🐥 [ tweet ]
#JuicyPotato is back! 🔥
Get instant SYSTEM access if you have SeImpersonate or SeAssignPrimaryToken privs!
Checkout our new #JuicyPotatoNG 👇
https://t.co/mqB9dZ3YCA
cc @decoder_it
🔗 https://decoder.cloud/2022/09/21/giving-juicypotato-a-second-chance-juicypotatong
🐥 [ tweet ]
😈 [ ORCx41, ORCA ]
ever wanted to replace FindResource, LoadResource, LockResource, SizeofResource...
well, now you can :
https://t.co/Xl9F56pd4p
🔗 https://github.com/ORCx41/ManualRsrcDataFetching
🐥 [ tweet ]
ever wanted to replace FindResource, LoadResource, LockResource, SizeofResource...
well, now you can :
https://t.co/Xl9F56pd4p
🔗 https://github.com/ORCx41/ManualRsrcDataFetching
🐥 [ tweet ]
😈 [ mariuszbit, mgeeky | Mariusz Banach ]
🦠If you wish to understand what's causing your AMSI detection - whether VBA or WSH, you might check out Matt Graeber's @mattifestation AMSITools.ps1.
I crafted up HOWTO and a helper noscript that uses his brilliant work to pull AMSI events:
https://t.co/gOjTGuXUSZ
🔗 https://github.com/mgeeky/Penetration-Testing-Tools/tree/master/red-teaming/AMSITools
🐥 [ tweet ]
🦠If you wish to understand what's causing your AMSI detection - whether VBA or WSH, you might check out Matt Graeber's @mattifestation AMSITools.ps1.
I crafted up HOWTO and a helper noscript that uses his brilliant work to pull AMSI events:
https://t.co/gOjTGuXUSZ
🔗 https://github.com/mgeeky/Penetration-Testing-Tools/tree/master/red-teaming/AMSITools
🐥 [ tweet ]
Не могу не порекомендовать подписываться на @s0i37_channel, так как уже предчувствую годноту от @s0i37. К сожалению, мы не знакомы лично, но его работы восхищают.
Мое любимое – это:
- https://xakep.ru/2020/06/17/windows-mitm/
- https://github.com/s0i37/lateral
Мое любимое – это:
- https://xakep.ru/2020/06/17/windows-mitm/
- https://github.com/s0i37/lateral
🔥4😁2
😈 [ Six2dez1, Six2dez ]
This is a superb article for pentesting Cisco networks
https://t.co/spiVfvLyQm
🔗 https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9
🐥 [ tweet ]
This is a superb article for pentesting Cisco networks
https://t.co/spiVfvLyQm
🔗 https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9
🐥 [ tweet ]
🔥3
😈 [ NationalCyberS1, National Cyber Security Services ]
LinWinPwn:- A bash noscript that automates a number of Active Directory Enumeration and Vulnerability checks.
Link:https://t.co/pR8suEn8PZ
#hacking #bugbountytips #informationsecurity #cybersecurity #infosec #cybersecuritytips #Ethicalhacking #Pentesting
https://t.co/uJj502OabP
🔗 https://github.com/lefayjey/linWinPwn
🔗 https://ncybersecurity.com
🐥 [ tweet ]
LinWinPwn:- A bash noscript that automates a number of Active Directory Enumeration and Vulnerability checks.
Link:https://t.co/pR8suEn8PZ
#hacking #bugbountytips #informationsecurity #cybersecurity #infosec #cybersecuritytips #Ethicalhacking #Pentesting
https://t.co/uJj502OabP
🔗 https://github.com/lefayjey/linWinPwn
🔗 https://ncybersecurity.com
🐥 [ tweet ]
😈 [ HackerOtter, OtterHacker ]
Muscle up your game with Kerberos. Abuse tickets and Kerberos extensions to elevate your privileges.
I've built a small lab around the S4U2Self Abuse :
https://t.co/8GSnJuLJcf
Find all you need here :
https://t.co/hXkRocpkSX
Thanks @pentest_swissky for the help on ansible !
🔗 https://github.com/OtterHacker/LabS4U2Self
🔗 https://otterhacker.github.io/Pentest/Services/Kerberos.html
🐥 [ tweet ]
Muscle up your game with Kerberos. Abuse tickets and Kerberos extensions to elevate your privileges.
I've built a small lab around the S4U2Self Abuse :
https://t.co/8GSnJuLJcf
Find all you need here :
https://t.co/hXkRocpkSX
Thanks @pentest_swissky for the help on ansible !
🔗 https://github.com/OtterHacker/LabS4U2Self
🔗 https://otterhacker.github.io/Pentest/Services/Kerberos.html
🐥 [ tweet ]
😈 [ redteamfieldman, RTFM ]
Doing some end of the week research on command and control platforms and ran across a couple great resources. @c2_matrix #C2 #RedTeam
https://t.co/3VPtAFW9sK
https://t.co/SV1nZkJuD7
🔗 https://www.thec2matrix.com/matrix
🔗 https://github.com/tcostam/awesome-command-control
🐥 [ tweet ]
Doing some end of the week research on command and control platforms and ran across a couple great resources. @c2_matrix #C2 #RedTeam
https://t.co/3VPtAFW9sK
https://t.co/SV1nZkJuD7
🔗 https://www.thec2matrix.com/matrix
🔗 https://github.com/tcostam/awesome-command-control
🐥 [ tweet ]
😈 [ an0n_r0, an0n ]
EVERYTHING about relaying attacks by @vendetce. Just scrolled through the slides (here: https://t.co/c4187R98AQ), still watching the video, awesome content. Thanks for this broad comprehensive presentation! 👍👍👍 https://t.co/MMIgE6xboY
🔗 https://www.blackhillsinfosec.com/wp-content/uploads/2022/09/Coercions-and-Relays-The-First-Cred-is-the-Deepest.pdf
🔗 https://youtu.be/b0lLxLJKaRs
🐥 [ tweet ][ quote ]
EVERYTHING about relaying attacks by @vendetce. Just scrolled through the slides (here: https://t.co/c4187R98AQ), still watching the video, awesome content. Thanks for this broad comprehensive presentation! 👍👍👍 https://t.co/MMIgE6xboY
🔗 https://www.blackhillsinfosec.com/wp-content/uploads/2022/09/Coercions-and-Relays-The-First-Cred-is-the-Deepest.pdf
🔗 https://youtu.be/b0lLxLJKaRs
🐥 [ tweet ][ quote ]