😈 [ an0n_r0, an0n ]
here is a basic meterpreter protocol stager for PE stages using the libpeconv project by @hasherezade:
https://t.co/qsdb9XWvgj
no evasion included, using this only as a template. but already able to run it with a Sliver EXE beacon as a stage against Defender for Endpoint.
🔗 https://github.com/tothi/stager_libpeconv
🐥 [ tweet ]
here is a basic meterpreter protocol stager for PE stages using the libpeconv project by @hasherezade:
https://t.co/qsdb9XWvgj
no evasion included, using this only as a template. but already able to run it with a Sliver EXE beacon as a stage against Defender for Endpoint.
🔗 https://github.com/tothi/stager_libpeconv
🐥 [ tweet ]
🎃 [ vxunderground, vx-underground ]
From our headquarters underneath the Vatican, happy Halloween!
Today we release the first edition of our new publication Black Mass.
Special thanks to our Editor in Chief @h313n_0f_t0r for all of her hard work.
https://t.co/NbDen3RUOh
🔗 https://papers.vx-underground.org/papers/Other/VXUG%20Zines/Black%20Mass%20Halloween%202022.pdf
🐥 [ tweet ]
From our headquarters underneath the Vatican, happy Halloween!
Today we release the first edition of our new publication Black Mass.
Special thanks to our Editor in Chief @h313n_0f_t0r for all of her hard work.
https://t.co/NbDen3RUOh
🔗 https://papers.vx-underground.org/papers/Other/VXUG%20Zines/Black%20Mass%20Halloween%202022.pdf
🐥 [ tweet ]
👍1
😈 [ SkelSec, SkelSec ]
The two exploits for
CVE-2022-33679
CVE-2022-33647
are now available for @porchetta_ind subscribers. It will be available on github for the wider public in a few weeks.
https://t.co/c30GqXjIcx
🔗 https://gitlab.porchetta.industries/Skelsec/minikerberos
🐥 [ tweet ]
The two exploits for
CVE-2022-33679
CVE-2022-33647
are now available for @porchetta_ind subscribers. It will be available on github for the wider public in a few weeks.
https://t.co/c30GqXjIcx
🔗 https://gitlab.porchetta.industries/Skelsec/minikerberos
🐥 [ tweet ]
😈 [ mpgn_x64, mpgn ]
Decided to check on this writeup from @0xdf_ when I read this sentence: "I wasn’t able to get crackmapexec to work either."
With the latest update on CrackMapExec let's go for a 'Scrambled vs Crackmapexec' ! Getting root only using CME in 5 minutes 🚀✌️
https://t.co/hpz9JWnhzQ
🔗 https://gist.github.com/mpgn/9fc08b0f0fde55e8c322518bc1f9c317
🐥 [ tweet ][ quote ]
Decided to check on this writeup from @0xdf_ when I read this sentence: "I wasn’t able to get crackmapexec to work either."
With the latest update on CrackMapExec let's go for a 'Scrambled vs Crackmapexec' ! Getting root only using CME in 5 minutes 🚀✌️
https://t.co/hpz9JWnhzQ
🔗 https://gist.github.com/mpgn/9fc08b0f0fde55e8c322518bc1f9c317
🐥 [ tweet ][ quote ]
Forwarded from APT
🔑 Abuse Kerberos RC4 (CVE-2022-33679)
This blog post goes into detail on how Windows Kerberos Elevation of Privilege vulnerability works and how to force Kerberos to downgrade the encoding from the default AES encryption to the historical MD4-RC4. The vulnerability could allows an attacker to obtain an authenticated session on behalf of the victim and also lead to arbitrary code execution.
Research:
https://googleprojectzero.blogspot.com/2022/10/rc4-is-still-considered-harmful.html
Exploit:
https://github.com/Bdenneu/CVE-2022-33679
#ad #kerberos #rc4 #exploit
This blog post goes into detail on how Windows Kerberos Elevation of Privilege vulnerability works and how to force Kerberos to downgrade the encoding from the default AES encryption to the historical MD4-RC4. The vulnerability could allows an attacker to obtain an authenticated session on behalf of the victim and also lead to arbitrary code execution.
Research:
https://googleprojectzero.blogspot.com/2022/10/rc4-is-still-considered-harmful.html
Exploit:
https://github.com/Bdenneu/CVE-2022-33679
#ad #kerberos #rc4 #exploit
😈 [ SEKTOR7net, SEKTOR7 Institute ]
How to avoid memory scanners?
@kyleavery_ brings the answer.
https://t.co/0azWrDcG2N
🔗 https://www.youtube.com/watch?v=edIMUcxCueA
🐥 [ tweet ]
How to avoid memory scanners?
@kyleavery_ brings the answer.
https://t.co/0azWrDcG2N
🔗 https://www.youtube.com/watch?v=edIMUcxCueA
🐥 [ tweet ]
😈 [ _RastaMouse, Rasta Mouse ]
Nim in 100 Seconds
https://t.co/GeYgqYsM8M
🔗 https://www.youtube.com/watch?v=WHyOHQ_GkNo
🐥 [ tweet ]
Nim in 100 Seconds
https://t.co/GeYgqYsM8M
🔗 https://www.youtube.com/watch?v=WHyOHQ_GkNo
🐥 [ tweet ]
😈 [ icyguider, icyguider ]
After years of using the default examples, I've finally started writing my own custom noscripts using Impacket. Wanted to share a few examples that helped me during the learning process. Hope you enjoy! https://t.co/Ya5PAhHAZC
🔗 https://github.com/icyguider/MoreImpacketExamples
🐥 [ tweet ]
After years of using the default examples, I've finally started writing my own custom noscripts using Impacket. Wanted to share a few examples that helped me during the learning process. Hope you enjoy! https://t.co/Ya5PAhHAZC
🔗 https://github.com/icyguider/MoreImpacketExamples
🐥 [ tweet ]
😈 [ d3lb3_, Julien Bedel ]
Just released KeeFarce Reborn, yet another offensive KeePass extraction tool featuring a standalone DLL that exports databases in cleartext once injected in the KeePass process 🔓
https://t.co/uHc5I8RFVo
🔗 https://github.com/d3lb3/KeeFarceReborn
🐥 [ tweet ]
Just released KeeFarce Reborn, yet another offensive KeePass extraction tool featuring a standalone DLL that exports databases in cleartext once injected in the KeePass process 🔓
https://t.co/uHc5I8RFVo
🔗 https://github.com/d3lb3/KeeFarceReborn
🐥 [ tweet ]
😈 [ hasherezade, hasherezade ]
New #PEsieve/#HollowsHunter (v0.3.5): https://t.co/12PiCkLtf8 & https://t.co/FBWjtKp8ez - with some bugfixes & improvements. Check it out!
🔗 https://github.com/hasherezade/pe-sieve/releases/
🔗 https://github.com/hasherezade/hollows_hunter/releases
🐥 [ tweet ]
New #PEsieve/#HollowsHunter (v0.3.5): https://t.co/12PiCkLtf8 & https://t.co/FBWjtKp8ez - with some bugfixes & improvements. Check it out!
🔗 https://github.com/hasherezade/pe-sieve/releases/
🔗 https://github.com/hasherezade/hollows_hunter/releases
🐥 [ tweet ]
😈 [ ShitSecure, S3cur3Th1sSh1t ]
Alternative use cases for SystemFunction032, what do other people think about at night? 🤓😅
https://t.co/pXKbbbemRR
🔗 https://s3cur3th1ssh1t.github.io/SystemFunction032_Shellcode/
🐥 [ tweet ]
Alternative use cases for SystemFunction032, what do other people think about at night? 🤓😅
https://t.co/pXKbbbemRR
🔗 https://s3cur3th1ssh1t.github.io/SystemFunction032_Shellcode/
🐥 [ tweet ]
😈 [ preemptdev, pre.empt.dev ]
The Maelstorm C2 Series has been summarised: https://t.co/WaZoAs1ct5
We don't have time at the moment to carry on with the series, so we put it all together in one place. However, let us know if there are any gaps you think we could expand on and we could pick it back up!
🔗 https://mez0.cc/posts/maelstrom/
🐥 [ tweet ]
The Maelstorm C2 Series has been summarised: https://t.co/WaZoAs1ct5
We don't have time at the moment to carry on with the series, so we put it all together in one place. However, let us know if there are any gaps you think we could expand on and we could pick it back up!
🔗 https://mez0.cc/posts/maelstrom/
🐥 [ tweet ]
😈 [ CaptMeelo, Meelo ]
I made some experiments over the past few days and I wanted share what I learned/observed.
#redteam #maldev #infosec
https://t.co/l1ANZbf6fg
🔗 https://captmeelo.com/redteam/maldev/2022/11/07/cloning-signing.html
🐥 [ tweet ]
I made some experiments over the past few days and I wanted share what I learned/observed.
#redteam #maldev #infosec
https://t.co/l1ANZbf6fg
🔗 https://captmeelo.com/redteam/maldev/2022/11/07/cloning-signing.html
🐥 [ tweet ]
😈 [ M4yFly, Mayfly ]
Today, some lateral move inside GOAD.
https://t.co/N9s5JZ0Wv1
🔗 https://mayfly277.github.io/posts/GOADv2-pwning-part9/
🐥 [ tweet ]
Today, some lateral move inside GOAD.
https://t.co/N9s5JZ0Wv1
🔗 https://mayfly277.github.io/posts/GOADv2-pwning-part9/
🐥 [ tweet ]
😈 [ SEKTOR7net, SEKTOR7 Institute ]
Halo's Gate is (almost) dead,
Long live ShellWasp!
"Weaponizing Windows Syscalls":
https://t.co/VU8KIsZNb9
🔗 https://www.youtube.com/watch?v=ME7IGHPcSKw
🐥 [ tweet ]
Halo's Gate is (almost) dead,
Long live ShellWasp!
"Weaponizing Windows Syscalls":
https://t.co/VU8KIsZNb9
🔗 https://www.youtube.com/watch?v=ME7IGHPcSKw
🐥 [ tweet ]
👹 [ snovvcrash, sn🥶vvcr💥sh ]
Following @ShitSecure’s vibe of using SystemFunction032 for shellcode decryption, here’s its port to Python (encryptor) + C# (decryptor & runner): https://t.co/MVDoV9gEAo
It’s strange though that RC4 from OpenSSL is not compatible with SystemFunction032 🤔
🔗 https://gist.github.com/snovvcrash/3533d950be2d96cf52131e8393794d99
🐥 [ tweet ][ quote ]
Following @ShitSecure’s vibe of using SystemFunction032 for shellcode decryption, here’s its port to Python (encryptor) + C# (decryptor & runner): https://t.co/MVDoV9gEAo
It’s strange though that RC4 from OpenSSL is not compatible with SystemFunction032 🤔
🔗 https://gist.github.com/snovvcrash/3533d950be2d96cf52131e8393794d99
🐥 [ tweet ][ quote ]
😈 [ an0n_r0, an0n ]
here is the proper way to RC4 encode with OpenSSL compatible with SystemFunction032 (use the raw hex key instead of passphrase).
awesome shellcode exec method from @ShitSecure 👍
https://t.co/renlMV0rsE
🔗 https://s3cur3th1ssh1t.github.io/SystemFunction032_Shellcode/
🐥 [ tweet ][ quote ]
here is the proper way to RC4 encode with OpenSSL compatible with SystemFunction032 (use the raw hex key instead of passphrase).
awesome shellcode exec method from @ShitSecure 👍
https://t.co/renlMV0rsE
🔗 https://s3cur3th1ssh1t.github.io/SystemFunction032_Shellcode/
🐥 [ tweet ][ quote ]