😈 [ sensepost, Orange Cyberdefense's SensePost Team ]
Read @defte_'s Windows authentication token manipulation deep dive to compromise Active Directory in this new blog post. Includes a new tool and a CrackMapExec module using it as a, "token" of appreciation.
https://t.co/ML8FHoIi5f
🔗 https://sensepost.com/blog/2022/abusing-windows-tokens-to-compromise-active-directory-without-touching-lsass/
🐥 [ tweet ]
Read @defte_'s Windows authentication token manipulation deep dive to compromise Active Directory in this new blog post. Includes a new tool and a CrackMapExec module using it as a, "token" of appreciation.
https://t.co/ML8FHoIi5f
🔗 https://sensepost.com/blog/2022/abusing-windows-tokens-to-compromise-active-directory-without-touching-lsass/
🐥 [ tweet ]
😈 [ mpgn_x64, mpgn ]
We worked together with @_zblurx to pull this new feature on CME ! CrackMapExec can now authenticate using kerberos with login/pass/nthash/aeskey without the need of a KRB5CCNAME ticket env 🚀
But wait there is more! by adding this feature we can now mimic kerbrute features 🔥🫡
🐥 [ tweet ]
We worked together with @_zblurx to pull this new feature on CME ! CrackMapExec can now authenticate using kerberos with login/pass/nthash/aeskey without the need of a KRB5CCNAME ticket env 🚀
But wait there is more! by adding this feature we can now mimic kerbrute features 🔥🫡
🐥 [ tweet ]
🔥4
😈 [ an0n_r0, an0n ]
here is a basic meterpreter protocol stager for PE stages using the libpeconv project by @hasherezade:
https://t.co/qsdb9XWvgj
no evasion included, using this only as a template. but already able to run it with a Sliver EXE beacon as a stage against Defender for Endpoint.
🔗 https://github.com/tothi/stager_libpeconv
🐥 [ tweet ]
here is a basic meterpreter protocol stager for PE stages using the libpeconv project by @hasherezade:
https://t.co/qsdb9XWvgj
no evasion included, using this only as a template. but already able to run it with a Sliver EXE beacon as a stage against Defender for Endpoint.
🔗 https://github.com/tothi/stager_libpeconv
🐥 [ tweet ]
🎃 [ vxunderground, vx-underground ]
From our headquarters underneath the Vatican, happy Halloween!
Today we release the first edition of our new publication Black Mass.
Special thanks to our Editor in Chief @h313n_0f_t0r for all of her hard work.
https://t.co/NbDen3RUOh
🔗 https://papers.vx-underground.org/papers/Other/VXUG%20Zines/Black%20Mass%20Halloween%202022.pdf
🐥 [ tweet ]
From our headquarters underneath the Vatican, happy Halloween!
Today we release the first edition of our new publication Black Mass.
Special thanks to our Editor in Chief @h313n_0f_t0r for all of her hard work.
https://t.co/NbDen3RUOh
🔗 https://papers.vx-underground.org/papers/Other/VXUG%20Zines/Black%20Mass%20Halloween%202022.pdf
🐥 [ tweet ]
👍1
😈 [ SkelSec, SkelSec ]
The two exploits for
CVE-2022-33679
CVE-2022-33647
are now available for @porchetta_ind subscribers. It will be available on github for the wider public in a few weeks.
https://t.co/c30GqXjIcx
🔗 https://gitlab.porchetta.industries/Skelsec/minikerberos
🐥 [ tweet ]
The two exploits for
CVE-2022-33679
CVE-2022-33647
are now available for @porchetta_ind subscribers. It will be available on github for the wider public in a few weeks.
https://t.co/c30GqXjIcx
🔗 https://gitlab.porchetta.industries/Skelsec/minikerberos
🐥 [ tweet ]
😈 [ mpgn_x64, mpgn ]
Decided to check on this writeup from @0xdf_ when I read this sentence: "I wasn’t able to get crackmapexec to work either."
With the latest update on CrackMapExec let's go for a 'Scrambled vs Crackmapexec' ! Getting root only using CME in 5 minutes 🚀✌️
https://t.co/hpz9JWnhzQ
🔗 https://gist.github.com/mpgn/9fc08b0f0fde55e8c322518bc1f9c317
🐥 [ tweet ][ quote ]
Decided to check on this writeup from @0xdf_ when I read this sentence: "I wasn’t able to get crackmapexec to work either."
With the latest update on CrackMapExec let's go for a 'Scrambled vs Crackmapexec' ! Getting root only using CME in 5 minutes 🚀✌️
https://t.co/hpz9JWnhzQ
🔗 https://gist.github.com/mpgn/9fc08b0f0fde55e8c322518bc1f9c317
🐥 [ tweet ][ quote ]
Forwarded from APT
🔑 Abuse Kerberos RC4 (CVE-2022-33679)
This blog post goes into detail on how Windows Kerberos Elevation of Privilege vulnerability works and how to force Kerberos to downgrade the encoding from the default AES encryption to the historical MD4-RC4. The vulnerability could allows an attacker to obtain an authenticated session on behalf of the victim and also lead to arbitrary code execution.
Research:
https://googleprojectzero.blogspot.com/2022/10/rc4-is-still-considered-harmful.html
Exploit:
https://github.com/Bdenneu/CVE-2022-33679
#ad #kerberos #rc4 #exploit
This blog post goes into detail on how Windows Kerberos Elevation of Privilege vulnerability works and how to force Kerberos to downgrade the encoding from the default AES encryption to the historical MD4-RC4. The vulnerability could allows an attacker to obtain an authenticated session on behalf of the victim and also lead to arbitrary code execution.
Research:
https://googleprojectzero.blogspot.com/2022/10/rc4-is-still-considered-harmful.html
Exploit:
https://github.com/Bdenneu/CVE-2022-33679
#ad #kerberos #rc4 #exploit
😈 [ SEKTOR7net, SEKTOR7 Institute ]
How to avoid memory scanners?
@kyleavery_ brings the answer.
https://t.co/0azWrDcG2N
🔗 https://www.youtube.com/watch?v=edIMUcxCueA
🐥 [ tweet ]
How to avoid memory scanners?
@kyleavery_ brings the answer.
https://t.co/0azWrDcG2N
🔗 https://www.youtube.com/watch?v=edIMUcxCueA
🐥 [ tweet ]
😈 [ _RastaMouse, Rasta Mouse ]
Nim in 100 Seconds
https://t.co/GeYgqYsM8M
🔗 https://www.youtube.com/watch?v=WHyOHQ_GkNo
🐥 [ tweet ]
Nim in 100 Seconds
https://t.co/GeYgqYsM8M
🔗 https://www.youtube.com/watch?v=WHyOHQ_GkNo
🐥 [ tweet ]
😈 [ icyguider, icyguider ]
After years of using the default examples, I've finally started writing my own custom noscripts using Impacket. Wanted to share a few examples that helped me during the learning process. Hope you enjoy! https://t.co/Ya5PAhHAZC
🔗 https://github.com/icyguider/MoreImpacketExamples
🐥 [ tweet ]
After years of using the default examples, I've finally started writing my own custom noscripts using Impacket. Wanted to share a few examples that helped me during the learning process. Hope you enjoy! https://t.co/Ya5PAhHAZC
🔗 https://github.com/icyguider/MoreImpacketExamples
🐥 [ tweet ]
😈 [ d3lb3_, Julien Bedel ]
Just released KeeFarce Reborn, yet another offensive KeePass extraction tool featuring a standalone DLL that exports databases in cleartext once injected in the KeePass process 🔓
https://t.co/uHc5I8RFVo
🔗 https://github.com/d3lb3/KeeFarceReborn
🐥 [ tweet ]
Just released KeeFarce Reborn, yet another offensive KeePass extraction tool featuring a standalone DLL that exports databases in cleartext once injected in the KeePass process 🔓
https://t.co/uHc5I8RFVo
🔗 https://github.com/d3lb3/KeeFarceReborn
🐥 [ tweet ]
😈 [ hasherezade, hasherezade ]
New #PEsieve/#HollowsHunter (v0.3.5): https://t.co/12PiCkLtf8 & https://t.co/FBWjtKp8ez - with some bugfixes & improvements. Check it out!
🔗 https://github.com/hasherezade/pe-sieve/releases/
🔗 https://github.com/hasherezade/hollows_hunter/releases
🐥 [ tweet ]
New #PEsieve/#HollowsHunter (v0.3.5): https://t.co/12PiCkLtf8 & https://t.co/FBWjtKp8ez - with some bugfixes & improvements. Check it out!
🔗 https://github.com/hasherezade/pe-sieve/releases/
🔗 https://github.com/hasherezade/hollows_hunter/releases
🐥 [ tweet ]
😈 [ ShitSecure, S3cur3Th1sSh1t ]
Alternative use cases for SystemFunction032, what do other people think about at night? 🤓😅
https://t.co/pXKbbbemRR
🔗 https://s3cur3th1ssh1t.github.io/SystemFunction032_Shellcode/
🐥 [ tweet ]
Alternative use cases for SystemFunction032, what do other people think about at night? 🤓😅
https://t.co/pXKbbbemRR
🔗 https://s3cur3th1ssh1t.github.io/SystemFunction032_Shellcode/
🐥 [ tweet ]
😈 [ preemptdev, pre.empt.dev ]
The Maelstorm C2 Series has been summarised: https://t.co/WaZoAs1ct5
We don't have time at the moment to carry on with the series, so we put it all together in one place. However, let us know if there are any gaps you think we could expand on and we could pick it back up!
🔗 https://mez0.cc/posts/maelstrom/
🐥 [ tweet ]
The Maelstorm C2 Series has been summarised: https://t.co/WaZoAs1ct5
We don't have time at the moment to carry on with the series, so we put it all together in one place. However, let us know if there are any gaps you think we could expand on and we could pick it back up!
🔗 https://mez0.cc/posts/maelstrom/
🐥 [ tweet ]
😈 [ CaptMeelo, Meelo ]
I made some experiments over the past few days and I wanted share what I learned/observed.
#redteam #maldev #infosec
https://t.co/l1ANZbf6fg
🔗 https://captmeelo.com/redteam/maldev/2022/11/07/cloning-signing.html
🐥 [ tweet ]
I made some experiments over the past few days and I wanted share what I learned/observed.
#redteam #maldev #infosec
https://t.co/l1ANZbf6fg
🔗 https://captmeelo.com/redteam/maldev/2022/11/07/cloning-signing.html
🐥 [ tweet ]
😈 [ M4yFly, Mayfly ]
Today, some lateral move inside GOAD.
https://t.co/N9s5JZ0Wv1
🔗 https://mayfly277.github.io/posts/GOADv2-pwning-part9/
🐥 [ tweet ]
Today, some lateral move inside GOAD.
https://t.co/N9s5JZ0Wv1
🔗 https://mayfly277.github.io/posts/GOADv2-pwning-part9/
🐥 [ tweet ]
😈 [ SEKTOR7net, SEKTOR7 Institute ]
Halo's Gate is (almost) dead,
Long live ShellWasp!
"Weaponizing Windows Syscalls":
https://t.co/VU8KIsZNb9
🔗 https://www.youtube.com/watch?v=ME7IGHPcSKw
🐥 [ tweet ]
Halo's Gate is (almost) dead,
Long live ShellWasp!
"Weaponizing Windows Syscalls":
https://t.co/VU8KIsZNb9
🔗 https://www.youtube.com/watch?v=ME7IGHPcSKw
🐥 [ tweet ]
👹 [ snovvcrash, sn🥶vvcr💥sh ]
Following @ShitSecure’s vibe of using SystemFunction032 for shellcode decryption, here’s its port to Python (encryptor) + C# (decryptor & runner): https://t.co/MVDoV9gEAo
It’s strange though that RC4 from OpenSSL is not compatible with SystemFunction032 🤔
🔗 https://gist.github.com/snovvcrash/3533d950be2d96cf52131e8393794d99
🐥 [ tweet ][ quote ]
Following @ShitSecure’s vibe of using SystemFunction032 for shellcode decryption, here’s its port to Python (encryptor) + C# (decryptor & runner): https://t.co/MVDoV9gEAo
It’s strange though that RC4 from OpenSSL is not compatible with SystemFunction032 🤔
🔗 https://gist.github.com/snovvcrash/3533d950be2d96cf52131e8393794d99
🐥 [ tweet ][ quote ]