😈 [ _nwodtuhs, Charlie “Shutdown” ]
Releasing a few things based on S4U2self+u2u, enjoy
- SPN-less RBCD (based on @tiraniddo research 🔥)
- Sapphire tickets (based on the 💎Diamond ticket approach by @SemperisTech and research by @gentilkiwi). Credits also to @agsolino @MartinGalloAr @TalBeerySec @chernymi
🐥 [ tweet ]
Releasing a few things based on S4U2self+u2u, enjoy
- SPN-less RBCD (based on @tiraniddo research 🔥)
- Sapphire tickets (based on the 💎Diamond ticket approach by @SemperisTech and research by @gentilkiwi). Credits also to @agsolino @MartinGalloAr @TalBeerySec @chernymi
🐥 [ tweet ]
😈 [ ippsec, ippsec ]
Uploaded a video on using Sysmon to block File Writes and getting notified via Slack. My favorite thing about this Sysmon feature is it gives people an excuse to install Sysmon without centralized logging. https://t.co/7VcwMm8kH2
🔗 https://youtu.be/J9owPmgmfvo
🐥 [ tweet ]
Uploaded a video on using Sysmon to block File Writes and getting notified via Slack. My favorite thing about this Sysmon feature is it gives people an excuse to install Sysmon without centralized logging. https://t.co/7VcwMm8kH2
🔗 https://youtu.be/J9owPmgmfvo
🐥 [ tweet ]
😈 [ _nwodtuhs, Charlie “Shutdown” ]
The Hacker Recipes presents how to own Pre-Windows 2000 computer accounts. Shoutout to @KenjiEndo15 for preparing the recipe as well as @TrustedSec @Oddvarmoe for an awesome blogpost on the matter.
https://t.co/nPrnOWzGXW
🔗 https://www.thehacker.recipes/ad/movement/domain-settings/pre-windows-2000-computers
🐥 [ tweet ]
The Hacker Recipes presents how to own Pre-Windows 2000 computer accounts. Shoutout to @KenjiEndo15 for preparing the recipe as well as @TrustedSec @Oddvarmoe for an awesome blogpost on the matter.
https://t.co/nPrnOWzGXW
🔗 https://www.thehacker.recipes/ad/movement/domain-settings/pre-windows-2000-computers
🐥 [ tweet ]
😈 [ PizazzJazz, jazzpizazz ]
Needed BloodHound[.]py with kerberos support for the latest HTB machine, so I merged master into @_dirkjan's
Kerberos branch and it gave me working Bloodhound 4.2+ exports :) Try it out and report any issues to me! All credits go to the authors.
https://t.co/T6L9zjBsgS
🔗 https://github.com/jazzpizazz/BloodHound.py-Kerberos
🐥 [ tweet ]
Needed BloodHound[.]py with kerberos support for the latest HTB machine, so I merged master into @_dirkjan's
Kerberos branch and it gave me working Bloodhound 4.2+ exports :) Try it out and report any issues to me! All credits go to the authors.
https://t.co/T6L9zjBsgS
🔗 https://github.com/jazzpizazz/BloodHound.py-Kerberos
🐥 [ tweet ]
🔐 Мне очень нравятся атаки на #KeePass, поэтому держите подборку инструментов и ресерчей на тему:
- https://blog.harmj0y.net/redteaming/a-case-study-in-attacking-keepass/
- https://blog.harmj0y.net/redteaming/keethief-a-case-study-in-attacking-keepass-part-2/
- https://github.com/denandz/KeeFarce
- https://github.com/GhostPack/KeeThief
- https://snovvcrash.rocks/2022/06/01/keethief-syscalls.html
- https://github.com/Porchetta-Industries/CrackMapExec/pull/636
- https://github.com/Porchetta-Industries/CrackMapExec/pull/637
Мало кто знает, но защититься от большей части существующих векторов атак можно, используя опенсорсный форк KeePass – KeePassXC 😉
UPD. Забываем про KeePassXC 🤦🏻♂️
- https://blog.harmj0y.net/redteaming/a-case-study-in-attacking-keepass/
- https://blog.harmj0y.net/redteaming/keethief-a-case-study-in-attacking-keepass-part-2/
- https://github.com/denandz/KeeFarce
- https://github.com/GhostPack/KeeThief
- https://snovvcrash.rocks/2022/06/01/keethief-syscalls.html
- https://github.com/Porchetta-Industries/CrackMapExec/pull/636
- https://github.com/Porchetta-Industries/CrackMapExec/pull/637
Мало кто знает, но защититься от большей части существующих векторов атак можно, используя опенсорсный форк KeePass – KeePassXC 😉
UPD. Забываем про KeePassXC 🤦🏻♂️
🔥3
😈 [ Tyl0us, Matt Eidelberg ]
New Tool - Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods. Check it out: https://t.co/hjB7aXqVhy
#netsec #redteam #EDR #evasion
🔗 https://github.com/optiv/Freeze
🐥 [ tweet ]
New Tool - Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods. Check it out: https://t.co/hjB7aXqVhy
#netsec #redteam #EDR #evasion
🔗 https://github.com/optiv/Freeze
🐥 [ tweet ]
😈 [ SemperisTech, Semperis ]
New research from Semperis' Charlie Clark (@exploitph) describes a vulnerability that could open new attack paths, detection bypasses, and potential weakening of security controls, putting orgs at higher risk from #Kerberoasting and other attacks. 👇
https://t.co/Z3dqq3i8EJ
🔗 https://www.semperis.com/blog/new-attack-paths-as-requested-sts
🐥 [ tweet ]
New research from Semperis' Charlie Clark (@exploitph) describes a vulnerability that could open new attack paths, detection bypasses, and potential weakening of security controls, putting orgs at higher risk from #Kerberoasting and other attacks. 👇
https://t.co/Z3dqq3i8EJ
🔗 https://www.semperis.com/blog/new-attack-paths-as-requested-sts
🐥 [ tweet ]
😈 [ ShitSecure, S3cur3Th1sSh1t ]
The difference between signature-based and behavioural detections. As well as a little philosophy. 😎
https://t.co/pmtqDdV1xx
🔗 https://s3cur3th1ssh1t.github.io/Signature_vs_Behaviour/
🐥 [ tweet ]
The difference between signature-based and behavioural detections. As well as a little philosophy. 😎
https://t.co/pmtqDdV1xx
🔗 https://s3cur3th1ssh1t.github.io/Signature_vs_Behaviour/
🐥 [ tweet ]
😈 [ _nwodtuhs, Charlie “Shutdown” ]
Wrapping things up and pushing a pull request on Impacket, followed by https://t.co/h6yAdPK5NM guidance on the matter
- Kerberoast trough AS-REQ w/o pre-auth
- Service ticket request through AS-REQ
Again, great work by @exploitph
🔗 http://thehacker.recipes
🐥 [ tweet ][ quote ]
Wrapping things up and pushing a pull request on Impacket, followed by https://t.co/h6yAdPK5NM guidance on the matter
- Kerberoast trough AS-REQ w/o pre-auth
- Service ticket request through AS-REQ
Again, great work by @exploitph
🔗 http://thehacker.recipes
🐥 [ tweet ][ quote ]
🔥2
😈 [ _nwodtuhs, Charlie “Shutdown” ]
THR guidance done : https://t.co/y3YFN4JUFi
🔗 https://www.thehacker.recipes/ad/movement/kerberos/kerberoast#kerberoast-w-o-pre-authentication
🐥 [ tweet ][ quote ]
THR guidance done : https://t.co/y3YFN4JUFi
🔗 https://www.thehacker.recipes/ad/movement/kerberos/kerberoast#kerberoast-w-o-pre-authentication
🐥 [ tweet ][ quote ]
😈 [ carlospolopm, carlospolop ]
HackTricks Cloud (or CloudTrick) is finally public:
- https://t.co/VwgVsUKo3x
- https://t.co/kZ9XlHAsJR
Thank you again to all the supporters!
#hacktricks #cloud
🔗 https://cloud.hacktricks.xyz/
🔗 https://github.com/carlospolop/hacktricks-cloud
🐥 [ tweet ]
HackTricks Cloud (or CloudTrick) is finally public:
- https://t.co/VwgVsUKo3x
- https://t.co/kZ9XlHAsJR
Thank you again to all the supporters!
#hacktricks #cloud
🔗 https://cloud.hacktricks.xyz/
🔗 https://github.com/carlospolop/hacktricks-cloud
🐥 [ tweet ]
😈 [ DirectoryRanger, DirectoryRanger ]
DumpThatLSASS. Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk
https://t.co/wKgBmr5CR6
🔗 https://github.com/D1rkMtr/DumpThatLSASS
🐥 [ tweet ]
DumpThatLSASS. Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk
https://t.co/wKgBmr5CR6
🔗 https://github.com/D1rkMtr/DumpThatLSASS
🐥 [ tweet ]
😈 [ zux0x3a, Lawrence 勞倫斯 ]
https://t.co/k3QhNFrV9R
🔗 https://github.com/Rvn0xsy/AsmShellcodeLoader
🐥 [ tweet ]
https://t.co/k3QhNFrV9R
🔗 https://github.com/Rvn0xsy/AsmShellcodeLoader
🐥 [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ aniqfakhrul, Aniq Fakhrul ]
Simple POC on exfiltrating using google translate. Also resolution is 💩, my bad.
🐥 [ tweet ]
Simple POC on exfiltrating using google translate. Also resolution is 💩, my bad.
🐥 [ tweet ]
🔥3
😈 [ cnotin, Clément Notin ]
Have you ever wondered how to decrypt “encrypted stub data” 🔐 fields in Wireshark when analyzing Kerberos, RPC, LDAP... traffic?
➡️ Ask no more!
https://t.co/dkjidQt6Fv
1. get Kerberos keys
2. give keys to Wireshark in a keytab file
3. get decrypted RPC!
Works with NTLM too 😉
🔗 https://medium.com/tenable-techblog/decrypt-encrypted-stub-data-in-wireshark-deb132c076e7
🐥 [ tweet ]
Have you ever wondered how to decrypt “encrypted stub data” 🔐 fields in Wireshark when analyzing Kerberos, RPC, LDAP... traffic?
➡️ Ask no more!
https://t.co/dkjidQt6Fv
1. get Kerberos keys
2. give keys to Wireshark in a keytab file
3. get decrypted RPC!
Works with NTLM too 😉
🔗 https://medium.com/tenable-techblog/decrypt-encrypted-stub-data-in-wireshark-deb132c076e7
🐥 [ tweet ]