👹 [ snovvcrash, sn🥶vvcr💥sh ]
Based on @dec0ne’s work on ShadowSpray I’ve pushed a small update to #pywhisker of @_nwodtuhs and @podalirius_ implementing the ‘spray’ action. Now you can pass a list of users and try to add the same Shadow Credentials for each of them with pywhisker from Linux 👌🏻
🐥 [ tweet ]
Based on @dec0ne’s work on ShadowSpray I’ve pushed a small update to #pywhisker of @_nwodtuhs and @podalirius_ implementing the ‘spray’ action. Now you can pass a list of users and try to add the same Shadow Credentials for each of them with pywhisker from Linux 👌🏻
🐥 [ tweet ]
🔥1
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ zux0x3a, Lawrence 勞倫斯 ]
Ported the pascal version to C#, and becomes even better while smuggling the payload using Created Service DisplayName
https://t.co/EhR9yNybF2
what's new? => https://t.co/t7Tkv2AW4O
🔗 https://github.com/0xsp-SRD/0xsp.com/tree/main/chopper
🔗 https://ired.dev/discussion/13/chopper-payload-smuggling/p1?new=1
🐥 [ tweet ]
Ported the pascal version to C#, and becomes even better while smuggling the payload using Created Service DisplayName
https://t.co/EhR9yNybF2
what's new? => https://t.co/t7Tkv2AW4O
🔗 https://github.com/0xsp-SRD/0xsp.com/tree/main/chopper
🔗 https://ired.dev/discussion/13/chopper-payload-smuggling/p1?new=1
🐥 [ tweet ]
😈 [ 0xdf_, 0xdf ]
Perspective from @hackthebox_eu is all about exploitation of a ASP.NET application. There's file read, ssrf, cookie signing, crypto, deserialization, and much more. Beyond Root has JuicyPotatoNG that's almost blocked but not.
🔗 https://0xdf.gitlab.io/2022/10/15/htb-perspective.html
🐥 [ tweet ]
Perspective from @hackthebox_eu is all about exploitation of a ASP.NET application. There's file read, ssrf, cookie signing, crypto, deserialization, and much more. Beyond Root has JuicyPotatoNG that's almost blocked but not.
🔗 https://0xdf.gitlab.io/2022/10/15/htb-perspective.html
🐥 [ tweet ]
😈 [ dr4k0nia, dr4k0nia ]
Time for another blog post :) This time Im writing about building my own string encryption obfuscator in C#. Featuring a simple XOR based cipher and unique per string encryption keys. Works from .NET Framework 4.6+ up to latest .NET
https://t.co/htjR6XdS1Q
🔗 https://dr4k0nia.github.io/dotnet/coding/2022/10/15/Encrypting-Strings-In-NET.html
🐥 [ tweet ]
Time for another blog post :) This time Im writing about building my own string encryption obfuscator in C#. Featuring a simple XOR based cipher and unique per string encryption keys. Works from .NET Framework 4.6+ up to latest .NET
https://t.co/htjR6XdS1Q
🔗 https://dr4k0nia.github.io/dotnet/coding/2022/10/15/Encrypting-Strings-In-NET.html
🐥 [ tweet ]
😈 [ zux0x3a, Lawrence 勞倫斯 | لورانس ]
https://t.co/QOrhGwKctm
CredUI shellcoder runner shared !
🔗 https://ired.dev/discussion/comment/4/#Comment_4
🐥 [ tweet ]
https://t.co/QOrhGwKctm
CredUI shellcoder runner shared !
🔗 https://ired.dev/discussion/comment/4/#Comment_4
🐥 [ tweet ]
😈 [ dr4k0nia, dr4k0nia ]
Alongside my latest blog post about string encryption in .NET Im also releasing the source code of my string encryption obfuscator. https://t.co/eQVP1ZVAjt
🔗 https://github.com/dr4k0nia/XorStringsNET
🐥 [ tweet ]
Alongside my latest blog post about string encryption in .NET Im also releasing the source code of my string encryption obfuscator. https://t.co/eQVP1ZVAjt
🔗 https://github.com/dr4k0nia/XorStringsNET
🐥 [ tweet ]
😈 [ 424f424f, rvrsh3ll ]
Minor update to my BOF_Collection to make compiling a bit easier. https://t.co/SP7Bp4QTxg
🔗 https://github.com/rvrsh3ll/BOF_Collection
🐥 [ tweet ]
Minor update to my BOF_Collection to make compiling a bit easier. https://t.co/SP7Bp4QTxg
🔗 https://github.com/rvrsh3ll/BOF_Collection
🐥 [ tweet ]
😈 [ ORCx41, ORCA ]
Ever wanted to run your payload without being boring ? here you go ...
https://t.co/FmMEwiGWKV
🔗 https://github.com/ORCx41/NoRunPI
🐥 [ tweet ]
Ever wanted to run your payload without being boring ? here you go ...
https://t.co/FmMEwiGWKV
🔗 https://github.com/ORCx41/NoRunPI
🐥 [ tweet ]
😈 [ 424f424f, rvrsh3ll ]
A shellcode loader in the @MicrosoftStore ? What could go wrong.
https://t.co/V8M5iqHu9t
🔗 https://apps.microsoft.com/store/detail/shellcode-loader/9P6M7GWNH769
🐥 [ tweet ]
A shellcode loader in the @MicrosoftStore ? What could go wrong.
https://t.co/V8M5iqHu9t
🔗 https://apps.microsoft.com/store/detail/shellcode-loader/9P6M7GWNH769
🐥 [ tweet ]
😈 [ _Wra7h, Christian W ]
Found a reason to write PEResourceInject in C# this weekend. Here's the gist: https://t.co/AmfdkWzFZN
🔗 https://gist.github.com/Wra7h/65f52dc325a215227daa312a2e54a0a5
🐥 [ tweet ]
Found a reason to write PEResourceInject in C# this weekend. Here's the gist: https://t.co/AmfdkWzFZN
🔗 https://gist.github.com/Wra7h/65f52dc325a215227daa312a2e54a0a5
🐥 [ tweet ]
😈 [ bugch3ck, Jonas Vestberg ]
Making an old private project public. No news, just a merge of SweetPotato by @_EthicalChaos_ and SharpSystemTriggers/SharpEfsTrigger by @cube0x0.
https://t.co/EIX4QWoRLP
🔗 https://github.com/bugch3ck/SharpEfsPotato
🐥 [ tweet ]
Making an old private project public. No news, just a merge of SweetPotato by @_EthicalChaos_ and SharpSystemTriggers/SharpEfsTrigger by @cube0x0.
https://t.co/EIX4QWoRLP
🔗 https://github.com/bugch3ck/SharpEfsPotato
🐥 [ tweet ]
😈 [ CaptMeelo, Meelo ]
Got some time over the weekend to make a new post. Here you go.
#redteam #maldev #pentest
https://t.co/Qlyc6A7YEf
🔗 https://captmeelo.com/redteam/maldev/2022/10/17/independent-malware.html
🐥 [ tweet ]
Got some time over the weekend to make a new post. Here you go.
#redteam #maldev #pentest
https://t.co/Qlyc6A7YEf
🔗 https://captmeelo.com/redteam/maldev/2022/10/17/independent-malware.html
🐥 [ tweet ]
😈 [ n00py1, n00py ]
Blue Teams turn for shellz
https://t.co/8L5t9N5w5H
🔗 https://github.com/its-arun/CVE-2022-39197
🐥 [ tweet ]
Blue Teams turn for shellz
https://t.co/8L5t9N5w5H
🔗 https://github.com/its-arun/CVE-2022-39197
🐥 [ tweet ]
😈 [ filip_dragovic, Filip Dragovic ]
PoC for CVE-2022-3368 , arbitrary file move bug I found in Avira Security.
https://t.co/MRewhiDit4
🔗 https://github.com/Wh04m1001/CVE-2022-3368
🐥 [ tweet ]
PoC for CVE-2022-3368 , arbitrary file move bug I found in Avira Security.
https://t.co/MRewhiDit4
🔗 https://github.com/Wh04m1001/CVE-2022-3368
🐥 [ tweet ]
😈 [ dafthack, Beau Bullock ]
Finding cleartext creds in AD user attributes is something that happens more than most might think. Great demo John! Here's a 1-liner to find these while leveraging PowerView:
https://t.co/ZItkN8BjZ9
And here's one for Azure AD:
https://t.co/IcCHRYPrE5
🔗 https://gist.github.com/dafthack/5f8c36f7468fad991e9e1f6d81ec29d4
🐥 [ tweet ][ quote ]
Finding cleartext creds in AD user attributes is something that happens more than most might think. Great demo John! Here's a 1-liner to find these while leveraging PowerView:
https://t.co/ZItkN8BjZ9
And here's one for Azure AD:
https://t.co/IcCHRYPrE5
🔗 https://gist.github.com/dafthack/5f8c36f7468fad991e9e1f6d81ec29d4
🐥 [ tweet ][ quote ]
🔥1
😈 [ n00py1, n00py ]
I made a tool to enumerate fine-grained password policies from Linux.
Not sure how useful it will be as you typically need admin to enumerate it. Either way, here it is!
https://t.co/gGphLCCmgN
🔗 https://github.com/n00py/GetFGPP
🐥 [ tweet ]
I made a tool to enumerate fine-grained password policies from Linux.
Not sure how useful it will be as you typically need admin to enumerate it. Either way, here it is!
https://t.co/gGphLCCmgN
🔗 https://github.com/n00py/GetFGPP
🐥 [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ 0x09AL, Rio ]
Full analysis of the Cobalt Strike RCE that me and @FuzzySec wrote is now up.
https://t.co/882Xpd3i8x
🔗 https://securityintelligence.com/posts/analysis-rce-vulnerability-cobalt-strike/
🐥 [ tweet ]
Full analysis of the Cobalt Strike RCE that me and @FuzzySec wrote is now up.
https://t.co/882Xpd3i8x
🔗 https://securityintelligence.com/posts/analysis-rce-vulnerability-cobalt-strike/
🐥 [ tweet ]
😈 [ Tarlogic, Tarlogic ]
From #Log4Shell to #Text4Shell. Vulnerability CVE-2022-42889 has once again put Java products in check, albeit with lesser affectation. Our colleagues @TuLkHaXs, @nicovell3, and @joserabal analyze the incident 👇
https://t.co/qGDpUOq3aY
🔗 https://www.tarlogic.com/blog/cve-2022-42889-critical-vulnerability-affects-apache-commons-text/
🐥 [ tweet ]
From #Log4Shell to #Text4Shell. Vulnerability CVE-2022-42889 has once again put Java products in check, albeit with lesser affectation. Our colleagues @TuLkHaXs, @nicovell3, and @joserabal analyze the incident 👇
https://t.co/qGDpUOq3aY
🔗 https://www.tarlogic.com/blog/cve-2022-42889-critical-vulnerability-affects-apache-commons-text/
🐥 [ tweet ]
😈 [ mpgn_x64, mpgn ]
New CrackMapExec module to dump Microsoft Teams cookies thanks to @KuiilSec contribution✌️
You can use them to retrieve informations like users, messages, groups etc or send directly messages in Teams 🔥
Initial discovery by @NoUselessTech 🪂
🐥 [ tweet ]
New CrackMapExec module to dump Microsoft Teams cookies thanks to @KuiilSec contribution✌️
You can use them to retrieve informations like users, messages, groups etc or send directly messages in Teams 🔥
Initial discovery by @NoUselessTech 🪂
🐥 [ tweet ]
😈 [ ShitSecure, S3cur3Th1sSh1t ]
Did not find any Twitter handle for credits but zimawhit3 released a (potential Nim gamechanging) repo. PiC Code over Nim? This would solve a lot of use-cases at least for me. +HalosGate/TargarusGate in Nim.🔥🔥
https://t.co/TQ82rbpwih
🔗 https://github.com/zimawhit3/Bitmancer
🐥 [ tweet ]
Did not find any Twitter handle for credits but zimawhit3 released a (potential Nim gamechanging) repo. PiC Code over Nim? This would solve a lot of use-cases at least for me. +HalosGate/TargarusGate in Nim.🔥🔥
https://t.co/TQ82rbpwih
🔗 https://github.com/zimawhit3/Bitmancer
🐥 [ tweet ]
😈 [ 424f424f, rvrsh3ll ]
Having fun running PowerShell from Python https://t.co/j5g3qzwwlV
🔗 https://github.com/JamesWTruher/PsPython
🐥 [ tweet ]
Having fun running PowerShell from Python https://t.co/j5g3qzwwlV
🔗 https://github.com/JamesWTruher/PsPython
🐥 [ tweet ]