😈 [ ShitSecure, S3cur3Th1sSh1t ]
Alternative use cases for SystemFunction032, what do other people think about at night? 🤓😅
https://t.co/pXKbbbemRR
🔗 https://s3cur3th1ssh1t.github.io/SystemFunction032_Shellcode/
🐥 [ tweet ]
Alternative use cases for SystemFunction032, what do other people think about at night? 🤓😅
https://t.co/pXKbbbemRR
🔗 https://s3cur3th1ssh1t.github.io/SystemFunction032_Shellcode/
🐥 [ tweet ]
😈 [ preemptdev, pre.empt.dev ]
The Maelstorm C2 Series has been summarised: https://t.co/WaZoAs1ct5
We don't have time at the moment to carry on with the series, so we put it all together in one place. However, let us know if there are any gaps you think we could expand on and we could pick it back up!
🔗 https://mez0.cc/posts/maelstrom/
🐥 [ tweet ]
The Maelstorm C2 Series has been summarised: https://t.co/WaZoAs1ct5
We don't have time at the moment to carry on with the series, so we put it all together in one place. However, let us know if there are any gaps you think we could expand on and we could pick it back up!
🔗 https://mez0.cc/posts/maelstrom/
🐥 [ tweet ]
😈 [ CaptMeelo, Meelo ]
I made some experiments over the past few days and I wanted share what I learned/observed.
#redteam #maldev #infosec
https://t.co/l1ANZbf6fg
🔗 https://captmeelo.com/redteam/maldev/2022/11/07/cloning-signing.html
🐥 [ tweet ]
I made some experiments over the past few days and I wanted share what I learned/observed.
#redteam #maldev #infosec
https://t.co/l1ANZbf6fg
🔗 https://captmeelo.com/redteam/maldev/2022/11/07/cloning-signing.html
🐥 [ tweet ]
😈 [ M4yFly, Mayfly ]
Today, some lateral move inside GOAD.
https://t.co/N9s5JZ0Wv1
🔗 https://mayfly277.github.io/posts/GOADv2-pwning-part9/
🐥 [ tweet ]
Today, some lateral move inside GOAD.
https://t.co/N9s5JZ0Wv1
🔗 https://mayfly277.github.io/posts/GOADv2-pwning-part9/
🐥 [ tweet ]
😈 [ SEKTOR7net, SEKTOR7 Institute ]
Halo's Gate is (almost) dead,
Long live ShellWasp!
"Weaponizing Windows Syscalls":
https://t.co/VU8KIsZNb9
🔗 https://www.youtube.com/watch?v=ME7IGHPcSKw
🐥 [ tweet ]
Halo's Gate is (almost) dead,
Long live ShellWasp!
"Weaponizing Windows Syscalls":
https://t.co/VU8KIsZNb9
🔗 https://www.youtube.com/watch?v=ME7IGHPcSKw
🐥 [ tweet ]
👹 [ snovvcrash, sn🥶vvcr💥sh ]
Following @ShitSecure’s vibe of using SystemFunction032 for shellcode decryption, here’s its port to Python (encryptor) + C# (decryptor & runner): https://t.co/MVDoV9gEAo
It’s strange though that RC4 from OpenSSL is not compatible with SystemFunction032 🤔
🔗 https://gist.github.com/snovvcrash/3533d950be2d96cf52131e8393794d99
🐥 [ tweet ][ quote ]
Following @ShitSecure’s vibe of using SystemFunction032 for shellcode decryption, here’s its port to Python (encryptor) + C# (decryptor & runner): https://t.co/MVDoV9gEAo
It’s strange though that RC4 from OpenSSL is not compatible with SystemFunction032 🤔
🔗 https://gist.github.com/snovvcrash/3533d950be2d96cf52131e8393794d99
🐥 [ tweet ][ quote ]
😈 [ an0n_r0, an0n ]
here is the proper way to RC4 encode with OpenSSL compatible with SystemFunction032 (use the raw hex key instead of passphrase).
awesome shellcode exec method from @ShitSecure 👍
https://t.co/renlMV0rsE
🔗 https://s3cur3th1ssh1t.github.io/SystemFunction032_Shellcode/
🐥 [ tweet ][ quote ]
here is the proper way to RC4 encode with OpenSSL compatible with SystemFunction032 (use the raw hex key instead of passphrase).
awesome shellcode exec method from @ShitSecure 👍
https://t.co/renlMV0rsE
🔗 https://s3cur3th1ssh1t.github.io/SystemFunction032_Shellcode/
🐥 [ tweet ][ quote ]
😈 [ _EthicalChaos_, Ceri 🏴 ]
Here you go folks, initial release of Volumiser. Dealing with those 100G virtual disc images during red team ops just got easier. Limited testing so far so would love to hear about any problems that pop up.
https://t.co/8Ql0jY8XV6
🔗 https://github.com/CCob/Volumiser
🐥 [ tweet ]
Here you go folks, initial release of Volumiser. Dealing with those 100G virtual disc images during red team ops just got easier. Limited testing so far so would love to hear about any problems that pop up.
https://t.co/8Ql0jY8XV6
🔗 https://github.com/CCob/Volumiser
🐥 [ tweet ]
😈 [ harmj0y, Will Schroeder ]
@tifkin_ and I give you "Certificates and Pwnage and Patches, Oh My!" https://t.co/kCOK1AQSUR . We clarify some misconceptions we had about AD CS, explain the KB5014754 patch and its implications, and detail some of the awesome AD CS work from people like @ly4k_ . Enjoy!
🔗 https://posts.specterops.io/certificates-and-pwnage-and-patches-oh-my-8ae0f4304c1d
🐥 [ tweet ]
@tifkin_ and I give you "Certificates and Pwnage and Patches, Oh My!" https://t.co/kCOK1AQSUR . We clarify some misconceptions we had about AD CS, explain the KB5014754 patch and its implications, and detail some of the awesome AD CS work from people like @ly4k_ . Enjoy!
🔗 https://posts.specterops.io/certificates-and-pwnage-and-patches-oh-my-8ae0f4304c1d
🐥 [ tweet ]
🔥1
😈 [ M4yFly, Mayfly ]
Welcome to the new AD Mindmap upgrade !
v2022_11 will be dark only (this is too painful to maintain two versions).
Thx again to : @Vikingfr and @Sant0rryu for their help 👍
Full quality and zoomable version here :
https://t.co/eIJE0apRzw
Overview :
🔗 https://orange-cyberdefense.github.io/ocd-mindmaps/img/pentest_ad_dark_2022_11.noscript
🐥 [ tweet ]
Welcome to the new AD Mindmap upgrade !
v2022_11 will be dark only (this is too painful to maintain two versions).
Thx again to : @Vikingfr and @Sant0rryu for their help 👍
Full quality and zoomable version here :
https://t.co/eIJE0apRzw
Overview :
🔗 https://orange-cyberdefense.github.io/ocd-mindmaps/img/pentest_ad_dark_2022_11.noscript
🐥 [ tweet ]
😈 [ ShitSecure, S3cur3Th1sSh1t ]
I really like DeepL for translations. But I also like the fact, that when using the Desktop APP is makes use of an signed executable named CreateDump.exe in %APPDATA%, which can dump e.g. LSASS 🧐🤩
🐥 [ tweet ]
I really like DeepL for translations. But I also like the fact, that when using the Desktop APP is makes use of an signed executable named CreateDump.exe in %APPDATA%, which can dump e.g. LSASS 🧐🤩
🐥 [ tweet ]
🤯3
😈 [ MrUn1k0d3r, Mr.Un1k0d3r ]
One byte AMSI and ETW patch. I've been sharing this for years but here is a simple repo to understand the idea.
https://t.co/xCgNBbYr13
#redteam
❤
🔗 https://github.com/Mr-Un1k0d3r/AMSI-ETW-Patch
🐥 [ tweet ]
One byte AMSI and ETW patch. I've been sharing this for years but here is a simple repo to understand the idea.
https://t.co/xCgNBbYr13
#redteam
❤
🔗 https://github.com/Mr-Un1k0d3r/AMSI-ETW-Patch
🐥 [ tweet ]
👍1
😈 [ BlackArrowSec, BlackArrow ]
SpecterOps revisits AD CS after the Certifried (CVE-2022–26923) patch and includes our research around ESC7, among others.
➡️ Our research: https://t.co/ZNMK1bWupm
🧵 A summary thread:
🔗 https://www.tarlogic.com/blog/ad-cs-manageca-rce/
🐥 [ tweet ][ quote ]
SpecterOps revisits AD CS after the Certifried (CVE-2022–26923) patch and includes our research around ESC7, among others.
➡️ Our research: https://t.co/ZNMK1bWupm
🧵 A summary thread:
🔗 https://www.tarlogic.com/blog/ad-cs-manageca-rce/
🐥 [ tweet ][ quote ]
👹 [ snovvcrash, sn🥶vvcr💥sh ]
A short story of extracting KeePassXC passphrase from memory using strings. Providing the resulting dump of strings as a wordlist to hashcat (13400) I cracked the database in a few seconds 😐
🐥 [ tweet ]
A short story of extracting KeePassXC passphrase from memory using strings. Providing the resulting dump of strings as a wordlist to hashcat (13400) I cracked the database in a few seconds 😐
🐥 [ tweet ]
😈 [ C5pider, 5pider ]
What an amazing video from @33y0re explaining modern Windows Kernel Exploitation. Going to start my journey of learning kernel exploit dev soon and this video explained a lot of things. https://t.co/BltKS0XZQp
🔗 https://www.youtube.com/watch?v=nauAlHXrkIk
🐥 [ tweet ]
What an amazing video from @33y0re explaining modern Windows Kernel Exploitation. Going to start my journey of learning kernel exploit dev soon and this video explained a lot of things. https://t.co/BltKS0XZQp
🔗 https://www.youtube.com/watch?v=nauAlHXrkIk
🐥 [ tweet ]
😈 [ 0xdf_, 0xdf ]
Shared from @hackthebox_eu has SQL injection in a cookie, iPython exploitation, some basic reverse enginnering, and Redis exploitation.
https://t.co/1ayMOYjPOw
🔗 https://0xdf.gitlab.io/2022/11/12/htb-shared.html
🐥 [ tweet ]
Shared from @hackthebox_eu has SQL injection in a cookie, iPython exploitation, some basic reverse enginnering, and Redis exploitation.
https://t.co/1ayMOYjPOw
🔗 https://0xdf.gitlab.io/2022/11/12/htb-shared.html
🐥 [ tweet ]
😈 [ M4yFly, Mayfly ]
Play with the ad lab goadv2 - part 10 : delegations
- constrained
- unconstrained (with and without protocol transition)
- resource based
https://t.co/47zFWSD7G9
🔗 https://mayfly277.github.io/posts/GOADv2-pwning-part10/
🐥 [ tweet ]
Play with the ad lab goadv2 - part 10 : delegations
- constrained
- unconstrained (with and without protocol transition)
- resource based
https://t.co/47zFWSD7G9
🔗 https://mayfly277.github.io/posts/GOADv2-pwning-part10/
🐥 [ tweet ]
😈 [ CaptMeelo, Meelo ]
Here's the tool that I demoed during my #SANSHackFest talk. Let's make it better by filing any issues you identified and submitting PRs.
#redteam #maldev
https://t.co/KvCJzVwSxi
🔗 https://github.com/capt-meelo/laZzzy
🐥 [ tweet ]
Here's the tool that I demoed during my #SANSHackFest talk. Let's make it better by filing any issues you identified and submitting PRs.
#redteam #maldev
https://t.co/KvCJzVwSxi
🔗 https://github.com/capt-meelo/laZzzy
🐥 [ tweet ]