😈 [ dec0ne, Mor Davidovich ]

Happy to share a new blog post I wrote about how I managed to dump LSASS undetected using a simple MiniDumpWriteDump against some of the most advanced EDRs in the market.

"It’s all in the details: The curious case of an LSASS dumper gone undetected"

https://t.co/YoDUW8LwKy

🔗 https://dec0ne.github.io/research/2022-11-14-Undetected-Lsass-Dump-Workflow/

🐥 [ tweet ]

😈 [ PortSwiggerRes, PortSwigger Research ]

Stealing passwords from infosec Mastodon - without bypassing CSP

https://t.co/kXIqj3tpAU

🔗 https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp

🐥 [ tweet ]

😈 [ cerbersec, Cerbersec ]

Here are the #SANSHackFest demos for my Kernel Karnage talk!

WinDbg: https://t.co/RicezA3tkG
Full attack chain: https://t.co/spIcXE27Wk

🔗 https://youtu.be/QHEzyCGz-rk
🔗 https://youtu.be/EQqxQk7ytjw

🐥 [ tweet ]

😈 [ _EthicalChaos_, Ceri 🏴󠁧󠁢󠁷󠁬󠁳󠁿 ]

Just pushed a small change for the recently released Volumiser tool. You can now read files directly al a NinjaCopy style from physical disk and volume handles. Handy for exfiltrating registry hives or ntds.dit on hosts with EDR's.

🐥 [ tweet ]

😈 [ zux0x3a, Lawrence 勞倫斯 | لورانس ]

https://t.co/nOAPMLpyhw

🔗 https://www.cyberwarfare.live/blog/vectored-syscall-poc

🐥 [ tweet ]

😈 [ t3l3machus, Panagiotis Chartas ]

Using 𝐕𝐢𝐥𝐥𝐚𝐢𝐧, the evolution of 𝐇𝐨𝐚𝐱𝐒𝐡𝐞𝐥𝐥 to generate an auto-obfuscated PowerShell backdoor payload, bypass Defender and gain access to a Windows 11 Enterprise machine.

Download, install, connect with others & enjoy hacking as a team: https://t.co/PNuUQLhV6J

🔗 https://github.com/t3l3machus/Villain

🐥 [ tweet ]

😈 [ cyb3rops, Florian Roth ⚡ ]

Imagine you'd get access to an unknown SIEM of a new customer & would be given 10min to find malicious activity by using keyword searches on raw data, what would you search for?

I'll start

'.dmp full'
'whoami'
'delete shadows'
'FromBase64String'
'save HKLM\SAM'
' -w hidden '

🐥 [ tweet ]

😈 [ jack_halon, Jack Halon ]

Today I am releasing part 2 of my 3-part browser exploitation series on Chrome!

In part 2, we take a deep dive into the V8 compiler pipeline by understanding what happens under the hood in Ignition, Sparkplug, and TurboFan!

Enjoy!

https://t.co/XAnbzdnjeQ

🔗 https://jhalon.github.io/chrome-browser-exploitation-2/

🐥 [ tweet ]

😈 [ aetsu, 𝕬𝖊𝖙𝖘𝖚 ]

TripleCross: A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.

https://t.co/jZ8KQnSUxs

🔗 https://github.com/h3xduck/TripleCross

🐥 [ tweet ]

😈 [ testanull, Janggggg ]

You guys must be waiting for this,
So this is the working PoC noscript of the Exchange 0day exploited ITW

https://t.co/XGx0fYJygm

🔗 https://github.com/testanull/ProxyNotShell-PoC

🐥 [ tweet ]

Новые сюрпризы в AD CS... Добавим технику ESC11🙈

https://blog.compass-security.com/2022/11/relaying-to-ad-certificate-services-over-rpc/

#ad #pentest #redteam

😈 [ Ben0xA, Ben Ten (0xA) ]

Releasing a new tool: Orpheus! Bypasses most Kerberoast Detections (including my own). Blog post and video is up at @TrustedSec! Even used @HackingDave's old alias in the demo. https://t.co/qhP8r28s4K #infosec #security #kerberoast

🔗 https://trustedsec.com/blog/the-art-of-bypassing-kerberoast-detections-with-orpheus/

🐥 [ tweet ]

😈 [ BushidoToken, Will | Darknet Diaries #126 ]

👉New Blog: I have attempted to track what happened to Conti this year after the leaks and collapse of the group. Here are my findings, largely based on #OSINT. Enjoy!

https://t.co/0jSd1ZFkLf #Conti #Quantum #BlackBasta #Royal #WizardSpider #CTI

🔗 https://blog.bushidotoken.net/2022/11/the-continuity-of-conti.html

🐥 [ tweet ]

😈 [ splinter_code, Antonio Cocomazzi ]

A bad news for all potato lovers 😭

Starting from Windows 11 22H2 a new code change in lsasrv.dll broke the trick to recover the INTERACTIVE sid group through the logon type New Credentials (9).

More details here 👇

https://t.co/hfhZxk3zMg

cc @decoder_it

🔗 https://github.com/antonioCoco/JuicyPotatoNG/issues/4

🐥 [ tweet ]

Я, конечно, не хвастаюсь, но… 😳😱

😈 [ 0xdf_, 0xdf ]

Hathor from @hackthebox_eu was a monster Windows box. My favorite parts were being forced to understand the AppLocker rules, and finding the code signing cert in the recycle bin and using it to bypass applocker. Lots of tricky steps on this one.

https://t.co/thTyAtHW9p

🔗 https://0xdf.gitlab.io/2022/11/19/htb-hathor.html

🐥 [ tweet ]

😈 [ 0xBoku, Bobby Cooke ]

Checkout SQLRecon by @sanjivkawa! C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation.
https://t.co/qSWDXimeJS
The tool has a great wiki on how to use it and you can find conference talks & slide decks on the tool here: https://t.co/W5EKXDIrJI

🔗 https://github.com/xforcered/SQLRecon
🔗 https://github.com/skahwah/Conference-Talks/tree/main/2022-Way-West-Hackin-Fest

🐥 [ tweet ]

😈 [ _xpn_, Adam Chester ]

Having a bit of fun on Mastodon this weekend creating S-Rank Influencer accounts by mocking out ActivityPub 😂😂 https://t.co/OP5PXwrLFW

🔗 https://infosec.exchange/@xpn/109371536418521307

🐥 [ tweet ]

😈 [ ali_alwashali, Ali Alwashali-ng ]

Windows hardening noscript
https://t.co/b7QWvXL5iB

Leverages windows firewall to block certain binaries from making connections
Sets lsass in protected mode
Implementation of ASR rules
Harden office
Disables DNS multicast, smbv1, netbios, powershellv2
Change file associations

🔗 https://gist.github.com/mackwage/08604751462126599d7e52f233490efe

🐥 [ tweet ]

😈 [ T00uF, TouF ]

Just pushed a HUGE refacto in #DonPapi to make it work with Kerberos TGT.
seems your clients are as my clients and don't use protected users enough 😅
or maybe you were using the --laps options to automatically retrieve local admin credz ? 🤔

https://t.co/XiCB7MDVEs

🔗 https://github.com/login-securite/DonPAPI

🐥 [ tweet ]