😈 [ PizazzJazz, jazzpizazz ]
Needed BloodHound[.]py with kerberos support for the latest HTB machine, so I merged master into @_dirkjan's
Kerberos branch and it gave me working Bloodhound 4.2+ exports :) Try it out and report any issues to me! All credits go to the authors.
https://t.co/T6L9zjBsgS
🔗 https://github.com/jazzpizazz/BloodHound.py-Kerberos
🐥 [ tweet ]
Needed BloodHound[.]py with kerberos support for the latest HTB machine, so I merged master into @_dirkjan's
Kerberos branch and it gave me working Bloodhound 4.2+ exports :) Try it out and report any issues to me! All credits go to the authors.
https://t.co/T6L9zjBsgS
🔗 https://github.com/jazzpizazz/BloodHound.py-Kerberos
🐥 [ tweet ]
🔐 Мне очень нравятся атаки на #KeePass, поэтому держите подборку инструментов и ресерчей на тему:
- https://blog.harmj0y.net/redteaming/a-case-study-in-attacking-keepass/
- https://blog.harmj0y.net/redteaming/keethief-a-case-study-in-attacking-keepass-part-2/
- https://github.com/denandz/KeeFarce
- https://github.com/GhostPack/KeeThief
- https://snovvcrash.rocks/2022/06/01/keethief-syscalls.html
- https://github.com/Porchetta-Industries/CrackMapExec/pull/636
- https://github.com/Porchetta-Industries/CrackMapExec/pull/637
Мало кто знает, но защититься от большей части существующих векторов атак можно, используя опенсорсный форк KeePass – KeePassXC 😉
UPD. Забываем про KeePassXC 🤦🏻♂️
- https://blog.harmj0y.net/redteaming/a-case-study-in-attacking-keepass/
- https://blog.harmj0y.net/redteaming/keethief-a-case-study-in-attacking-keepass-part-2/
- https://github.com/denandz/KeeFarce
- https://github.com/GhostPack/KeeThief
- https://snovvcrash.rocks/2022/06/01/keethief-syscalls.html
- https://github.com/Porchetta-Industries/CrackMapExec/pull/636
- https://github.com/Porchetta-Industries/CrackMapExec/pull/637
Мало кто знает, но защититься от большей части существующих векторов атак можно, используя опенсорсный форк KeePass – KeePassXC 😉
UPD. Забываем про KeePassXC 🤦🏻♂️
🔥3
😈 [ Tyl0us, Matt Eidelberg ]
New Tool - Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods. Check it out: https://t.co/hjB7aXqVhy
#netsec #redteam #EDR #evasion
🔗 https://github.com/optiv/Freeze
🐥 [ tweet ]
New Tool - Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods. Check it out: https://t.co/hjB7aXqVhy
#netsec #redteam #EDR #evasion
🔗 https://github.com/optiv/Freeze
🐥 [ tweet ]
😈 [ SemperisTech, Semperis ]
New research from Semperis' Charlie Clark (@exploitph) describes a vulnerability that could open new attack paths, detection bypasses, and potential weakening of security controls, putting orgs at higher risk from #Kerberoasting and other attacks. 👇
https://t.co/Z3dqq3i8EJ
🔗 https://www.semperis.com/blog/new-attack-paths-as-requested-sts
🐥 [ tweet ]
New research from Semperis' Charlie Clark (@exploitph) describes a vulnerability that could open new attack paths, detection bypasses, and potential weakening of security controls, putting orgs at higher risk from #Kerberoasting and other attacks. 👇
https://t.co/Z3dqq3i8EJ
🔗 https://www.semperis.com/blog/new-attack-paths-as-requested-sts
🐥 [ tweet ]
😈 [ ShitSecure, S3cur3Th1sSh1t ]
The difference between signature-based and behavioural detections. As well as a little philosophy. 😎
https://t.co/pmtqDdV1xx
🔗 https://s3cur3th1ssh1t.github.io/Signature_vs_Behaviour/
🐥 [ tweet ]
The difference between signature-based and behavioural detections. As well as a little philosophy. 😎
https://t.co/pmtqDdV1xx
🔗 https://s3cur3th1ssh1t.github.io/Signature_vs_Behaviour/
🐥 [ tweet ]
😈 [ _nwodtuhs, Charlie “Shutdown” ]
Wrapping things up and pushing a pull request on Impacket, followed by https://t.co/h6yAdPK5NM guidance on the matter
- Kerberoast trough AS-REQ w/o pre-auth
- Service ticket request through AS-REQ
Again, great work by @exploitph
🔗 http://thehacker.recipes
🐥 [ tweet ][ quote ]
Wrapping things up and pushing a pull request on Impacket, followed by https://t.co/h6yAdPK5NM guidance on the matter
- Kerberoast trough AS-REQ w/o pre-auth
- Service ticket request through AS-REQ
Again, great work by @exploitph
🔗 http://thehacker.recipes
🐥 [ tweet ][ quote ]
🔥2
😈 [ _nwodtuhs, Charlie “Shutdown” ]
THR guidance done : https://t.co/y3YFN4JUFi
🔗 https://www.thehacker.recipes/ad/movement/kerberos/kerberoast#kerberoast-w-o-pre-authentication
🐥 [ tweet ][ quote ]
THR guidance done : https://t.co/y3YFN4JUFi
🔗 https://www.thehacker.recipes/ad/movement/kerberos/kerberoast#kerberoast-w-o-pre-authentication
🐥 [ tweet ][ quote ]
😈 [ carlospolopm, carlospolop ]
HackTricks Cloud (or CloudTrick) is finally public:
- https://t.co/VwgVsUKo3x
- https://t.co/kZ9XlHAsJR
Thank you again to all the supporters!
#hacktricks #cloud
🔗 https://cloud.hacktricks.xyz/
🔗 https://github.com/carlospolop/hacktricks-cloud
🐥 [ tweet ]
HackTricks Cloud (or CloudTrick) is finally public:
- https://t.co/VwgVsUKo3x
- https://t.co/kZ9XlHAsJR
Thank you again to all the supporters!
#hacktricks #cloud
🔗 https://cloud.hacktricks.xyz/
🔗 https://github.com/carlospolop/hacktricks-cloud
🐥 [ tweet ]
😈 [ DirectoryRanger, DirectoryRanger ]
DumpThatLSASS. Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk
https://t.co/wKgBmr5CR6
🔗 https://github.com/D1rkMtr/DumpThatLSASS
🐥 [ tweet ]
DumpThatLSASS. Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk
https://t.co/wKgBmr5CR6
🔗 https://github.com/D1rkMtr/DumpThatLSASS
🐥 [ tweet ]
😈 [ zux0x3a, Lawrence 勞倫斯 ]
https://t.co/k3QhNFrV9R
🔗 https://github.com/Rvn0xsy/AsmShellcodeLoader
🐥 [ tweet ]
https://t.co/k3QhNFrV9R
🔗 https://github.com/Rvn0xsy/AsmShellcodeLoader
🐥 [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ aniqfakhrul, Aniq Fakhrul ]
Simple POC on exfiltrating using google translate. Also resolution is 💩, my bad.
🐥 [ tweet ]
Simple POC on exfiltrating using google translate. Also resolution is 💩, my bad.
🐥 [ tweet ]
🔥3
😈 [ cnotin, Clément Notin ]
Have you ever wondered how to decrypt “encrypted stub data” 🔐 fields in Wireshark when analyzing Kerberos, RPC, LDAP... traffic?
➡️ Ask no more!
https://t.co/dkjidQt6Fv
1. get Kerberos keys
2. give keys to Wireshark in a keytab file
3. get decrypted RPC!
Works with NTLM too 😉
🔗 https://medium.com/tenable-techblog/decrypt-encrypted-stub-data-in-wireshark-deb132c076e7
🐥 [ tweet ]
Have you ever wondered how to decrypt “encrypted stub data” 🔐 fields in Wireshark when analyzing Kerberos, RPC, LDAP... traffic?
➡️ Ask no more!
https://t.co/dkjidQt6Fv
1. get Kerberos keys
2. give keys to Wireshark in a keytab file
3. get decrypted RPC!
Works with NTLM too 😉
🔗 https://medium.com/tenable-techblog/decrypt-encrypted-stub-data-in-wireshark-deb132c076e7
🐥 [ tweet ]
😈 [ NotMedic, Tim McGuffin ]
I don't know what to do with this knowledge, but today I learned that curl has a handler for LDAP URIs.
curl --user $CREDS "ldaps://ldap.foo.com/DC=ads,DC=foo,DC=com?memberOf?sub?(&(sAMAccountName=$USER)(memberOf=CN=$GROUP,OU=Distribution,OU=Groups,DC=ads,DC=foo,DC=com))"
🐥 [ tweet ]
I don't know what to do with this knowledge, but today I learned that curl has a handler for LDAP URIs.
curl --user $CREDS "ldaps://ldap.foo.com/DC=ads,DC=foo,DC=com?memberOf?sub?(&(sAMAccountName=$USER)(memberOf=CN=$GROUP,OU=Distribution,OU=Groups,DC=ads,DC=foo,DC=com))"
🐥 [ tweet ]
😈 [ PortSwiggerRes, PortSwigger Research ]
Arbitrary cache poisoning on all Akamai websites via 'Connection: Content-Length' - $50k in bounties well-earned by @jacopotediosi
https://t.co/UmlKIGsgWR
https://t.co/OFHGMVA2gP
🔗 https://medium.com/@jacopotediosi/worldwide-server-side-cache-poisoning-on-all-akamai-edge-nodes-50k-bounty-earned-f97d80f3922b
🔗 https://blog.hacktivesecurity.com/index.php/2022/09/17/http/
🐥 [ tweet ]
Arbitrary cache poisoning on all Akamai websites via 'Connection: Content-Length' - $50k in bounties well-earned by @jacopotediosi
https://t.co/UmlKIGsgWR
https://t.co/OFHGMVA2gP
🔗 https://medium.com/@jacopotediosi/worldwide-server-side-cache-poisoning-on-all-akamai-edge-nodes-50k-bounty-earned-f97d80f3922b
🔗 https://blog.hacktivesecurity.com/index.php/2022/09/17/http/
🐥 [ tweet ]
😈 [ C5pider, 5pider ]
Have fun guys.
https://t.co/hjq5qTYgMc
https://t.co/Z2mAJIiAGQ
https://t.co/WehmmCVCsC
🔗 https://www.virustotal.com/gui/file/ec6896542e726997e4e01d11f4fce88cb97ec59243f291966fb3ce48308041d8
🔗 https://www.virustotal.com/gui/file/56d507046eaf1fcfbdaa5491679c4f7244c9ad5cc9da4a03332c6ccb2f69ee2d
🔗 https://www.virustotal.com/gui/file-analysis/ZGFhZGU5ZWIzNjcxNzA4ODhkNzdmZDljNjViODY4MzU6MTY2NDU0NTE2Mw==
🐥 [ tweet ]
Have fun guys.
https://t.co/hjq5qTYgMc
https://t.co/Z2mAJIiAGQ
https://t.co/WehmmCVCsC
🔗 https://www.virustotal.com/gui/file/ec6896542e726997e4e01d11f4fce88cb97ec59243f291966fb3ce48308041d8
🔗 https://www.virustotal.com/gui/file/56d507046eaf1fcfbdaa5491679c4f7244c9ad5cc9da4a03332c6ccb2f69ee2d
🔗 https://www.virustotal.com/gui/file-analysis/ZGFhZGU5ZWIzNjcxNzA4ODhkNzdmZDljNjViODY4MzU6MTY2NDU0NTE2Mw==
🐥 [ tweet ]
эм, а где сорцы-то??🤔2