😈 [ ORCx41, ORCA ]
ever wanted to replace FindResource, LoadResource, LockResource, SizeofResource...
well, now you can :
https://t.co/Xl9F56pd4p
🔗 https://github.com/ORCx41/ManualRsrcDataFetching
🐥 [ tweet ]
ever wanted to replace FindResource, LoadResource, LockResource, SizeofResource...
well, now you can :
https://t.co/Xl9F56pd4p
🔗 https://github.com/ORCx41/ManualRsrcDataFetching
🐥 [ tweet ]
😈 [ mariuszbit, mgeeky | Mariusz Banach ]
🦠If you wish to understand what's causing your AMSI detection - whether VBA or WSH, you might check out Matt Graeber's @mattifestation AMSITools.ps1.
I crafted up HOWTO and a helper noscript that uses his brilliant work to pull AMSI events:
https://t.co/gOjTGuXUSZ
🔗 https://github.com/mgeeky/Penetration-Testing-Tools/tree/master/red-teaming/AMSITools
🐥 [ tweet ]
🦠If you wish to understand what's causing your AMSI detection - whether VBA or WSH, you might check out Matt Graeber's @mattifestation AMSITools.ps1.
I crafted up HOWTO and a helper noscript that uses his brilliant work to pull AMSI events:
https://t.co/gOjTGuXUSZ
🔗 https://github.com/mgeeky/Penetration-Testing-Tools/tree/master/red-teaming/AMSITools
🐥 [ tweet ]
Не могу не порекомендовать подписываться на @s0i37_channel, так как уже предчувствую годноту от @s0i37. К сожалению, мы не знакомы лично, но его работы восхищают.
Мое любимое – это:
- https://xakep.ru/2020/06/17/windows-mitm/
- https://github.com/s0i37/lateral
Мое любимое – это:
- https://xakep.ru/2020/06/17/windows-mitm/
- https://github.com/s0i37/lateral
🔥4😁2
😈 [ Six2dez1, Six2dez ]
This is a superb article for pentesting Cisco networks
https://t.co/spiVfvLyQm
🔗 https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9
🐥 [ tweet ]
This is a superb article for pentesting Cisco networks
https://t.co/spiVfvLyQm
🔗 https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9
🐥 [ tweet ]
🔥3
😈 [ NationalCyberS1, National Cyber Security Services ]
LinWinPwn:- A bash noscript that automates a number of Active Directory Enumeration and Vulnerability checks.
Link:https://t.co/pR8suEn8PZ
#hacking #bugbountytips #informationsecurity #cybersecurity #infosec #cybersecuritytips #Ethicalhacking #Pentesting
https://t.co/uJj502OabP
🔗 https://github.com/lefayjey/linWinPwn
🔗 https://ncybersecurity.com
🐥 [ tweet ]
LinWinPwn:- A bash noscript that automates a number of Active Directory Enumeration and Vulnerability checks.
Link:https://t.co/pR8suEn8PZ
#hacking #bugbountytips #informationsecurity #cybersecurity #infosec #cybersecuritytips #Ethicalhacking #Pentesting
https://t.co/uJj502OabP
🔗 https://github.com/lefayjey/linWinPwn
🔗 https://ncybersecurity.com
🐥 [ tweet ]
😈 [ HackerOtter, OtterHacker ]
Muscle up your game with Kerberos. Abuse tickets and Kerberos extensions to elevate your privileges.
I've built a small lab around the S4U2Self Abuse :
https://t.co/8GSnJuLJcf
Find all you need here :
https://t.co/hXkRocpkSX
Thanks @pentest_swissky for the help on ansible !
🔗 https://github.com/OtterHacker/LabS4U2Self
🔗 https://otterhacker.github.io/Pentest/Services/Kerberos.html
🐥 [ tweet ]
Muscle up your game with Kerberos. Abuse tickets and Kerberos extensions to elevate your privileges.
I've built a small lab around the S4U2Self Abuse :
https://t.co/8GSnJuLJcf
Find all you need here :
https://t.co/hXkRocpkSX
Thanks @pentest_swissky for the help on ansible !
🔗 https://github.com/OtterHacker/LabS4U2Self
🔗 https://otterhacker.github.io/Pentest/Services/Kerberos.html
🐥 [ tweet ]
😈 [ redteamfieldman, RTFM ]
Doing some end of the week research on command and control platforms and ran across a couple great resources. @c2_matrix #C2 #RedTeam
https://t.co/3VPtAFW9sK
https://t.co/SV1nZkJuD7
🔗 https://www.thec2matrix.com/matrix
🔗 https://github.com/tcostam/awesome-command-control
🐥 [ tweet ]
Doing some end of the week research on command and control platforms and ran across a couple great resources. @c2_matrix #C2 #RedTeam
https://t.co/3VPtAFW9sK
https://t.co/SV1nZkJuD7
🔗 https://www.thec2matrix.com/matrix
🔗 https://github.com/tcostam/awesome-command-control
🐥 [ tweet ]
😈 [ an0n_r0, an0n ]
EVERYTHING about relaying attacks by @vendetce. Just scrolled through the slides (here: https://t.co/c4187R98AQ), still watching the video, awesome content. Thanks for this broad comprehensive presentation! 👍👍👍 https://t.co/MMIgE6xboY
🔗 https://www.blackhillsinfosec.com/wp-content/uploads/2022/09/Coercions-and-Relays-The-First-Cred-is-the-Deepest.pdf
🔗 https://youtu.be/b0lLxLJKaRs
🐥 [ tweet ][ quote ]
EVERYTHING about relaying attacks by @vendetce. Just scrolled through the slides (here: https://t.co/c4187R98AQ), still watching the video, awesome content. Thanks for this broad comprehensive presentation! 👍👍👍 https://t.co/MMIgE6xboY
🔗 https://www.blackhillsinfosec.com/wp-content/uploads/2022/09/Coercions-and-Relays-The-First-Cred-is-the-Deepest.pdf
🔗 https://youtu.be/b0lLxLJKaRs
🐥 [ tweet ][ quote ]
Offensive Xwitter
😈 [ an0n_r0, an0n ] EVERYTHING about relaying attacks by @vendetce. Just scrolled through the slides (here: https://t.co/c4187R98AQ), still watching the video, awesome content. Thanks for this broad comprehensive presentation! 👍👍👍 https://t.co/MMIgE6xboY…
Coercions-and-Relays-The-First-Cred-is-the-Deepest.pdf
2.6 MB
😈 [ _nwodtuhs, Charlie “Shutdown” ]
✨ The Hacker Recipes presents GoldenGMSA 🪙
Shoutout to @Dramelac_ for preparing the recipe and @volker_carstein for initial review and changes.
Shoutout to the awesome work by @SemperisTech and @YuG0rd for the research and tooling
https://t.co/SzTykUrPJw
🔗 https://www.thehacker.recipes/ad/persistence/goldengmsa
🐥 [ tweet ]
✨ The Hacker Recipes presents GoldenGMSA 🪙
Shoutout to @Dramelac_ for preparing the recipe and @volker_carstein for initial review and changes.
Shoutout to the awesome work by @SemperisTech and @YuG0rd for the research and tooling
https://t.co/SzTykUrPJw
🔗 https://www.thehacker.recipes/ad/persistence/goldengmsa
🐥 [ tweet ]
😈 [ lkarlslund, Lars Karlslund ]
Cool LDAP utility for Red Teamers! Easy to do simple lookups and some modifications - it has great potential and I'm sure more features will come. I had a similar tool planned, but never found the time to do it - fortunately @synzack21 did!
https://t.co/LhOsVPTbV8
🔗 https://github.com/Synzack/ldapper
🐥 [ tweet ]
Cool LDAP utility for Red Teamers! Easy to do simple lookups and some modifications - it has great potential and I'm sure more features will come. I had a similar tool planned, but never found the time to do it - fortunately @synzack21 did!
https://t.co/LhOsVPTbV8
🔗 https://github.com/Synzack/ldapper
🐥 [ tweet ]
😈 [ theluemmel, ADCluemmelSec ]
You didn't ask for it, but I don't care :D
ADCS PWN Blog:
https://t.co/iWvY9hbjZm
All abuse steps for ESC1-10 + Certifried, with pics, snippets, guides and more.
Big thx to:
@harmj0y, @tifkin_, @ly4k_, @_nwodtuhs,@snovvcrash, +forgotten ones for your awesome work on this topic
🔗 https://luemmelsec.github.io/Skidaddle-Skideldi-I-just-pwnd-your-PKI/
🐥 [ tweet ]
You didn't ask for it, but I don't care :D
ADCS PWN Blog:
https://t.co/iWvY9hbjZm
All abuse steps for ESC1-10 + Certifried, with pics, snippets, guides and more.
Big thx to:
@harmj0y, @tifkin_, @ly4k_, @_nwodtuhs,@snovvcrash, +forgotten ones for your awesome work on this topic
🔗 https://luemmelsec.github.io/Skidaddle-Skideldi-I-just-pwnd-your-PKI/
🐥 [ tweet ]
😈 [ mpgn_x64, mpgn ]
A new protocol has been added to CrackMapExec ! You can now try FTP credentials and quickly find FTP with anonymous logon during internal pentest 🔥
Thanks to @RiiRoman who will receive a CME coin for his contribution ! 🚀
https://t.co/ks9cOOhH0B
🔗 https://github.com/Porchetta-Industries/CrackMapExec
🐥 [ tweet ]
A new protocol has been added to CrackMapExec ! You can now try FTP credentials and quickly find FTP with anonymous logon during internal pentest 🔥
Thanks to @RiiRoman who will receive a CME coin for his contribution ! 🚀
https://t.co/ks9cOOhH0B
🔗 https://github.com/Porchetta-Industries/CrackMapExec
🐥 [ tweet ]
🔥2🤯1
😈 [ _nwodtuhs, Charlie “Shutdown” ]
Releasing a few things based on S4U2self+u2u, enjoy
- SPN-less RBCD (based on @tiraniddo research 🔥)
- Sapphire tickets (based on the 💎Diamond ticket approach by @SemperisTech and research by @gentilkiwi). Credits also to @agsolino @MartinGalloAr @TalBeerySec @chernymi
🐥 [ tweet ]
Releasing a few things based on S4U2self+u2u, enjoy
- SPN-less RBCD (based on @tiraniddo research 🔥)
- Sapphire tickets (based on the 💎Diamond ticket approach by @SemperisTech and research by @gentilkiwi). Credits also to @agsolino @MartinGalloAr @TalBeerySec @chernymi
🐥 [ tweet ]
😈 [ ippsec, ippsec ]
Uploaded a video on using Sysmon to block File Writes and getting notified via Slack. My favorite thing about this Sysmon feature is it gives people an excuse to install Sysmon without centralized logging. https://t.co/7VcwMm8kH2
🔗 https://youtu.be/J9owPmgmfvo
🐥 [ tweet ]
Uploaded a video on using Sysmon to block File Writes and getting notified via Slack. My favorite thing about this Sysmon feature is it gives people an excuse to install Sysmon without centralized logging. https://t.co/7VcwMm8kH2
🔗 https://youtu.be/J9owPmgmfvo
🐥 [ tweet ]