😈 [ 424f424f, rvrsh3ll ]
A shellcode loader in the @MicrosoftStore ? What could go wrong.
https://t.co/V8M5iqHu9t
🔗 https://apps.microsoft.com/store/detail/shellcode-loader/9P6M7GWNH769
🐥 [ tweet ]
A shellcode loader in the @MicrosoftStore ? What could go wrong.
https://t.co/V8M5iqHu9t
🔗 https://apps.microsoft.com/store/detail/shellcode-loader/9P6M7GWNH769
🐥 [ tweet ]
😈 [ _Wra7h, Christian W ]
Found a reason to write PEResourceInject in C# this weekend. Here's the gist: https://t.co/AmfdkWzFZN
🔗 https://gist.github.com/Wra7h/65f52dc325a215227daa312a2e54a0a5
🐥 [ tweet ]
Found a reason to write PEResourceInject in C# this weekend. Here's the gist: https://t.co/AmfdkWzFZN
🔗 https://gist.github.com/Wra7h/65f52dc325a215227daa312a2e54a0a5
🐥 [ tweet ]
😈 [ bugch3ck, Jonas Vestberg ]
Making an old private project public. No news, just a merge of SweetPotato by @_EthicalChaos_ and SharpSystemTriggers/SharpEfsTrigger by @cube0x0.
https://t.co/EIX4QWoRLP
🔗 https://github.com/bugch3ck/SharpEfsPotato
🐥 [ tweet ]
Making an old private project public. No news, just a merge of SweetPotato by @_EthicalChaos_ and SharpSystemTriggers/SharpEfsTrigger by @cube0x0.
https://t.co/EIX4QWoRLP
🔗 https://github.com/bugch3ck/SharpEfsPotato
🐥 [ tweet ]
😈 [ CaptMeelo, Meelo ]
Got some time over the weekend to make a new post. Here you go.
#redteam #maldev #pentest
https://t.co/Qlyc6A7YEf
🔗 https://captmeelo.com/redteam/maldev/2022/10/17/independent-malware.html
🐥 [ tweet ]
Got some time over the weekend to make a new post. Here you go.
#redteam #maldev #pentest
https://t.co/Qlyc6A7YEf
🔗 https://captmeelo.com/redteam/maldev/2022/10/17/independent-malware.html
🐥 [ tweet ]
😈 [ n00py1, n00py ]
Blue Teams turn for shellz
https://t.co/8L5t9N5w5H
🔗 https://github.com/its-arun/CVE-2022-39197
🐥 [ tweet ]
Blue Teams turn for shellz
https://t.co/8L5t9N5w5H
🔗 https://github.com/its-arun/CVE-2022-39197
🐥 [ tweet ]
😈 [ filip_dragovic, Filip Dragovic ]
PoC for CVE-2022-3368 , arbitrary file move bug I found in Avira Security.
https://t.co/MRewhiDit4
🔗 https://github.com/Wh04m1001/CVE-2022-3368
🐥 [ tweet ]
PoC for CVE-2022-3368 , arbitrary file move bug I found in Avira Security.
https://t.co/MRewhiDit4
🔗 https://github.com/Wh04m1001/CVE-2022-3368
🐥 [ tweet ]
😈 [ dafthack, Beau Bullock ]
Finding cleartext creds in AD user attributes is something that happens more than most might think. Great demo John! Here's a 1-liner to find these while leveraging PowerView:
https://t.co/ZItkN8BjZ9
And here's one for Azure AD:
https://t.co/IcCHRYPrE5
🔗 https://gist.github.com/dafthack/5f8c36f7468fad991e9e1f6d81ec29d4
🐥 [ tweet ][ quote ]
Finding cleartext creds in AD user attributes is something that happens more than most might think. Great demo John! Here's a 1-liner to find these while leveraging PowerView:
https://t.co/ZItkN8BjZ9
And here's one for Azure AD:
https://t.co/IcCHRYPrE5
🔗 https://gist.github.com/dafthack/5f8c36f7468fad991e9e1f6d81ec29d4
🐥 [ tweet ][ quote ]
🔥1
😈 [ n00py1, n00py ]
I made a tool to enumerate fine-grained password policies from Linux.
Not sure how useful it will be as you typically need admin to enumerate it. Either way, here it is!
https://t.co/gGphLCCmgN
🔗 https://github.com/n00py/GetFGPP
🐥 [ tweet ]
I made a tool to enumerate fine-grained password policies from Linux.
Not sure how useful it will be as you typically need admin to enumerate it. Either way, here it is!
https://t.co/gGphLCCmgN
🔗 https://github.com/n00py/GetFGPP
🐥 [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ 0x09AL, Rio ]
Full analysis of the Cobalt Strike RCE that me and @FuzzySec wrote is now up.
https://t.co/882Xpd3i8x
🔗 https://securityintelligence.com/posts/analysis-rce-vulnerability-cobalt-strike/
🐥 [ tweet ]
Full analysis of the Cobalt Strike RCE that me and @FuzzySec wrote is now up.
https://t.co/882Xpd3i8x
🔗 https://securityintelligence.com/posts/analysis-rce-vulnerability-cobalt-strike/
🐥 [ tweet ]
😈 [ Tarlogic, Tarlogic ]
From #Log4Shell to #Text4Shell. Vulnerability CVE-2022-42889 has once again put Java products in check, albeit with lesser affectation. Our colleagues @TuLkHaXs, @nicovell3, and @joserabal analyze the incident 👇
https://t.co/qGDpUOq3aY
🔗 https://www.tarlogic.com/blog/cve-2022-42889-critical-vulnerability-affects-apache-commons-text/
🐥 [ tweet ]
From #Log4Shell to #Text4Shell. Vulnerability CVE-2022-42889 has once again put Java products in check, albeit with lesser affectation. Our colleagues @TuLkHaXs, @nicovell3, and @joserabal analyze the incident 👇
https://t.co/qGDpUOq3aY
🔗 https://www.tarlogic.com/blog/cve-2022-42889-critical-vulnerability-affects-apache-commons-text/
🐥 [ tweet ]
😈 [ mpgn_x64, mpgn ]
New CrackMapExec module to dump Microsoft Teams cookies thanks to @KuiilSec contribution✌️
You can use them to retrieve informations like users, messages, groups etc or send directly messages in Teams 🔥
Initial discovery by @NoUselessTech 🪂
🐥 [ tweet ]
New CrackMapExec module to dump Microsoft Teams cookies thanks to @KuiilSec contribution✌️
You can use them to retrieve informations like users, messages, groups etc or send directly messages in Teams 🔥
Initial discovery by @NoUselessTech 🪂
🐥 [ tweet ]
😈 [ ShitSecure, S3cur3Th1sSh1t ]
Did not find any Twitter handle for credits but zimawhit3 released a (potential Nim gamechanging) repo. PiC Code over Nim? This would solve a lot of use-cases at least for me. +HalosGate/TargarusGate in Nim.🔥🔥
https://t.co/TQ82rbpwih
🔗 https://github.com/zimawhit3/Bitmancer
🐥 [ tweet ]
Did not find any Twitter handle for credits but zimawhit3 released a (potential Nim gamechanging) repo. PiC Code over Nim? This would solve a lot of use-cases at least for me. +HalosGate/TargarusGate in Nim.🔥🔥
https://t.co/TQ82rbpwih
🔗 https://github.com/zimawhit3/Bitmancer
🐥 [ tweet ]
😈 [ 424f424f, rvrsh3ll ]
Having fun running PowerShell from Python https://t.co/j5g3qzwwlV
🔗 https://github.com/JamesWTruher/PsPython
🐥 [ tweet ]
Having fun running PowerShell from Python https://t.co/j5g3qzwwlV
🔗 https://github.com/JamesWTruher/PsPython
🐥 [ tweet ]
😈 [ ippsec, ippsec ]
#HackTheBox Faculty video is up! Enjoyed abusing the ptrace capability with GDB to inject code into a running process. But my fav was an Unintended SQL Injection in an Update Statement because it teaches an important lesson on how dangerous type can be. https://t.co/y3VHiqHrYw
🔗 https://www.youtube.com/watch?v=LGO-dn7668g
🐥 [ tweet ]
#HackTheBox Faculty video is up! Enjoyed abusing the ptrace capability with GDB to inject code into a running process. But my fav was an Unintended SQL Injection in an Update Statement because it teaches an important lesson on how dangerous type can be. https://t.co/y3VHiqHrYw
🔗 https://www.youtube.com/watch?v=LGO-dn7668g
🐥 [ tweet ]
😈 [ D1rkMtr, D1rkMtr ]
https://t.co/UMTaYerSnT
Force the triggering of a conditional jump inside AmsiOpenSession() to close AMSI scaning session:
The 1st patch by corrupting the Amsi context header.
The 2nd patch by changing the string "AMSI" which will be compared to the Amsi context header to "D1RK".
🔗 https://github.com/D1rkMtr/PatchThatAMSI
🐥 [ tweet ]
https://t.co/UMTaYerSnT
Force the triggering of a conditional jump inside AmsiOpenSession() to close AMSI scaning session:
The 1st patch by corrupting the Amsi context header.
The 2nd patch by changing the string "AMSI" which will be compared to the Amsi context header to "D1RK".
🔗 https://github.com/D1rkMtr/PatchThatAMSI
🐥 [ tweet ]
😈 [ jack_halon, Jack Halon ]
Today I am finally releasing a new 3-part browser exploitation series on Chrome! This was written to help beginners break into the browser exploitation field.
Part 1 covers V8 internals such as objects, properties, and memory optimizations. Enjoy! https://t.co/bbFjOOzlOu
🔗 https://jhalon.github.io/chrome-browser-exploitation-1/
🐥 [ tweet ]
Today I am finally releasing a new 3-part browser exploitation series on Chrome! This was written to help beginners break into the browser exploitation field.
Part 1 covers V8 internals such as objects, properties, and memory optimizations. Enjoy! https://t.co/bbFjOOzlOu
🔗 https://jhalon.github.io/chrome-browser-exploitation-1/
🐥 [ tweet ]
😈 [ mpgn_x64, mpgn ]
CrackMapExec can now retrieve gMSA passwords using LDAP protocol and option --gmsa 🔥 Thanks to @pentest_swissky for this addition into CME 🫡
Also, I probably don't say it enough but thanks to all the sponsors from @porchetta_ind 🪂
🐥 [ tweet ]
CrackMapExec can now retrieve gMSA passwords using LDAP protocol and option --gmsa 🔥 Thanks to @pentest_swissky for this addition into CME 🫡
Also, I probably don't say it enough but thanks to all the sponsors from @porchetta_ind 🪂
🐥 [ tweet ]
😈 [ kalilinux, Kali Linux ]
New Blog Post - Kali Community Themes https://t.co/G0IVtG4hcl
Everyone loves the default Kali themes, but some people like too heavily customize their install to make it their own. In this community blog post we discuss customizations some have made along with their configs.
🔗 https://www.kali.org/blog/kali-community-themes/
🐥 [ tweet ]
New Blog Post - Kali Community Themes https://t.co/G0IVtG4hcl
Everyone loves the default Kali themes, but some people like too heavily customize their install to make it their own. In this community blog post we discuss customizations some have made along with their configs.
🔗 https://www.kali.org/blog/kali-community-themes/
🐥 [ tweet ]
😈 [ mpgn_x64, mpgn ]
Dumping LSASS is such a 2020 move, let me introduce a new CrackMapExec module called Masky developed by @_ZakSec 🎉
If you have admin privilege, the module will impersonate all users connected -> ask a certificate (ADCS) -> retrieve the NT hash using PKINIT 🚀
Crazy module 🪂
🐥 [ tweet ]
Dumping LSASS is such a 2020 move, let me introduce a new CrackMapExec module called Masky developed by @_ZakSec 🎉
If you have admin privilege, the module will impersonate all users connected -> ask a certificate (ADCS) -> retrieve the NT hash using PKINIT 🚀
Crazy module 🪂
🐥 [ tweet ]