👹 [ snovvcrash, sn🥶vvcr💥sh ]
Following @ShitSecure’s vibe of using SystemFunction032 for shellcode decryption, here’s its port to Python (encryptor) + C# (decryptor & runner): https://t.co/MVDoV9gEAo
It’s strange though that RC4 from OpenSSL is not compatible with SystemFunction032 🤔
🔗 https://gist.github.com/snovvcrash/3533d950be2d96cf52131e8393794d99
🐥 [ tweet ][ quote ]
Following @ShitSecure’s vibe of using SystemFunction032 for shellcode decryption, here’s its port to Python (encryptor) + C# (decryptor & runner): https://t.co/MVDoV9gEAo
It’s strange though that RC4 from OpenSSL is not compatible with SystemFunction032 🤔
🔗 https://gist.github.com/snovvcrash/3533d950be2d96cf52131e8393794d99
🐥 [ tweet ][ quote ]
😈 [ an0n_r0, an0n ]
here is the proper way to RC4 encode with OpenSSL compatible with SystemFunction032 (use the raw hex key instead of passphrase).
awesome shellcode exec method from @ShitSecure 👍
https://t.co/renlMV0rsE
🔗 https://s3cur3th1ssh1t.github.io/SystemFunction032_Shellcode/
🐥 [ tweet ][ quote ]
here is the proper way to RC4 encode with OpenSSL compatible with SystemFunction032 (use the raw hex key instead of passphrase).
awesome shellcode exec method from @ShitSecure 👍
https://t.co/renlMV0rsE
🔗 https://s3cur3th1ssh1t.github.io/SystemFunction032_Shellcode/
🐥 [ tweet ][ quote ]
😈 [ _EthicalChaos_, Ceri 🏴 ]
Here you go folks, initial release of Volumiser. Dealing with those 100G virtual disc images during red team ops just got easier. Limited testing so far so would love to hear about any problems that pop up.
https://t.co/8Ql0jY8XV6
🔗 https://github.com/CCob/Volumiser
🐥 [ tweet ]
Here you go folks, initial release of Volumiser. Dealing with those 100G virtual disc images during red team ops just got easier. Limited testing so far so would love to hear about any problems that pop up.
https://t.co/8Ql0jY8XV6
🔗 https://github.com/CCob/Volumiser
🐥 [ tweet ]
😈 [ harmj0y, Will Schroeder ]
@tifkin_ and I give you "Certificates and Pwnage and Patches, Oh My!" https://t.co/kCOK1AQSUR . We clarify some misconceptions we had about AD CS, explain the KB5014754 patch and its implications, and detail some of the awesome AD CS work from people like @ly4k_ . Enjoy!
🔗 https://posts.specterops.io/certificates-and-pwnage-and-patches-oh-my-8ae0f4304c1d
🐥 [ tweet ]
@tifkin_ and I give you "Certificates and Pwnage and Patches, Oh My!" https://t.co/kCOK1AQSUR . We clarify some misconceptions we had about AD CS, explain the KB5014754 patch and its implications, and detail some of the awesome AD CS work from people like @ly4k_ . Enjoy!
🔗 https://posts.specterops.io/certificates-and-pwnage-and-patches-oh-my-8ae0f4304c1d
🐥 [ tweet ]
🔥1
😈 [ M4yFly, Mayfly ]
Welcome to the new AD Mindmap upgrade !
v2022_11 will be dark only (this is too painful to maintain two versions).
Thx again to : @Vikingfr and @Sant0rryu for their help 👍
Full quality and zoomable version here :
https://t.co/eIJE0apRzw
Overview :
🔗 https://orange-cyberdefense.github.io/ocd-mindmaps/img/pentest_ad_dark_2022_11.noscript
🐥 [ tweet ]
Welcome to the new AD Mindmap upgrade !
v2022_11 will be dark only (this is too painful to maintain two versions).
Thx again to : @Vikingfr and @Sant0rryu for their help 👍
Full quality and zoomable version here :
https://t.co/eIJE0apRzw
Overview :
🔗 https://orange-cyberdefense.github.io/ocd-mindmaps/img/pentest_ad_dark_2022_11.noscript
🐥 [ tweet ]
😈 [ ShitSecure, S3cur3Th1sSh1t ]
I really like DeepL for translations. But I also like the fact, that when using the Desktop APP is makes use of an signed executable named CreateDump.exe in %APPDATA%, which can dump e.g. LSASS 🧐🤩
🐥 [ tweet ]
I really like DeepL for translations. But I also like the fact, that when using the Desktop APP is makes use of an signed executable named CreateDump.exe in %APPDATA%, which can dump e.g. LSASS 🧐🤩
🐥 [ tweet ]
🤯3
😈 [ MrUn1k0d3r, Mr.Un1k0d3r ]
One byte AMSI and ETW patch. I've been sharing this for years but here is a simple repo to understand the idea.
https://t.co/xCgNBbYr13
#redteam
❤
🔗 https://github.com/Mr-Un1k0d3r/AMSI-ETW-Patch
🐥 [ tweet ]
One byte AMSI and ETW patch. I've been sharing this for years but here is a simple repo to understand the idea.
https://t.co/xCgNBbYr13
#redteam
❤
🔗 https://github.com/Mr-Un1k0d3r/AMSI-ETW-Patch
🐥 [ tweet ]
👍1
😈 [ BlackArrowSec, BlackArrow ]
SpecterOps revisits AD CS after the Certifried (CVE-2022–26923) patch and includes our research around ESC7, among others.
➡️ Our research: https://t.co/ZNMK1bWupm
🧵 A summary thread:
🔗 https://www.tarlogic.com/blog/ad-cs-manageca-rce/
🐥 [ tweet ][ quote ]
SpecterOps revisits AD CS after the Certifried (CVE-2022–26923) patch and includes our research around ESC7, among others.
➡️ Our research: https://t.co/ZNMK1bWupm
🧵 A summary thread:
🔗 https://www.tarlogic.com/blog/ad-cs-manageca-rce/
🐥 [ tweet ][ quote ]
👹 [ snovvcrash, sn🥶vvcr💥sh ]
A short story of extracting KeePassXC passphrase from memory using strings. Providing the resulting dump of strings as a wordlist to hashcat (13400) I cracked the database in a few seconds 😐
🐥 [ tweet ]
A short story of extracting KeePassXC passphrase from memory using strings. Providing the resulting dump of strings as a wordlist to hashcat (13400) I cracked the database in a few seconds 😐
🐥 [ tweet ]
😈 [ C5pider, 5pider ]
What an amazing video from @33y0re explaining modern Windows Kernel Exploitation. Going to start my journey of learning kernel exploit dev soon and this video explained a lot of things. https://t.co/BltKS0XZQp
🔗 https://www.youtube.com/watch?v=nauAlHXrkIk
🐥 [ tweet ]
What an amazing video from @33y0re explaining modern Windows Kernel Exploitation. Going to start my journey of learning kernel exploit dev soon and this video explained a lot of things. https://t.co/BltKS0XZQp
🔗 https://www.youtube.com/watch?v=nauAlHXrkIk
🐥 [ tweet ]
😈 [ 0xdf_, 0xdf ]
Shared from @hackthebox_eu has SQL injection in a cookie, iPython exploitation, some basic reverse enginnering, and Redis exploitation.
https://t.co/1ayMOYjPOw
🔗 https://0xdf.gitlab.io/2022/11/12/htb-shared.html
🐥 [ tweet ]
Shared from @hackthebox_eu has SQL injection in a cookie, iPython exploitation, some basic reverse enginnering, and Redis exploitation.
https://t.co/1ayMOYjPOw
🔗 https://0xdf.gitlab.io/2022/11/12/htb-shared.html
🐥 [ tweet ]
😈 [ M4yFly, Mayfly ]
Play with the ad lab goadv2 - part 10 : delegations
- constrained
- unconstrained (with and without protocol transition)
- resource based
https://t.co/47zFWSD7G9
🔗 https://mayfly277.github.io/posts/GOADv2-pwning-part10/
🐥 [ tweet ]
Play with the ad lab goadv2 - part 10 : delegations
- constrained
- unconstrained (with and without protocol transition)
- resource based
https://t.co/47zFWSD7G9
🔗 https://mayfly277.github.io/posts/GOADv2-pwning-part10/
🐥 [ tweet ]
😈 [ CaptMeelo, Meelo ]
Here's the tool that I demoed during my #SANSHackFest talk. Let's make it better by filing any issues you identified and submitting PRs.
#redteam #maldev
https://t.co/KvCJzVwSxi
🔗 https://github.com/capt-meelo/laZzzy
🐥 [ tweet ]
Here's the tool that I demoed during my #SANSHackFest talk. Let's make it better by filing any issues you identified and submitting PRs.
#redteam #maldev
https://t.co/KvCJzVwSxi
🔗 https://github.com/capt-meelo/laZzzy
🐥 [ tweet ]
😈 [ mpgn_x64, mpgn ]
CrackMapExec version 5.4.0 "Indestructible G0thm0g" is out for everyone and also available in @kalilinux 🎉
➡️ apt update
➡️ apt install crackmapexec
Happy Hacking ! 🔥🪂
Release blog post 🔽
https://t.co/gtOA7tt8Ey
🔗 https://wiki.porchetta.industries/news-2022/indestructible-g0thm0g
🐥 [ tweet ]
CrackMapExec version 5.4.0 "Indestructible G0thm0g" is out for everyone and also available in @kalilinux 🎉
➡️ apt update
➡️ apt install crackmapexec
Happy Hacking ! 🔥🪂
Release blog post 🔽
https://t.co/gtOA7tt8Ey
🔗 https://wiki.porchetta.industries/news-2022/indestructible-g0thm0g
🐥 [ tweet ]
😈 [ dec0ne, Mor Davidovich ]
Happy to share a new blog post I wrote about how I managed to dump LSASS undetected using a simple MiniDumpWriteDump against some of the most advanced EDRs in the market.
"It’s all in the details: The curious case of an LSASS dumper gone undetected"
https://t.co/YoDUW8LwKy
🔗 https://dec0ne.github.io/research/2022-11-14-Undetected-Lsass-Dump-Workflow/
🐥 [ tweet ]
Happy to share a new blog post I wrote about how I managed to dump LSASS undetected using a simple MiniDumpWriteDump against some of the most advanced EDRs in the market.
"It’s all in the details: The curious case of an LSASS dumper gone undetected"
https://t.co/YoDUW8LwKy
🔗 https://dec0ne.github.io/research/2022-11-14-Undetected-Lsass-Dump-Workflow/
🐥 [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ PortSwiggerRes, PortSwigger Research ]
Stealing passwords from infosec Mastodon - without bypassing CSP
https://t.co/kXIqj3tpAU
🔗 https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp
🐥 [ tweet ]
Stealing passwords from infosec Mastodon - without bypassing CSP
https://t.co/kXIqj3tpAU
🔗 https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp
🐥 [ tweet ]
😈 [ cerbersec, Cerbersec ]
Here are the #SANSHackFest demos for my Kernel Karnage talk!
WinDbg: https://t.co/RicezA3tkG
Full attack chain: https://t.co/spIcXE27Wk
🔗 https://youtu.be/QHEzyCGz-rk
🔗 https://youtu.be/EQqxQk7ytjw
🐥 [ tweet ]
Here are the #SANSHackFest demos for my Kernel Karnage talk!
WinDbg: https://t.co/RicezA3tkG
Full attack chain: https://t.co/spIcXE27Wk
🔗 https://youtu.be/QHEzyCGz-rk
🔗 https://youtu.be/EQqxQk7ytjw
🐥 [ tweet ]
😈 [ _EthicalChaos_, Ceri 🏴 ]
Just pushed a small change for the recently released Volumiser tool. You can now read files directly al a NinjaCopy style from physical disk and volume handles. Handy for exfiltrating registry hives or ntds.dit on hosts with EDR's.
🐥 [ tweet ]
Just pushed a small change for the recently released Volumiser tool. You can now read files directly al a NinjaCopy style from physical disk and volume handles. Handy for exfiltrating registry hives or ntds.dit on hosts with EDR's.
🐥 [ tweet ]
😈 [ zux0x3a, Lawrence 勞倫斯 | لورانس ]
https://t.co/nOAPMLpyhw
🔗 https://www.cyberwarfare.live/blog/vectored-syscall-poc
🐥 [ tweet ]
https://t.co/nOAPMLpyhw
🔗 https://www.cyberwarfare.live/blog/vectored-syscall-poc
🐥 [ tweet ]