😈 [ harmj0y, Will Schroeder ]
@tifkin_ and I give you "Certificates and Pwnage and Patches, Oh My!" https://t.co/kCOK1AQSUR . We clarify some misconceptions we had about AD CS, explain the KB5014754 patch and its implications, and detail some of the awesome AD CS work from people like @ly4k_ . Enjoy!
🔗 https://posts.specterops.io/certificates-and-pwnage-and-patches-oh-my-8ae0f4304c1d
🐥 [ tweet ]
@tifkin_ and I give you "Certificates and Pwnage and Patches, Oh My!" https://t.co/kCOK1AQSUR . We clarify some misconceptions we had about AD CS, explain the KB5014754 patch and its implications, and detail some of the awesome AD CS work from people like @ly4k_ . Enjoy!
🔗 https://posts.specterops.io/certificates-and-pwnage-and-patches-oh-my-8ae0f4304c1d
🐥 [ tweet ]
🔥1
😈 [ M4yFly, Mayfly ]
Welcome to the new AD Mindmap upgrade !
v2022_11 will be dark only (this is too painful to maintain two versions).
Thx again to : @Vikingfr and @Sant0rryu for their help 👍
Full quality and zoomable version here :
https://t.co/eIJE0apRzw
Overview :
🔗 https://orange-cyberdefense.github.io/ocd-mindmaps/img/pentest_ad_dark_2022_11.noscript
🐥 [ tweet ]
Welcome to the new AD Mindmap upgrade !
v2022_11 will be dark only (this is too painful to maintain two versions).
Thx again to : @Vikingfr and @Sant0rryu for their help 👍
Full quality and zoomable version here :
https://t.co/eIJE0apRzw
Overview :
🔗 https://orange-cyberdefense.github.io/ocd-mindmaps/img/pentest_ad_dark_2022_11.noscript
🐥 [ tweet ]
😈 [ ShitSecure, S3cur3Th1sSh1t ]
I really like DeepL for translations. But I also like the fact, that when using the Desktop APP is makes use of an signed executable named CreateDump.exe in %APPDATA%, which can dump e.g. LSASS 🧐🤩
🐥 [ tweet ]
I really like DeepL for translations. But I also like the fact, that when using the Desktop APP is makes use of an signed executable named CreateDump.exe in %APPDATA%, which can dump e.g. LSASS 🧐🤩
🐥 [ tweet ]
🤯3
😈 [ MrUn1k0d3r, Mr.Un1k0d3r ]
One byte AMSI and ETW patch. I've been sharing this for years but here is a simple repo to understand the idea.
https://t.co/xCgNBbYr13
#redteam
❤
🔗 https://github.com/Mr-Un1k0d3r/AMSI-ETW-Patch
🐥 [ tweet ]
One byte AMSI and ETW patch. I've been sharing this for years but here is a simple repo to understand the idea.
https://t.co/xCgNBbYr13
#redteam
❤
🔗 https://github.com/Mr-Un1k0d3r/AMSI-ETW-Patch
🐥 [ tweet ]
👍1
😈 [ BlackArrowSec, BlackArrow ]
SpecterOps revisits AD CS after the Certifried (CVE-2022–26923) patch and includes our research around ESC7, among others.
➡️ Our research: https://t.co/ZNMK1bWupm
🧵 A summary thread:
🔗 https://www.tarlogic.com/blog/ad-cs-manageca-rce/
🐥 [ tweet ][ quote ]
SpecterOps revisits AD CS after the Certifried (CVE-2022–26923) patch and includes our research around ESC7, among others.
➡️ Our research: https://t.co/ZNMK1bWupm
🧵 A summary thread:
🔗 https://www.tarlogic.com/blog/ad-cs-manageca-rce/
🐥 [ tweet ][ quote ]
👹 [ snovvcrash, sn🥶vvcr💥sh ]
A short story of extracting KeePassXC passphrase from memory using strings. Providing the resulting dump of strings as a wordlist to hashcat (13400) I cracked the database in a few seconds 😐
🐥 [ tweet ]
A short story of extracting KeePassXC passphrase from memory using strings. Providing the resulting dump of strings as a wordlist to hashcat (13400) I cracked the database in a few seconds 😐
🐥 [ tweet ]
😈 [ C5pider, 5pider ]
What an amazing video from @33y0re explaining modern Windows Kernel Exploitation. Going to start my journey of learning kernel exploit dev soon and this video explained a lot of things. https://t.co/BltKS0XZQp
🔗 https://www.youtube.com/watch?v=nauAlHXrkIk
🐥 [ tweet ]
What an amazing video from @33y0re explaining modern Windows Kernel Exploitation. Going to start my journey of learning kernel exploit dev soon and this video explained a lot of things. https://t.co/BltKS0XZQp
🔗 https://www.youtube.com/watch?v=nauAlHXrkIk
🐥 [ tweet ]
😈 [ 0xdf_, 0xdf ]
Shared from @hackthebox_eu has SQL injection in a cookie, iPython exploitation, some basic reverse enginnering, and Redis exploitation.
https://t.co/1ayMOYjPOw
🔗 https://0xdf.gitlab.io/2022/11/12/htb-shared.html
🐥 [ tweet ]
Shared from @hackthebox_eu has SQL injection in a cookie, iPython exploitation, some basic reverse enginnering, and Redis exploitation.
https://t.co/1ayMOYjPOw
🔗 https://0xdf.gitlab.io/2022/11/12/htb-shared.html
🐥 [ tweet ]
😈 [ M4yFly, Mayfly ]
Play with the ad lab goadv2 - part 10 : delegations
- constrained
- unconstrained (with and without protocol transition)
- resource based
https://t.co/47zFWSD7G9
🔗 https://mayfly277.github.io/posts/GOADv2-pwning-part10/
🐥 [ tweet ]
Play with the ad lab goadv2 - part 10 : delegations
- constrained
- unconstrained (with and without protocol transition)
- resource based
https://t.co/47zFWSD7G9
🔗 https://mayfly277.github.io/posts/GOADv2-pwning-part10/
🐥 [ tweet ]
😈 [ CaptMeelo, Meelo ]
Here's the tool that I demoed during my #SANSHackFest talk. Let's make it better by filing any issues you identified and submitting PRs.
#redteam #maldev
https://t.co/KvCJzVwSxi
🔗 https://github.com/capt-meelo/laZzzy
🐥 [ tweet ]
Here's the tool that I demoed during my #SANSHackFest talk. Let's make it better by filing any issues you identified and submitting PRs.
#redteam #maldev
https://t.co/KvCJzVwSxi
🔗 https://github.com/capt-meelo/laZzzy
🐥 [ tweet ]
😈 [ mpgn_x64, mpgn ]
CrackMapExec version 5.4.0 "Indestructible G0thm0g" is out for everyone and also available in @kalilinux 🎉
➡️ apt update
➡️ apt install crackmapexec
Happy Hacking ! 🔥🪂
Release blog post 🔽
https://t.co/gtOA7tt8Ey
🔗 https://wiki.porchetta.industries/news-2022/indestructible-g0thm0g
🐥 [ tweet ]
CrackMapExec version 5.4.0 "Indestructible G0thm0g" is out for everyone and also available in @kalilinux 🎉
➡️ apt update
➡️ apt install crackmapexec
Happy Hacking ! 🔥🪂
Release blog post 🔽
https://t.co/gtOA7tt8Ey
🔗 https://wiki.porchetta.industries/news-2022/indestructible-g0thm0g
🐥 [ tweet ]
😈 [ dec0ne, Mor Davidovich ]
Happy to share a new blog post I wrote about how I managed to dump LSASS undetected using a simple MiniDumpWriteDump against some of the most advanced EDRs in the market.
"It’s all in the details: The curious case of an LSASS dumper gone undetected"
https://t.co/YoDUW8LwKy
🔗 https://dec0ne.github.io/research/2022-11-14-Undetected-Lsass-Dump-Workflow/
🐥 [ tweet ]
Happy to share a new blog post I wrote about how I managed to dump LSASS undetected using a simple MiniDumpWriteDump against some of the most advanced EDRs in the market.
"It’s all in the details: The curious case of an LSASS dumper gone undetected"
https://t.co/YoDUW8LwKy
🔗 https://dec0ne.github.io/research/2022-11-14-Undetected-Lsass-Dump-Workflow/
🐥 [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ PortSwiggerRes, PortSwigger Research ]
Stealing passwords from infosec Mastodon - without bypassing CSP
https://t.co/kXIqj3tpAU
🔗 https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp
🐥 [ tweet ]
Stealing passwords from infosec Mastodon - without bypassing CSP
https://t.co/kXIqj3tpAU
🔗 https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp
🐥 [ tweet ]
😈 [ cerbersec, Cerbersec ]
Here are the #SANSHackFest demos for my Kernel Karnage talk!
WinDbg: https://t.co/RicezA3tkG
Full attack chain: https://t.co/spIcXE27Wk
🔗 https://youtu.be/QHEzyCGz-rk
🔗 https://youtu.be/EQqxQk7ytjw
🐥 [ tweet ]
Here are the #SANSHackFest demos for my Kernel Karnage talk!
WinDbg: https://t.co/RicezA3tkG
Full attack chain: https://t.co/spIcXE27Wk
🔗 https://youtu.be/QHEzyCGz-rk
🔗 https://youtu.be/EQqxQk7ytjw
🐥 [ tweet ]
😈 [ _EthicalChaos_, Ceri 🏴 ]
Just pushed a small change for the recently released Volumiser tool. You can now read files directly al a NinjaCopy style from physical disk and volume handles. Handy for exfiltrating registry hives or ntds.dit on hosts with EDR's.
🐥 [ tweet ]
Just pushed a small change for the recently released Volumiser tool. You can now read files directly al a NinjaCopy style from physical disk and volume handles. Handy for exfiltrating registry hives or ntds.dit on hosts with EDR's.
🐥 [ tweet ]
😈 [ zux0x3a, Lawrence 勞倫斯 | لورانس ]
https://t.co/nOAPMLpyhw
🔗 https://www.cyberwarfare.live/blog/vectored-syscall-poc
🐥 [ tweet ]
https://t.co/nOAPMLpyhw
🔗 https://www.cyberwarfare.live/blog/vectored-syscall-poc
🐥 [ tweet ]
😈 [ t3l3machus, Panagiotis Chartas ]
Using 𝐕𝐢𝐥𝐥𝐚𝐢𝐧, the evolution of 𝐇𝐨𝐚𝐱𝐒𝐡𝐞𝐥𝐥 to generate an auto-obfuscated PowerShell backdoor payload, bypass Defender and gain access to a Windows 11 Enterprise machine.
Download, install, connect with others & enjoy hacking as a team: https://t.co/PNuUQLhV6J
🔗 https://github.com/t3l3machus/Villain
🐥 [ tweet ]
Using 𝐕𝐢𝐥𝐥𝐚𝐢𝐧, the evolution of 𝐇𝐨𝐚𝐱𝐒𝐡𝐞𝐥𝐥 to generate an auto-obfuscated PowerShell backdoor payload, bypass Defender and gain access to a Windows 11 Enterprise machine.
Download, install, connect with others & enjoy hacking as a team: https://t.co/PNuUQLhV6J
🔗 https://github.com/t3l3machus/Villain
🐥 [ tweet ]
😈 [ cyb3rops, Florian Roth ⚡ ]
Imagine you'd get access to an unknown SIEM of a new customer & would be given 10min to find malicious activity by using keyword searches on raw data, what would you search for?
I'll start
'.dmp full'
'whoami'
'delete shadows'
'FromBase64String'
'save HKLM\SAM'
' -w hidden '
🐥 [ tweet ]
Imagine you'd get access to an unknown SIEM of a new customer & would be given 10min to find malicious activity by using keyword searches on raw data, what would you search for?
I'll start
'.dmp full'
'whoami'
'delete shadows'
'FromBase64String'
'save HKLM\SAM'
' -w hidden '
🐥 [ tweet ]
🤔1
😈 [ jack_halon, Jack Halon ]
Today I am releasing part 2 of my 3-part browser exploitation series on Chrome!
In part 2, we take a deep dive into the V8 compiler pipeline by understanding what happens under the hood in Ignition, Sparkplug, and TurboFan!
Enjoy!
https://t.co/XAnbzdnjeQ
🔗 https://jhalon.github.io/chrome-browser-exploitation-2/
🐥 [ tweet ]
Today I am releasing part 2 of my 3-part browser exploitation series on Chrome!
In part 2, we take a deep dive into the V8 compiler pipeline by understanding what happens under the hood in Ignition, Sparkplug, and TurboFan!
Enjoy!
https://t.co/XAnbzdnjeQ
🔗 https://jhalon.github.io/chrome-browser-exploitation-2/
🐥 [ tweet ]
😈 [ aetsu, 𝕬𝖊𝖙𝖘𝖚 ]
TripleCross: A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
https://t.co/jZ8KQnSUxs
🔗 https://github.com/h3xduck/TripleCross
🐥 [ tweet ]
TripleCross: A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
https://t.co/jZ8KQnSUxs
🔗 https://github.com/h3xduck/TripleCross
🐥 [ tweet ]