Offensive Xwitter
😈 [ an0n_r0, an0n ] EVERYTHING about relaying attacks by @vendetce. Just scrolled through the slides (here: https://t.co/c4187R98AQ), still watching the video, awesome content. Thanks for this broad comprehensive presentation! 👍👍👍 https://t.co/MMIgE6xboY…
Coercions-and-Relays-The-First-Cred-is-the-Deepest.pdf
2.6 MB
😈 [ _nwodtuhs, Charlie “Shutdown” ]
✨ The Hacker Recipes presents GoldenGMSA 🪙
Shoutout to @Dramelac_ for preparing the recipe and @volker_carstein for initial review and changes.
Shoutout to the awesome work by @SemperisTech and @YuG0rd for the research and tooling
https://t.co/SzTykUrPJw
🔗 https://www.thehacker.recipes/ad/persistence/goldengmsa
🐥 [ tweet ]
✨ The Hacker Recipes presents GoldenGMSA 🪙
Shoutout to @Dramelac_ for preparing the recipe and @volker_carstein for initial review and changes.
Shoutout to the awesome work by @SemperisTech and @YuG0rd for the research and tooling
https://t.co/SzTykUrPJw
🔗 https://www.thehacker.recipes/ad/persistence/goldengmsa
🐥 [ tweet ]
😈 [ lkarlslund, Lars Karlslund ]
Cool LDAP utility for Red Teamers! Easy to do simple lookups and some modifications - it has great potential and I'm sure more features will come. I had a similar tool planned, but never found the time to do it - fortunately @synzack21 did!
https://t.co/LhOsVPTbV8
🔗 https://github.com/Synzack/ldapper
🐥 [ tweet ]
Cool LDAP utility for Red Teamers! Easy to do simple lookups and some modifications - it has great potential and I'm sure more features will come. I had a similar tool planned, but never found the time to do it - fortunately @synzack21 did!
https://t.co/LhOsVPTbV8
🔗 https://github.com/Synzack/ldapper
🐥 [ tweet ]
😈 [ theluemmel, ADCluemmelSec ]
You didn't ask for it, but I don't care :D
ADCS PWN Blog:
https://t.co/iWvY9hbjZm
All abuse steps for ESC1-10 + Certifried, with pics, snippets, guides and more.
Big thx to:
@harmj0y, @tifkin_, @ly4k_, @_nwodtuhs,@snovvcrash, +forgotten ones for your awesome work on this topic
🔗 https://luemmelsec.github.io/Skidaddle-Skideldi-I-just-pwnd-your-PKI/
🐥 [ tweet ]
You didn't ask for it, but I don't care :D
ADCS PWN Blog:
https://t.co/iWvY9hbjZm
All abuse steps for ESC1-10 + Certifried, with pics, snippets, guides and more.
Big thx to:
@harmj0y, @tifkin_, @ly4k_, @_nwodtuhs,@snovvcrash, +forgotten ones for your awesome work on this topic
🔗 https://luemmelsec.github.io/Skidaddle-Skideldi-I-just-pwnd-your-PKI/
🐥 [ tweet ]
😈 [ mpgn_x64, mpgn ]
A new protocol has been added to CrackMapExec ! You can now try FTP credentials and quickly find FTP with anonymous logon during internal pentest 🔥
Thanks to @RiiRoman who will receive a CME coin for his contribution ! 🚀
https://t.co/ks9cOOhH0B
🔗 https://github.com/Porchetta-Industries/CrackMapExec
🐥 [ tweet ]
A new protocol has been added to CrackMapExec ! You can now try FTP credentials and quickly find FTP with anonymous logon during internal pentest 🔥
Thanks to @RiiRoman who will receive a CME coin for his contribution ! 🚀
https://t.co/ks9cOOhH0B
🔗 https://github.com/Porchetta-Industries/CrackMapExec
🐥 [ tweet ]
🔥2🤯1
😈 [ _nwodtuhs, Charlie “Shutdown” ]
Releasing a few things based on S4U2self+u2u, enjoy
- SPN-less RBCD (based on @tiraniddo research 🔥)
- Sapphire tickets (based on the 💎Diamond ticket approach by @SemperisTech and research by @gentilkiwi). Credits also to @agsolino @MartinGalloAr @TalBeerySec @chernymi
🐥 [ tweet ]
Releasing a few things based on S4U2self+u2u, enjoy
- SPN-less RBCD (based on @tiraniddo research 🔥)
- Sapphire tickets (based on the 💎Diamond ticket approach by @SemperisTech and research by @gentilkiwi). Credits also to @agsolino @MartinGalloAr @TalBeerySec @chernymi
🐥 [ tweet ]
😈 [ ippsec, ippsec ]
Uploaded a video on using Sysmon to block File Writes and getting notified via Slack. My favorite thing about this Sysmon feature is it gives people an excuse to install Sysmon without centralized logging. https://t.co/7VcwMm8kH2
🔗 https://youtu.be/J9owPmgmfvo
🐥 [ tweet ]
Uploaded a video on using Sysmon to block File Writes and getting notified via Slack. My favorite thing about this Sysmon feature is it gives people an excuse to install Sysmon without centralized logging. https://t.co/7VcwMm8kH2
🔗 https://youtu.be/J9owPmgmfvo
🐥 [ tweet ]
😈 [ _nwodtuhs, Charlie “Shutdown” ]
The Hacker Recipes presents how to own Pre-Windows 2000 computer accounts. Shoutout to @KenjiEndo15 for preparing the recipe as well as @TrustedSec @Oddvarmoe for an awesome blogpost on the matter.
https://t.co/nPrnOWzGXW
🔗 https://www.thehacker.recipes/ad/movement/domain-settings/pre-windows-2000-computers
🐥 [ tweet ]
The Hacker Recipes presents how to own Pre-Windows 2000 computer accounts. Shoutout to @KenjiEndo15 for preparing the recipe as well as @TrustedSec @Oddvarmoe for an awesome blogpost on the matter.
https://t.co/nPrnOWzGXW
🔗 https://www.thehacker.recipes/ad/movement/domain-settings/pre-windows-2000-computers
🐥 [ tweet ]
😈 [ PizazzJazz, jazzpizazz ]
Needed BloodHound[.]py with kerberos support for the latest HTB machine, so I merged master into @_dirkjan's
Kerberos branch and it gave me working Bloodhound 4.2+ exports :) Try it out and report any issues to me! All credits go to the authors.
https://t.co/T6L9zjBsgS
🔗 https://github.com/jazzpizazz/BloodHound.py-Kerberos
🐥 [ tweet ]
Needed BloodHound[.]py with kerberos support for the latest HTB machine, so I merged master into @_dirkjan's
Kerberos branch and it gave me working Bloodhound 4.2+ exports :) Try it out and report any issues to me! All credits go to the authors.
https://t.co/T6L9zjBsgS
🔗 https://github.com/jazzpizazz/BloodHound.py-Kerberos
🐥 [ tweet ]
🔐 Мне очень нравятся атаки на #KeePass, поэтому держите подборку инструментов и ресерчей на тему:
- https://blog.harmj0y.net/redteaming/a-case-study-in-attacking-keepass/
- https://blog.harmj0y.net/redteaming/keethief-a-case-study-in-attacking-keepass-part-2/
- https://github.com/denandz/KeeFarce
- https://github.com/GhostPack/KeeThief
- https://snovvcrash.rocks/2022/06/01/keethief-syscalls.html
- https://github.com/Porchetta-Industries/CrackMapExec/pull/636
- https://github.com/Porchetta-Industries/CrackMapExec/pull/637
Мало кто знает, но защититься от большей части существующих векторов атак можно, используя опенсорсный форк KeePass – KeePassXC 😉
UPD. Забываем про KeePassXC 🤦🏻♂️
- https://blog.harmj0y.net/redteaming/a-case-study-in-attacking-keepass/
- https://blog.harmj0y.net/redteaming/keethief-a-case-study-in-attacking-keepass-part-2/
- https://github.com/denandz/KeeFarce
- https://github.com/GhostPack/KeeThief
- https://snovvcrash.rocks/2022/06/01/keethief-syscalls.html
- https://github.com/Porchetta-Industries/CrackMapExec/pull/636
- https://github.com/Porchetta-Industries/CrackMapExec/pull/637
Мало кто знает, но защититься от большей части существующих векторов атак можно, используя опенсорсный форк KeePass – KeePassXC 😉
UPD. Забываем про KeePassXC 🤦🏻♂️
🔥3
😈 [ Tyl0us, Matt Eidelberg ]
New Tool - Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods. Check it out: https://t.co/hjB7aXqVhy
#netsec #redteam #EDR #evasion
🔗 https://github.com/optiv/Freeze
🐥 [ tweet ]
New Tool - Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods. Check it out: https://t.co/hjB7aXqVhy
#netsec #redteam #EDR #evasion
🔗 https://github.com/optiv/Freeze
🐥 [ tweet ]
😈 [ SemperisTech, Semperis ]
New research from Semperis' Charlie Clark (@exploitph) describes a vulnerability that could open new attack paths, detection bypasses, and potential weakening of security controls, putting orgs at higher risk from #Kerberoasting and other attacks. 👇
https://t.co/Z3dqq3i8EJ
🔗 https://www.semperis.com/blog/new-attack-paths-as-requested-sts
🐥 [ tweet ]
New research from Semperis' Charlie Clark (@exploitph) describes a vulnerability that could open new attack paths, detection bypasses, and potential weakening of security controls, putting orgs at higher risk from #Kerberoasting and other attacks. 👇
https://t.co/Z3dqq3i8EJ
🔗 https://www.semperis.com/blog/new-attack-paths-as-requested-sts
🐥 [ tweet ]
😈 [ ShitSecure, S3cur3Th1sSh1t ]
The difference between signature-based and behavioural detections. As well as a little philosophy. 😎
https://t.co/pmtqDdV1xx
🔗 https://s3cur3th1ssh1t.github.io/Signature_vs_Behaviour/
🐥 [ tweet ]
The difference between signature-based and behavioural detections. As well as a little philosophy. 😎
https://t.co/pmtqDdV1xx
🔗 https://s3cur3th1ssh1t.github.io/Signature_vs_Behaviour/
🐥 [ tweet ]
😈 [ _nwodtuhs, Charlie “Shutdown” ]
Wrapping things up and pushing a pull request on Impacket, followed by https://t.co/h6yAdPK5NM guidance on the matter
- Kerberoast trough AS-REQ w/o pre-auth
- Service ticket request through AS-REQ
Again, great work by @exploitph
🔗 http://thehacker.recipes
🐥 [ tweet ][ quote ]
Wrapping things up and pushing a pull request on Impacket, followed by https://t.co/h6yAdPK5NM guidance on the matter
- Kerberoast trough AS-REQ w/o pre-auth
- Service ticket request through AS-REQ
Again, great work by @exploitph
🔗 http://thehacker.recipes
🐥 [ tweet ][ quote ]
🔥2
😈 [ _nwodtuhs, Charlie “Shutdown” ]
THR guidance done : https://t.co/y3YFN4JUFi
🔗 https://www.thehacker.recipes/ad/movement/kerberos/kerberoast#kerberoast-w-o-pre-authentication
🐥 [ tweet ][ quote ]
THR guidance done : https://t.co/y3YFN4JUFi
🔗 https://www.thehacker.recipes/ad/movement/kerberos/kerberoast#kerberoast-w-o-pre-authentication
🐥 [ tweet ][ quote ]
😈 [ carlospolopm, carlospolop ]
HackTricks Cloud (or CloudTrick) is finally public:
- https://t.co/VwgVsUKo3x
- https://t.co/kZ9XlHAsJR
Thank you again to all the supporters!
#hacktricks #cloud
🔗 https://cloud.hacktricks.xyz/
🔗 https://github.com/carlospolop/hacktricks-cloud
🐥 [ tweet ]
HackTricks Cloud (or CloudTrick) is finally public:
- https://t.co/VwgVsUKo3x
- https://t.co/kZ9XlHAsJR
Thank you again to all the supporters!
#hacktricks #cloud
🔗 https://cloud.hacktricks.xyz/
🔗 https://github.com/carlospolop/hacktricks-cloud
🐥 [ tweet ]
😈 [ DirectoryRanger, DirectoryRanger ]
DumpThatLSASS. Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk
https://t.co/wKgBmr5CR6
🔗 https://github.com/D1rkMtr/DumpThatLSASS
🐥 [ tweet ]
DumpThatLSASS. Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk
https://t.co/wKgBmr5CR6
🔗 https://github.com/D1rkMtr/DumpThatLSASS
🐥 [ tweet ]
😈 [ zux0x3a, Lawrence 勞倫斯 ]
https://t.co/k3QhNFrV9R
🔗 https://github.com/Rvn0xsy/AsmShellcodeLoader
🐥 [ tweet ]
https://t.co/k3QhNFrV9R
🔗 https://github.com/Rvn0xsy/AsmShellcodeLoader
🐥 [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ aniqfakhrul, Aniq Fakhrul ]
Simple POC on exfiltrating using google translate. Also resolution is 💩, my bad.
🐥 [ tweet ]
Simple POC on exfiltrating using google translate. Also resolution is 💩, my bad.
🐥 [ tweet ]
🔥3
😈 [ cnotin, Clément Notin ]
Have you ever wondered how to decrypt “encrypted stub data” 🔐 fields in Wireshark when analyzing Kerberos, RPC, LDAP... traffic?
➡️ Ask no more!
https://t.co/dkjidQt6Fv
1. get Kerberos keys
2. give keys to Wireshark in a keytab file
3. get decrypted RPC!
Works with NTLM too 😉
🔗 https://medium.com/tenable-techblog/decrypt-encrypted-stub-data-in-wireshark-deb132c076e7
🐥 [ tweet ]
Have you ever wondered how to decrypt “encrypted stub data” 🔐 fields in Wireshark when analyzing Kerberos, RPC, LDAP... traffic?
➡️ Ask no more!
https://t.co/dkjidQt6Fv
1. get Kerberos keys
2. give keys to Wireshark in a keytab file
3. get decrypted RPC!
Works with NTLM too 😉
🔗 https://medium.com/tenable-techblog/decrypt-encrypted-stub-data-in-wireshark-deb132c076e7
🐥 [ tweet ]