😈 [ 0x09AL, Rio ]

Full analysis of the Cobalt Strike RCE that me and @FuzzySec wrote is now up.
https://t.co/882Xpd3i8x

🔗 https://securityintelligence.com/posts/analysis-rce-vulnerability-cobalt-strike/

🐥 [ tweet ]

😈 [ Tarlogic, Tarlogic ]

From #Log4Shell to #Text4Shell. Vulnerability CVE-2022-42889 has once again put Java products in check, albeit with lesser affectation. Our colleagues @TuLkHaXs, @nicovell3, and @joserabal analyze the incident 👇

https://t.co/qGDpUOq3aY

🔗 https://www.tarlogic.com/blog/cve-2022-42889-critical-vulnerability-affects-apache-commons-text/

🐥 [ tweet ]

😈 [ mpgn_x64, mpgn ]

New CrackMapExec module to dump Microsoft Teams cookies thanks to @KuiilSec contribution✌️

You can use them to retrieve informations like users, messages, groups etc or send directly messages in Teams 🔥

Initial discovery by @NoUselessTech 🪂

🐥 [ tweet ]

😈 [ ShitSecure, S3cur3Th1sSh1t ]

Did not find any Twitter handle for credits but zimawhit3 released a (potential Nim gamechanging) repo. PiC Code over Nim? This would solve a lot of use-cases at least for me. +HalosGate/TargarusGate in Nim.🔥🔥

https://t.co/TQ82rbpwih

🔗 https://github.com/zimawhit3/Bitmancer

🐥 [ tweet ]

😈 [ 424f424f, rvrsh3ll ]

Having fun running PowerShell from Python https://t.co/j5g3qzwwlV

🔗 https://github.com/JamesWTruher/PsPython

🐥 [ tweet ]

😈 [ ippsec, ippsec ]

#HackTheBox Faculty video is up! Enjoyed abusing the ptrace capability with GDB to inject code into a running process. But my fav was an Unintended SQL Injection in an Update Statement because it teaches an important lesson on how dangerous type can be. https://t.co/y3VHiqHrYw

🔗 https://www.youtube.com/watch?v=LGO-dn7668g

🐥 [ tweet ]

😈 [ D1rkMtr, D1rkMtr ]

https://t.co/UMTaYerSnT
Force the triggering of a conditional jump inside AmsiOpenSession() to close AMSI scaning session:
The 1st patch by corrupting the Amsi context header.
The 2nd patch by changing the string "AMSI" which will be compared to the Amsi context header to "D1RK".

🔗 https://github.com/D1rkMtr/PatchThatAMSI

🐥 [ tweet ]

😈 [ jack_halon, Jack Halon ]

Today I am finally releasing a new 3-part browser exploitation series on Chrome! This was written to help beginners break into the browser exploitation field.

Part 1 covers V8 internals such as objects, properties, and memory optimizations. Enjoy! https://t.co/bbFjOOzlOu

🔗 https://jhalon.github.io/chrome-browser-exploitation-1/

🐥 [ tweet ]

😈 [ mpgn_x64, mpgn ]

CrackMapExec can now retrieve gMSA passwords using LDAP protocol and option --gmsa 🔥 Thanks to @pentest_swissky for this addition into CME 🫡

Also, I probably don't say it enough but thanks to all the sponsors from @porchetta_ind 🪂

🐥 [ tweet ]

😈 [ kalilinux, Kali Linux ]

New Blog Post - Kali Community Themes https://t.co/G0IVtG4hcl

Everyone loves the default Kali themes, but some people like too heavily customize their install to make it their own. In this community blog post we discuss customizations some have made along with their configs.

🔗 https://www.kali.org/blog/kali-community-themes/

🐥 [ tweet ]

😈 [ mpgn_x64, mpgn ]

Dumping LSASS is such a 2020 move, let me introduce a new CrackMapExec module called Masky developed by @_ZakSec 🎉

If you have admin privilege, the module will impersonate all users connected -> ask a certificate (ADCS) -> retrieve the NT hash using PKINIT 🚀

Crazy module 🪂

🐥 [ tweet ]

😈 [ BlackArrowSec, BlackArrow ]

💥One shell to HANDLE them all
New approach to escalate privileges from a web shell by abusing open token handles. #RedTeam /cc @_Kudaes_

➡ https://t.co/8KWQw4q5U5

🔗 https://www.tarlogic.com/blog/token-handles-abuse-one-shell-to-handle-them-all/

🐥 [ tweet ]

😈 [ _dirkjan, Dirk-jan ]

If you missed my Black Hat US talk about abusing External Identities in Azure AD, I will be giving the talk again as a BH webcast on Thursday November 10th!
You can register on the BH site: https://t.co/9QgT5Cd5Xk
I'll be joined by @kfosaaen sharing more Azure AD research 😀

🔗 https://www.blackhat.com/html/webcast/11102022-backdooring-and-hijacking-azure-ad-accounts.html

🐥 [ tweet ]

😈 [ _RastaMouse, Rasta Mouse ]

I finally got around to publishing release binaries for #SharpC2. They're self-contained, so no need to have a .NET runtime or SDK installed to use.

https://t.co/sGFr5XbAtf

🔗 https://github.com/rasta-mouse/SharpC2/releases/latest

🐥 [ tweet ]

A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.

Denoscription
Upload a DLL to the target machine. Then it enables remote registry to modify AutodialDLL entry and start/restart BITS service. Svchosts would load our DLL, set again AutodiaDLL to default value and perform a RPC request to force LSASS to load the same DLL as a Security Support Provider. Once the DLL is loaded by LSASS, it would search inside the process memory to extract NTLM hashes and the key/IV.

😈 [ HackingLZ, Justin Elze ]

I just want to bump this excellent slide from @_wald0

🐥 [ tweet ]

😈 [ praetorianlabs, Praetorian ]

As CI/CD pipelines become more prevalent, their attack surface and abuse are being leveraged more and more by advanced red teams and real-world APTs

https://t.co/okEik1OrsK

🔗 http://ow.ly/erVT50LmSL7

🐥 [ tweet ]

😈 [ _RastaMouse, Rasta Mouse ]

[BLOG]
Short post on using the different methods for getting a Domain object in .NET and why you should care in your tools.

https://t.co/4l8jcx8ozN

🔗 https://rastamouse.me/getdomain-vs-getcomputerdomain-vs-getcurrentdomain/

🐥 [ tweet ]

😈 [ ShitSecure, S3cur3Th1sSh1t ]

Colleage of mine is currently on fire with blog posts and YouTube videos. 🔥Basic AV evasion stuff but also Pentest topics, and more. Worth checking out: @lsecqt

https://t.co/xMFoxckU9D

🔗 https://m.youtube.com/c/Lsecqt

🐥 [ tweet ]