😈 [ t3l3machus, Panagiotis Chartas ]
Using 𝐕𝐢𝐥𝐥𝐚𝐢𝐧, the evolution of 𝐇𝐨𝐚𝐱𝐒𝐡𝐞𝐥𝐥 to generate an auto-obfuscated PowerShell backdoor payload, bypass Defender and gain access to a Windows 11 Enterprise machine.
Download, install, connect with others & enjoy hacking as a team: https://t.co/PNuUQLhV6J
🔗 https://github.com/t3l3machus/Villain
🐥 [ tweet ]
Using 𝐕𝐢𝐥𝐥𝐚𝐢𝐧, the evolution of 𝐇𝐨𝐚𝐱𝐒𝐡𝐞𝐥𝐥 to generate an auto-obfuscated PowerShell backdoor payload, bypass Defender and gain access to a Windows 11 Enterprise machine.
Download, install, connect with others & enjoy hacking as a team: https://t.co/PNuUQLhV6J
🔗 https://github.com/t3l3machus/Villain
🐥 [ tweet ]
😈 [ cyb3rops, Florian Roth ⚡ ]
Imagine you'd get access to an unknown SIEM of a new customer & would be given 10min to find malicious activity by using keyword searches on raw data, what would you search for?
I'll start
'.dmp full'
'whoami'
'delete shadows'
'FromBase64String'
'save HKLM\SAM'
' -w hidden '
🐥 [ tweet ]
Imagine you'd get access to an unknown SIEM of a new customer & would be given 10min to find malicious activity by using keyword searches on raw data, what would you search for?
I'll start
'.dmp full'
'whoami'
'delete shadows'
'FromBase64String'
'save HKLM\SAM'
' -w hidden '
🐥 [ tweet ]
🤔1
😈 [ jack_halon, Jack Halon ]
Today I am releasing part 2 of my 3-part browser exploitation series on Chrome!
In part 2, we take a deep dive into the V8 compiler pipeline by understanding what happens under the hood in Ignition, Sparkplug, and TurboFan!
Enjoy!
https://t.co/XAnbzdnjeQ
🔗 https://jhalon.github.io/chrome-browser-exploitation-2/
🐥 [ tweet ]
Today I am releasing part 2 of my 3-part browser exploitation series on Chrome!
In part 2, we take a deep dive into the V8 compiler pipeline by understanding what happens under the hood in Ignition, Sparkplug, and TurboFan!
Enjoy!
https://t.co/XAnbzdnjeQ
🔗 https://jhalon.github.io/chrome-browser-exploitation-2/
🐥 [ tweet ]
😈 [ aetsu, 𝕬𝖊𝖙𝖘𝖚 ]
TripleCross: A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
https://t.co/jZ8KQnSUxs
🔗 https://github.com/h3xduck/TripleCross
🐥 [ tweet ]
TripleCross: A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
https://t.co/jZ8KQnSUxs
🔗 https://github.com/h3xduck/TripleCross
🐥 [ tweet ]
😈 [ testanull, Janggggg ]
You guys must be waiting for this,
So this is the working PoC noscript of the Exchange 0day exploited ITW
https://t.co/XGx0fYJygm
🔗 https://github.com/testanull/ProxyNotShell-PoC
🐥 [ tweet ]
You guys must be waiting for this,
So this is the working PoC noscript of the Exchange 0day exploited ITW
https://t.co/XGx0fYJygm
🔗 https://github.com/testanull/ProxyNotShell-PoC
🐥 [ tweet ]
Forwarded from Ralf Hacker Channel (Ralf Hacker)
Новые сюрпризы в AD CS... Добавим технику ESC11🙈
https://blog.compass-security.com/2022/11/relaying-to-ad-certificate-services-over-rpc/
#ad #pentest #redteam
https://blog.compass-security.com/2022/11/relaying-to-ad-certificate-services-over-rpc/
#ad #pentest #redteam
😈 [ Ben0xA, Ben Ten (0xA) ]
Releasing a new tool: Orpheus! Bypasses most Kerberoast Detections (including my own). Blog post and video is up at @TrustedSec! Even used @HackingDave's old alias in the demo. https://t.co/qhP8r28s4K #infosec #security #kerberoast
🔗 https://trustedsec.com/blog/the-art-of-bypassing-kerberoast-detections-with-orpheus/
🐥 [ tweet ]
Releasing a new tool: Orpheus! Bypasses most Kerberoast Detections (including my own). Blog post and video is up at @TrustedSec! Even used @HackingDave's old alias in the demo. https://t.co/qhP8r28s4K #infosec #security #kerberoast
🔗 https://trustedsec.com/blog/the-art-of-bypassing-kerberoast-detections-with-orpheus/
🐥 [ tweet ]
😈 [ BushidoToken, Will | Darknet Diaries #126 ]
👉New Blog: I have attempted to track what happened to Conti this year after the leaks and collapse of the group. Here are my findings, largely based on #OSINT. Enjoy!
https://t.co/0jSd1ZFkLf #Conti #Quantum #BlackBasta #Royal #WizardSpider #CTI
🔗 https://blog.bushidotoken.net/2022/11/the-continuity-of-conti.html
🐥 [ tweet ]
👉New Blog: I have attempted to track what happened to Conti this year after the leaks and collapse of the group. Here are my findings, largely based on #OSINT. Enjoy!
https://t.co/0jSd1ZFkLf #Conti #Quantum #BlackBasta #Royal #WizardSpider #CTI
🔗 https://blog.bushidotoken.net/2022/11/the-continuity-of-conti.html
🐥 [ tweet ]
😈 [ splinter_code, Antonio Cocomazzi ]
A bad news for all potato lovers 😭
Starting from Windows 11 22H2 a new code change in lsasrv.dll broke the trick to recover the INTERACTIVE sid group through the logon type New Credentials (9).
More details here 👇
https://t.co/hfhZxk3zMg
cc @decoder_it
🔗 https://github.com/antonioCoco/JuicyPotatoNG/issues/4
🐥 [ tweet ]
A bad news for all potato lovers 😭
Starting from Windows 11 22H2 a new code change in lsasrv.dll broke the trick to recover the INTERACTIVE sid group through the logon type New Credentials (9).
More details here 👇
https://t.co/hfhZxk3zMg
cc @decoder_it
🔗 https://github.com/antonioCoco/JuicyPotatoNG/issues/4
🐥 [ tweet ]
😢1
😈 [ 0xdf_, 0xdf ]
Hathor from @hackthebox_eu was a monster Windows box. My favorite parts were being forced to understand the AppLocker rules, and finding the code signing cert in the recycle bin and using it to bypass applocker. Lots of tricky steps on this one.
https://t.co/thTyAtHW9p
🔗 https://0xdf.gitlab.io/2022/11/19/htb-hathor.html
🐥 [ tweet ]
Hathor from @hackthebox_eu was a monster Windows box. My favorite parts were being forced to understand the AppLocker rules, and finding the code signing cert in the recycle bin and using it to bypass applocker. Lots of tricky steps on this one.
https://t.co/thTyAtHW9p
🔗 https://0xdf.gitlab.io/2022/11/19/htb-hathor.html
🐥 [ tweet ]
😈 [ 0xBoku, Bobby Cooke ]
Checkout SQLRecon by @sanjivkawa! C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation.
https://t.co/qSWDXimeJS
The tool has a great wiki on how to use it and you can find conference talks & slide decks on the tool here: https://t.co/W5EKXDIrJI
🔗 https://github.com/xforcered/SQLRecon
🔗 https://github.com/skahwah/Conference-Talks/tree/main/2022-Way-West-Hackin-Fest
🐥 [ tweet ]
Checkout SQLRecon by @sanjivkawa! C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation.
https://t.co/qSWDXimeJS
The tool has a great wiki on how to use it and you can find conference talks & slide decks on the tool here: https://t.co/W5EKXDIrJI
🔗 https://github.com/xforcered/SQLRecon
🔗 https://github.com/skahwah/Conference-Talks/tree/main/2022-Way-West-Hackin-Fest
🐥 [ tweet ]
😈 [ _xpn_, Adam Chester ]
Having a bit of fun on Mastodon this weekend creating S-Rank Influencer accounts by mocking out ActivityPub 😂😂 https://t.co/OP5PXwrLFW
🔗 https://infosec.exchange/@xpn/109371536418521307
🐥 [ tweet ]
Having a bit of fun on Mastodon this weekend creating S-Rank Influencer accounts by mocking out ActivityPub 😂😂 https://t.co/OP5PXwrLFW
🔗 https://infosec.exchange/@xpn/109371536418521307
🐥 [ tweet ]
😈 [ ali_alwashali, Ali Alwashali-ng ]
Windows hardening noscript
https://t.co/b7QWvXL5iB
Leverages windows firewall to block certain binaries from making connections
Sets lsass in protected mode
Implementation of ASR rules
Harden office
Disables DNS multicast, smbv1, netbios, powershellv2
Change file associations
🔗 https://gist.github.com/mackwage/08604751462126599d7e52f233490efe
🐥 [ tweet ]
Windows hardening noscript
https://t.co/b7QWvXL5iB
Leverages windows firewall to block certain binaries from making connections
Sets lsass in protected mode
Implementation of ASR rules
Harden office
Disables DNS multicast, smbv1, netbios, powershellv2
Change file associations
🔗 https://gist.github.com/mackwage/08604751462126599d7e52f233490efe
🐥 [ tweet ]
😈 [ T00uF, TouF ]
Just pushed a HUGE refacto in #DonPapi to make it work with Kerberos TGT.
seems your clients are as my clients and don't use protected users enough 😅
or maybe you were using the --laps options to automatically retrieve local admin credz ? 🤔
https://t.co/XiCB7MDVEs
🔗 https://github.com/login-securite/DonPAPI
🐥 [ tweet ]
Just pushed a HUGE refacto in #DonPapi to make it work with Kerberos TGT.
seems your clients are as my clients and don't use protected users enough 😅
or maybe you were using the --laps options to automatically retrieve local admin credz ? 🤔
https://t.co/XiCB7MDVEs
🔗 https://github.com/login-securite/DonPAPI
🐥 [ tweet ]
😈 [ _Kudaes_, Kurosh Dabbagh ]
Unwinder, another approach to Thread Stack Spoofing by walking PE's unwind information. This technique allows to automatically create "any" desired call stack by parsing .pdata structures.
It took me a little bit longer than expected, but worth the effort!
https://t.co/9gUEanOHeC
🔗 https://github.com/Kudaes/Unwinder
🐥 [ tweet ]
Unwinder, another approach to Thread Stack Spoofing by walking PE's unwind information. This technique allows to automatically create "any" desired call stack by parsing .pdata structures.
It took me a little bit longer than expected, but worth the effort!
https://t.co/9gUEanOHeC
🔗 https://github.com/Kudaes/Unwinder
🐥 [ tweet ]
😈 [ theluemmel, ADCluemmelSec ]
Always good to have some NotCovenant running on a fully fledged Defender EDR system ^^
Thx @assume_breach for his cool writeups lately:
https://t.co/jAyRonr2sF
🔗 https://assume-breach.medium.com/
🐥 [ tweet ]
Always good to have some NotCovenant running on a fully fledged Defender EDR system ^^
Thx @assume_breach for his cool writeups lately:
https://t.co/jAyRonr2sF
🔗 https://assume-breach.medium.com/
🐥 [ tweet ]
😈 [ _dirkjan, Dirk-jan ]
The video recording of my Black Hat talk this summer "Backdooring and Hijacking Azure AD Accounts by Abusing External Identities" made it to YouTube: https://t.co/yOwxDB8reo
🔗 https://www.youtube.com/watch?v=uKDS2t9_KsA
🐥 [ tweet ]
The video recording of my Black Hat talk this summer "Backdooring and Hijacking Azure AD Accounts by Abusing External Identities" made it to YouTube: https://t.co/yOwxDB8reo
🔗 https://www.youtube.com/watch?v=uKDS2t9_KsA
🐥 [ tweet ]
😈 [ gladiatx0r, Maximus ]
Just a reminder that if LDAP(S) signing/binding is not enforced then you can still LPE on any Windows workstation. Awesome video demo by @vendetce shows you how. Alternatively start Webclient programmatically https://t.co/TCanM8C6Ai or switch out P.P. for https://t.co/3i83NdpQzc
🔗 https://gist.github.com/klezVirus/af004842a73779e1d03d47e041115797
🔗 https://github.com/nccgroup/Change-Lockscreen
🐥 [ tweet ][ quote ]
Just a reminder that if LDAP(S) signing/binding is not enforced then you can still LPE on any Windows workstation. Awesome video demo by @vendetce shows you how. Alternatively start Webclient programmatically https://t.co/TCanM8C6Ai or switch out P.P. for https://t.co/3i83NdpQzc
🔗 https://gist.github.com/klezVirus/af004842a73779e1d03d47e041115797
🔗 https://github.com/nccgroup/Change-Lockscreen
🐥 [ tweet ][ quote ]
😈 [ pdiscoveryio, ProjectDiscovery.io ]
Proxify - A portable CLI-based HTTP/Socks proxy written in Golang https://t.co/6M9dHWGtWo
#hackwithautomation #proxy #security #opensource
🔗 https://blog.projectdiscovery.io/proxify-portable-cli-based-proxy/
🐥 [ tweet ]
Proxify - A portable CLI-based HTTP/Socks proxy written in Golang https://t.co/6M9dHWGtWo
#hackwithautomation #proxy #security #opensource
🔗 https://blog.projectdiscovery.io/proxify-portable-cli-based-proxy/
🐥 [ tweet ]