Не могу не порекомендовать подписываться на @s0i37_channel, так как уже предчувствую годноту от @s0i37. К сожалению, мы не знакомы лично, но его работы восхищают.
Мое любимое – это:
- https://xakep.ru/2020/06/17/windows-mitm/
- https://github.com/s0i37/lateral
Мое любимое – это:
- https://xakep.ru/2020/06/17/windows-mitm/
- https://github.com/s0i37/lateral
🔥4😁2
😈 [ Six2dez1, Six2dez ]
This is a superb article for pentesting Cisco networks
https://t.co/spiVfvLyQm
🔗 https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9
🐥 [ tweet ]
This is a superb article for pentesting Cisco networks
https://t.co/spiVfvLyQm
🔗 https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9
🐥 [ tweet ]
🔥3
😈 [ NationalCyberS1, National Cyber Security Services ]
LinWinPwn:- A bash noscript that automates a number of Active Directory Enumeration and Vulnerability checks.
Link:https://t.co/pR8suEn8PZ
#hacking #bugbountytips #informationsecurity #cybersecurity #infosec #cybersecuritytips #Ethicalhacking #Pentesting
https://t.co/uJj502OabP
🔗 https://github.com/lefayjey/linWinPwn
🔗 https://ncybersecurity.com
🐥 [ tweet ]
LinWinPwn:- A bash noscript that automates a number of Active Directory Enumeration and Vulnerability checks.
Link:https://t.co/pR8suEn8PZ
#hacking #bugbountytips #informationsecurity #cybersecurity #infosec #cybersecuritytips #Ethicalhacking #Pentesting
https://t.co/uJj502OabP
🔗 https://github.com/lefayjey/linWinPwn
🔗 https://ncybersecurity.com
🐥 [ tweet ]
😈 [ HackerOtter, OtterHacker ]
Muscle up your game with Kerberos. Abuse tickets and Kerberos extensions to elevate your privileges.
I've built a small lab around the S4U2Self Abuse :
https://t.co/8GSnJuLJcf
Find all you need here :
https://t.co/hXkRocpkSX
Thanks @pentest_swissky for the help on ansible !
🔗 https://github.com/OtterHacker/LabS4U2Self
🔗 https://otterhacker.github.io/Pentest/Services/Kerberos.html
🐥 [ tweet ]
Muscle up your game with Kerberos. Abuse tickets and Kerberos extensions to elevate your privileges.
I've built a small lab around the S4U2Self Abuse :
https://t.co/8GSnJuLJcf
Find all you need here :
https://t.co/hXkRocpkSX
Thanks @pentest_swissky for the help on ansible !
🔗 https://github.com/OtterHacker/LabS4U2Self
🔗 https://otterhacker.github.io/Pentest/Services/Kerberos.html
🐥 [ tweet ]
😈 [ redteamfieldman, RTFM ]
Doing some end of the week research on command and control platforms and ran across a couple great resources. @c2_matrix #C2 #RedTeam
https://t.co/3VPtAFW9sK
https://t.co/SV1nZkJuD7
🔗 https://www.thec2matrix.com/matrix
🔗 https://github.com/tcostam/awesome-command-control
🐥 [ tweet ]
Doing some end of the week research on command and control platforms and ran across a couple great resources. @c2_matrix #C2 #RedTeam
https://t.co/3VPtAFW9sK
https://t.co/SV1nZkJuD7
🔗 https://www.thec2matrix.com/matrix
🔗 https://github.com/tcostam/awesome-command-control
🐥 [ tweet ]
😈 [ an0n_r0, an0n ]
EVERYTHING about relaying attacks by @vendetce. Just scrolled through the slides (here: https://t.co/c4187R98AQ), still watching the video, awesome content. Thanks for this broad comprehensive presentation! 👍👍👍 https://t.co/MMIgE6xboY
🔗 https://www.blackhillsinfosec.com/wp-content/uploads/2022/09/Coercions-and-Relays-The-First-Cred-is-the-Deepest.pdf
🔗 https://youtu.be/b0lLxLJKaRs
🐥 [ tweet ][ quote ]
EVERYTHING about relaying attacks by @vendetce. Just scrolled through the slides (here: https://t.co/c4187R98AQ), still watching the video, awesome content. Thanks for this broad comprehensive presentation! 👍👍👍 https://t.co/MMIgE6xboY
🔗 https://www.blackhillsinfosec.com/wp-content/uploads/2022/09/Coercions-and-Relays-The-First-Cred-is-the-Deepest.pdf
🔗 https://youtu.be/b0lLxLJKaRs
🐥 [ tweet ][ quote ]
Offensive Xwitter
😈 [ an0n_r0, an0n ] EVERYTHING about relaying attacks by @vendetce. Just scrolled through the slides (here: https://t.co/c4187R98AQ), still watching the video, awesome content. Thanks for this broad comprehensive presentation! 👍👍👍 https://t.co/MMIgE6xboY…
Coercions-and-Relays-The-First-Cred-is-the-Deepest.pdf
2.6 MB
😈 [ _nwodtuhs, Charlie “Shutdown” ]
✨ The Hacker Recipes presents GoldenGMSA 🪙
Shoutout to @Dramelac_ for preparing the recipe and @volker_carstein for initial review and changes.
Shoutout to the awesome work by @SemperisTech and @YuG0rd for the research and tooling
https://t.co/SzTykUrPJw
🔗 https://www.thehacker.recipes/ad/persistence/goldengmsa
🐥 [ tweet ]
✨ The Hacker Recipes presents GoldenGMSA 🪙
Shoutout to @Dramelac_ for preparing the recipe and @volker_carstein for initial review and changes.
Shoutout to the awesome work by @SemperisTech and @YuG0rd for the research and tooling
https://t.co/SzTykUrPJw
🔗 https://www.thehacker.recipes/ad/persistence/goldengmsa
🐥 [ tweet ]
😈 [ lkarlslund, Lars Karlslund ]
Cool LDAP utility for Red Teamers! Easy to do simple lookups and some modifications - it has great potential and I'm sure more features will come. I had a similar tool planned, but never found the time to do it - fortunately @synzack21 did!
https://t.co/LhOsVPTbV8
🔗 https://github.com/Synzack/ldapper
🐥 [ tweet ]
Cool LDAP utility for Red Teamers! Easy to do simple lookups and some modifications - it has great potential and I'm sure more features will come. I had a similar tool planned, but never found the time to do it - fortunately @synzack21 did!
https://t.co/LhOsVPTbV8
🔗 https://github.com/Synzack/ldapper
🐥 [ tweet ]
😈 [ theluemmel, ADCluemmelSec ]
You didn't ask for it, but I don't care :D
ADCS PWN Blog:
https://t.co/iWvY9hbjZm
All abuse steps for ESC1-10 + Certifried, with pics, snippets, guides and more.
Big thx to:
@harmj0y, @tifkin_, @ly4k_, @_nwodtuhs,@snovvcrash, +forgotten ones for your awesome work on this topic
🔗 https://luemmelsec.github.io/Skidaddle-Skideldi-I-just-pwnd-your-PKI/
🐥 [ tweet ]
You didn't ask for it, but I don't care :D
ADCS PWN Blog:
https://t.co/iWvY9hbjZm
All abuse steps for ESC1-10 + Certifried, with pics, snippets, guides and more.
Big thx to:
@harmj0y, @tifkin_, @ly4k_, @_nwodtuhs,@snovvcrash, +forgotten ones for your awesome work on this topic
🔗 https://luemmelsec.github.io/Skidaddle-Skideldi-I-just-pwnd-your-PKI/
🐥 [ tweet ]
😈 [ mpgn_x64, mpgn ]
A new protocol has been added to CrackMapExec ! You can now try FTP credentials and quickly find FTP with anonymous logon during internal pentest 🔥
Thanks to @RiiRoman who will receive a CME coin for his contribution ! 🚀
https://t.co/ks9cOOhH0B
🔗 https://github.com/Porchetta-Industries/CrackMapExec
🐥 [ tweet ]
A new protocol has been added to CrackMapExec ! You can now try FTP credentials and quickly find FTP with anonymous logon during internal pentest 🔥
Thanks to @RiiRoman who will receive a CME coin for his contribution ! 🚀
https://t.co/ks9cOOhH0B
🔗 https://github.com/Porchetta-Industries/CrackMapExec
🐥 [ tweet ]
🔥2🤯1
😈 [ _nwodtuhs, Charlie “Shutdown” ]
Releasing a few things based on S4U2self+u2u, enjoy
- SPN-less RBCD (based on @tiraniddo research 🔥)
- Sapphire tickets (based on the 💎Diamond ticket approach by @SemperisTech and research by @gentilkiwi). Credits also to @agsolino @MartinGalloAr @TalBeerySec @chernymi
🐥 [ tweet ]
Releasing a few things based on S4U2self+u2u, enjoy
- SPN-less RBCD (based on @tiraniddo research 🔥)
- Sapphire tickets (based on the 💎Diamond ticket approach by @SemperisTech and research by @gentilkiwi). Credits also to @agsolino @MartinGalloAr @TalBeerySec @chernymi
🐥 [ tweet ]
😈 [ ippsec, ippsec ]
Uploaded a video on using Sysmon to block File Writes and getting notified via Slack. My favorite thing about this Sysmon feature is it gives people an excuse to install Sysmon without centralized logging. https://t.co/7VcwMm8kH2
🔗 https://youtu.be/J9owPmgmfvo
🐥 [ tweet ]
Uploaded a video on using Sysmon to block File Writes and getting notified via Slack. My favorite thing about this Sysmon feature is it gives people an excuse to install Sysmon without centralized logging. https://t.co/7VcwMm8kH2
🔗 https://youtu.be/J9owPmgmfvo
🐥 [ tweet ]
😈 [ _nwodtuhs, Charlie “Shutdown” ]
The Hacker Recipes presents how to own Pre-Windows 2000 computer accounts. Shoutout to @KenjiEndo15 for preparing the recipe as well as @TrustedSec @Oddvarmoe for an awesome blogpost on the matter.
https://t.co/nPrnOWzGXW
🔗 https://www.thehacker.recipes/ad/movement/domain-settings/pre-windows-2000-computers
🐥 [ tweet ]
The Hacker Recipes presents how to own Pre-Windows 2000 computer accounts. Shoutout to @KenjiEndo15 for preparing the recipe as well as @TrustedSec @Oddvarmoe for an awesome blogpost on the matter.
https://t.co/nPrnOWzGXW
🔗 https://www.thehacker.recipes/ad/movement/domain-settings/pre-windows-2000-computers
🐥 [ tweet ]
😈 [ PizazzJazz, jazzpizazz ]
Needed BloodHound[.]py with kerberos support for the latest HTB machine, so I merged master into @_dirkjan's
Kerberos branch and it gave me working Bloodhound 4.2+ exports :) Try it out and report any issues to me! All credits go to the authors.
https://t.co/T6L9zjBsgS
🔗 https://github.com/jazzpizazz/BloodHound.py-Kerberos
🐥 [ tweet ]
Needed BloodHound[.]py with kerberos support for the latest HTB machine, so I merged master into @_dirkjan's
Kerberos branch and it gave me working Bloodhound 4.2+ exports :) Try it out and report any issues to me! All credits go to the authors.
https://t.co/T6L9zjBsgS
🔗 https://github.com/jazzpizazz/BloodHound.py-Kerberos
🐥 [ tweet ]
🔐 Мне очень нравятся атаки на #KeePass, поэтому держите подборку инструментов и ресерчей на тему:
- https://blog.harmj0y.net/redteaming/a-case-study-in-attacking-keepass/
- https://blog.harmj0y.net/redteaming/keethief-a-case-study-in-attacking-keepass-part-2/
- https://github.com/denandz/KeeFarce
- https://github.com/GhostPack/KeeThief
- https://snovvcrash.rocks/2022/06/01/keethief-syscalls.html
- https://github.com/Porchetta-Industries/CrackMapExec/pull/636
- https://github.com/Porchetta-Industries/CrackMapExec/pull/637
Мало кто знает, но защититься от большей части существующих векторов атак можно, используя опенсорсный форк KeePass – KeePassXC 😉
UPD. Забываем про KeePassXC 🤦🏻♂️
- https://blog.harmj0y.net/redteaming/a-case-study-in-attacking-keepass/
- https://blog.harmj0y.net/redteaming/keethief-a-case-study-in-attacking-keepass-part-2/
- https://github.com/denandz/KeeFarce
- https://github.com/GhostPack/KeeThief
- https://snovvcrash.rocks/2022/06/01/keethief-syscalls.html
- https://github.com/Porchetta-Industries/CrackMapExec/pull/636
- https://github.com/Porchetta-Industries/CrackMapExec/pull/637
Мало кто знает, но защититься от большей части существующих векторов атак можно, используя опенсорсный форк KeePass – KeePassXC 😉
UPD. Забываем про KeePassXC 🤦🏻♂️
🔥3
😈 [ Tyl0us, Matt Eidelberg ]
New Tool - Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods. Check it out: https://t.co/hjB7aXqVhy
#netsec #redteam #EDR #evasion
🔗 https://github.com/optiv/Freeze
🐥 [ tweet ]
New Tool - Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods. Check it out: https://t.co/hjB7aXqVhy
#netsec #redteam #EDR #evasion
🔗 https://github.com/optiv/Freeze
🐥 [ tweet ]
😈 [ SemperisTech, Semperis ]
New research from Semperis' Charlie Clark (@exploitph) describes a vulnerability that could open new attack paths, detection bypasses, and potential weakening of security controls, putting orgs at higher risk from #Kerberoasting and other attacks. 👇
https://t.co/Z3dqq3i8EJ
🔗 https://www.semperis.com/blog/new-attack-paths-as-requested-sts
🐥 [ tweet ]
New research from Semperis' Charlie Clark (@exploitph) describes a vulnerability that could open new attack paths, detection bypasses, and potential weakening of security controls, putting orgs at higher risk from #Kerberoasting and other attacks. 👇
https://t.co/Z3dqq3i8EJ
🔗 https://www.semperis.com/blog/new-attack-paths-as-requested-sts
🐥 [ tweet ]
😈 [ ShitSecure, S3cur3Th1sSh1t ]
The difference between signature-based and behavioural detections. As well as a little philosophy. 😎
https://t.co/pmtqDdV1xx
🔗 https://s3cur3th1ssh1t.github.io/Signature_vs_Behaviour/
🐥 [ tweet ]
The difference between signature-based and behavioural detections. As well as a little philosophy. 😎
https://t.co/pmtqDdV1xx
🔗 https://s3cur3th1ssh1t.github.io/Signature_vs_Behaviour/
🐥 [ tweet ]
😈 [ _nwodtuhs, Charlie “Shutdown” ]
Wrapping things up and pushing a pull request on Impacket, followed by https://t.co/h6yAdPK5NM guidance on the matter
- Kerberoast trough AS-REQ w/o pre-auth
- Service ticket request through AS-REQ
Again, great work by @exploitph
🔗 http://thehacker.recipes
🐥 [ tweet ][ quote ]
Wrapping things up and pushing a pull request on Impacket, followed by https://t.co/h6yAdPK5NM guidance on the matter
- Kerberoast trough AS-REQ w/o pre-auth
- Service ticket request through AS-REQ
Again, great work by @exploitph
🔗 http://thehacker.recipes
🐥 [ tweet ][ quote ]
🔥2