😈 [ 0xBoku, Bobby Cooke ]
Checkout SQLRecon by @sanjivkawa! C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation.
https://t.co/qSWDXimeJS
The tool has a great wiki on how to use it and you can find conference talks & slide decks on the tool here: https://t.co/W5EKXDIrJI
🔗 https://github.com/xforcered/SQLRecon
🔗 https://github.com/skahwah/Conference-Talks/tree/main/2022-Way-West-Hackin-Fest
🐥 [ tweet ]
Checkout SQLRecon by @sanjivkawa! C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation.
https://t.co/qSWDXimeJS
The tool has a great wiki on how to use it and you can find conference talks & slide decks on the tool here: https://t.co/W5EKXDIrJI
🔗 https://github.com/xforcered/SQLRecon
🔗 https://github.com/skahwah/Conference-Talks/tree/main/2022-Way-West-Hackin-Fest
🐥 [ tweet ]
😈 [ _xpn_, Adam Chester ]
Having a bit of fun on Mastodon this weekend creating S-Rank Influencer accounts by mocking out ActivityPub 😂😂 https://t.co/OP5PXwrLFW
🔗 https://infosec.exchange/@xpn/109371536418521307
🐥 [ tweet ]
Having a bit of fun on Mastodon this weekend creating S-Rank Influencer accounts by mocking out ActivityPub 😂😂 https://t.co/OP5PXwrLFW
🔗 https://infosec.exchange/@xpn/109371536418521307
🐥 [ tweet ]
😈 [ ali_alwashali, Ali Alwashali-ng ]
Windows hardening noscript
https://t.co/b7QWvXL5iB
Leverages windows firewall to block certain binaries from making connections
Sets lsass in protected mode
Implementation of ASR rules
Harden office
Disables DNS multicast, smbv1, netbios, powershellv2
Change file associations
🔗 https://gist.github.com/mackwage/08604751462126599d7e52f233490efe
🐥 [ tweet ]
Windows hardening noscript
https://t.co/b7QWvXL5iB
Leverages windows firewall to block certain binaries from making connections
Sets lsass in protected mode
Implementation of ASR rules
Harden office
Disables DNS multicast, smbv1, netbios, powershellv2
Change file associations
🔗 https://gist.github.com/mackwage/08604751462126599d7e52f233490efe
🐥 [ tweet ]
😈 [ T00uF, TouF ]
Just pushed a HUGE refacto in #DonPapi to make it work with Kerberos TGT.
seems your clients are as my clients and don't use protected users enough 😅
or maybe you were using the --laps options to automatically retrieve local admin credz ? 🤔
https://t.co/XiCB7MDVEs
🔗 https://github.com/login-securite/DonPAPI
🐥 [ tweet ]
Just pushed a HUGE refacto in #DonPapi to make it work with Kerberos TGT.
seems your clients are as my clients and don't use protected users enough 😅
or maybe you were using the --laps options to automatically retrieve local admin credz ? 🤔
https://t.co/XiCB7MDVEs
🔗 https://github.com/login-securite/DonPAPI
🐥 [ tweet ]
😈 [ _Kudaes_, Kurosh Dabbagh ]
Unwinder, another approach to Thread Stack Spoofing by walking PE's unwind information. This technique allows to automatically create "any" desired call stack by parsing .pdata structures.
It took me a little bit longer than expected, but worth the effort!
https://t.co/9gUEanOHeC
🔗 https://github.com/Kudaes/Unwinder
🐥 [ tweet ]
Unwinder, another approach to Thread Stack Spoofing by walking PE's unwind information. This technique allows to automatically create "any" desired call stack by parsing .pdata structures.
It took me a little bit longer than expected, but worth the effort!
https://t.co/9gUEanOHeC
🔗 https://github.com/Kudaes/Unwinder
🐥 [ tweet ]
😈 [ theluemmel, ADCluemmelSec ]
Always good to have some NotCovenant running on a fully fledged Defender EDR system ^^
Thx @assume_breach for his cool writeups lately:
https://t.co/jAyRonr2sF
🔗 https://assume-breach.medium.com/
🐥 [ tweet ]
Always good to have some NotCovenant running on a fully fledged Defender EDR system ^^
Thx @assume_breach for his cool writeups lately:
https://t.co/jAyRonr2sF
🔗 https://assume-breach.medium.com/
🐥 [ tweet ]
😈 [ _dirkjan, Dirk-jan ]
The video recording of my Black Hat talk this summer "Backdooring and Hijacking Azure AD Accounts by Abusing External Identities" made it to YouTube: https://t.co/yOwxDB8reo
🔗 https://www.youtube.com/watch?v=uKDS2t9_KsA
🐥 [ tweet ]
The video recording of my Black Hat talk this summer "Backdooring and Hijacking Azure AD Accounts by Abusing External Identities" made it to YouTube: https://t.co/yOwxDB8reo
🔗 https://www.youtube.com/watch?v=uKDS2t9_KsA
🐥 [ tweet ]
😈 [ gladiatx0r, Maximus ]
Just a reminder that if LDAP(S) signing/binding is not enforced then you can still LPE on any Windows workstation. Awesome video demo by @vendetce shows you how. Alternatively start Webclient programmatically https://t.co/TCanM8C6Ai or switch out P.P. for https://t.co/3i83NdpQzc
🔗 https://gist.github.com/klezVirus/af004842a73779e1d03d47e041115797
🔗 https://github.com/nccgroup/Change-Lockscreen
🐥 [ tweet ][ quote ]
Just a reminder that if LDAP(S) signing/binding is not enforced then you can still LPE on any Windows workstation. Awesome video demo by @vendetce shows you how. Alternatively start Webclient programmatically https://t.co/TCanM8C6Ai or switch out P.P. for https://t.co/3i83NdpQzc
🔗 https://gist.github.com/klezVirus/af004842a73779e1d03d47e041115797
🔗 https://github.com/nccgroup/Change-Lockscreen
🐥 [ tweet ][ quote ]
😈 [ pdiscoveryio, ProjectDiscovery.io ]
Proxify - A portable CLI-based HTTP/Socks proxy written in Golang https://t.co/6M9dHWGtWo
#hackwithautomation #proxy #security #opensource
🔗 https://blog.projectdiscovery.io/proxify-portable-cli-based-proxy/
🐥 [ tweet ]
Proxify - A portable CLI-based HTTP/Socks proxy written in Golang https://t.co/6M9dHWGtWo
#hackwithautomation #proxy #security #opensource
🔗 https://blog.projectdiscovery.io/proxify-portable-cli-based-proxy/
🐥 [ tweet ]
😈 [ Synacktiv, Synacktiv ]
Our ninjas @yaumn_ and @mickaelweb recently assessed Microsoft Defender for Identity detection capabilities. In their recent blogpost, they describe the product's architecture, present some bypasses and give general Red Team advices. https://t.co/tuBoWYEVQ9
🔗 https://www.synacktiv.com/publications/a-dive-into-microsoft-defender-for-identity.html
🐥 [ tweet ]
Our ninjas @yaumn_ and @mickaelweb recently assessed Microsoft Defender for Identity detection capabilities. In their recent blogpost, they describe the product's architecture, present some bypasses and give general Red Team advices. https://t.co/tuBoWYEVQ9
🔗 https://www.synacktiv.com/publications/a-dive-into-microsoft-defender-for-identity.html
🐥 [ tweet ]
😈 [ _EthicalChaos_, Ceri 🏴 ]
@_RastaMouse Python via choco is great, all fluid and just works. A Hyper-V VM with Windows 11 on + choco is awesome attacking machine. I have WSL on there as backup but rarely use, even for relaying
🐥 [ tweet ]
@_RastaMouse Python via choco is great, all fluid and just works. A Hyper-V VM with Windows 11 on + choco is awesome attacking machine. I have WSL on there as backup but rarely use, even for relaying
🐥 [ tweet ]
хороший совет для виндосетапа от этикал хаосаX (formerly Twitter)
CCob🏴 (@_EthicalChaos_) on X
Ceri Coburn: Hacker | R̷u̷n̷n̷e̷r̷ DIYer| Vizsla Fanboy and a Little Welsh Bull apparently 🏴
Author of poorly coded tools: https://t.co/P6tT2qQksC
Author of poorly coded tools: https://t.co/P6tT2qQksC
🔥2
Кулстори про SPN-less RBCD с Линукса без Rubeus 👇🏻
https://threadreaderapp.com/thread/1595814518558543874.html
(с Rubeus это вот так)
https://threadreaderapp.com/thread/1595814518558543874.html
(с Rubeus это вот так)
Threadreaderapp
Thread by @snovvcrash on Thread Reader App
@snovvcrash: 🧵 (1/x) I know you love #pentest stories, so here’s one of those ⬇️ There’s a non-DC computer (Victim) that is a member of the Exchange Trusted Subsytem group and has DCSync privs. The WebClient...…
🤯2🔥1
😈 [ i_bo0om, Bo0oM ]
Defending against automatization using nginx
https://t.co/MTsVPFxDsJ
🔗 https://speakerdeck.com/bo0om/defending-against-automatization-using-nginx
🐥 [ tweet ]
Defending against automatization using nginx
https://t.co/MTsVPFxDsJ
🔗 https://speakerdeck.com/bo0om/defending-against-automatization-using-nginx
🐥 [ tweet ]
🤯1
😈 [ OutflankNL, Outflank ]
KerberosAsk is the latest addition to our OST offering. It is a fully inline BOF implementation of some of the core Kerberos commands from Rubeus/Kekeo.
Ask a TGT, a service ticket or exploit CVE-2022-33679. Also works with certs to support your ADCS magic.
Demo below. ⬇️ (1/3)
🐥 [ tweet ]
KerberosAsk is the latest addition to our OST offering. It is a fully inline BOF implementation of some of the core Kerberos commands from Rubeus/Kekeo.
Ask a TGT, a service ticket or exploit CVE-2022-33679. Also works with certs to support your ADCS magic.
Demo below. ⬇️ (1/3)
🐥 [ tweet ]
😈 [ an0n_r0, an0n ]
ntfsDump: just found this from @3gstudent (and used successfully for reading ntds.dit on a DC):
https://t.co/hFGhEg2eYH
similar to the powershell version Invoke-Ninjacopy, but this time it is a c++ binary. sometimes it is better to have a binary than a PS (for opsec reasons).
🔗 https://github.com/3gstudent/ntfsDump
🐥 [ tweet ]
ntfsDump: just found this from @3gstudent (and used successfully for reading ntds.dit on a DC):
https://t.co/hFGhEg2eYH
similar to the powershell version Invoke-Ninjacopy, but this time it is a c++ binary. sometimes it is better to have a binary than a PS (for opsec reasons).
🔗 https://github.com/3gstudent/ntfsDump
🐥 [ tweet ]
😈 [ SkelSec, SkelSec ]
minikerberos got a public update v0.3.5(pip+github):
Supports RC4_MD4 auth
CVE2022-33647 added
CVE2022-33679 added
RC4-TGS-REP ticket decryptor with NT hashes added (read: no need to know password)
Thx for @porchetta_ind supporters!
https://t.co/VdSkb0DEkv
🔗 https://github.com/skelsec/minikerberos/
🐥 [ tweet ]
minikerberos got a public update v0.3.5(pip+github):
Supports RC4_MD4 auth
CVE2022-33647 added
CVE2022-33679 added
RC4-TGS-REP ticket decryptor with NT hashes added (read: no need to know password)
Thx for @porchetta_ind supporters!
https://t.co/VdSkb0DEkv
🔗 https://github.com/skelsec/minikerberos/
🐥 [ tweet ]
😈 [ EmpireC2Project, Empire ]
Interested in all the features that #EmpireC2Project has to offer? Check out our docs to stay up-to-date!
https://t.co/rR7JV1C55s
🔗 http://empirec2project.com
🐥 [ tweet ]
Interested in all the features that #EmpireC2Project has to offer? Check out our docs to stay up-to-date!
https://t.co/rR7JV1C55s
🔗 http://empirec2project.com
🐥 [ tweet ]
😈 [ t3l3machus, Panagiotis Chartas ]
New & simple tool for quickly and easily locating, web hosting and transferring resources (e.g., exploits/enumeration noscripts) from your filesystem to a victim machine during privilege escalation.
Also supports PUT requests so you can transfer files from victim to attacker box.
🔗 https://github.com/t3l3machus/wwwtree
🐥 [ tweet ]
New & simple tool for quickly and easily locating, web hosting and transferring resources (e.g., exploits/enumeration noscripts) from your filesystem to a victim machine during privilege escalation.
Also supports PUT requests so you can transfer files from victim to attacker box.
🔗 https://github.com/t3l3machus/wwwtree
🐥 [ tweet ]
🔥3
😈 [ sadreck, Pavel ]
Fresh out the oven, Spartacus DLL Hijacking Discovery all-in-one!
👉Utilises SysInternals ProcMon
👉Built-in ProcMon raw config/log parser/generator
👉Auto-generate DLL proxies including their Exports
👉Ability to process huge ProcMon outputs
https://t.co/GfVRULiE0R
🔗 https://github.com/Accenture/Spartacus
🐥 [ tweet ]
Fresh out the oven, Spartacus DLL Hijacking Discovery all-in-one!
👉Utilises SysInternals ProcMon
👉Built-in ProcMon raw config/log parser/generator
👉Auto-generate DLL proxies including their Exports
👉Ability to process huge ProcMon outputs
https://t.co/GfVRULiE0R
🔗 https://github.com/Accenture/Spartacus
🐥 [ tweet ]
😈 [ jdu2600, John U ]
@_xpn_ 👋 Published a blog with an updated noscript that should detect each (known) class of bypass.
https://t.co/TmkBL2oWlE
🔗 https://www.elastic.co/security-labs/get-injectedthreadex-detection-thread-creation-trampolines
🐥 [ tweet ]
@_xpn_ 👋 Published a blog with an updated noscript that should detect each (known) class of bypass.
https://t.co/TmkBL2oWlE
🔗 https://www.elastic.co/security-labs/get-injectedthreadex-detection-thread-creation-trampolines
🐥 [ tweet ]
в продолжение https://blog.xpnsec.com/undersanding-and-evading-get-injectedthread/