😈 [ T00uF, TouF ]
Just pushed a HUGE refacto in #DonPapi to make it work with Kerberos TGT.
seems your clients are as my clients and don't use protected users enough 😅
or maybe you were using the --laps options to automatically retrieve local admin credz ? 🤔
https://t.co/XiCB7MDVEs
🔗 https://github.com/login-securite/DonPAPI
🐥 [ tweet ]
Just pushed a HUGE refacto in #DonPapi to make it work with Kerberos TGT.
seems your clients are as my clients and don't use protected users enough 😅
or maybe you were using the --laps options to automatically retrieve local admin credz ? 🤔
https://t.co/XiCB7MDVEs
🔗 https://github.com/login-securite/DonPAPI
🐥 [ tweet ]
😈 [ _Kudaes_, Kurosh Dabbagh ]
Unwinder, another approach to Thread Stack Spoofing by walking PE's unwind information. This technique allows to automatically create "any" desired call stack by parsing .pdata structures.
It took me a little bit longer than expected, but worth the effort!
https://t.co/9gUEanOHeC
🔗 https://github.com/Kudaes/Unwinder
🐥 [ tweet ]
Unwinder, another approach to Thread Stack Spoofing by walking PE's unwind information. This technique allows to automatically create "any" desired call stack by parsing .pdata structures.
It took me a little bit longer than expected, but worth the effort!
https://t.co/9gUEanOHeC
🔗 https://github.com/Kudaes/Unwinder
🐥 [ tweet ]
😈 [ theluemmel, ADCluemmelSec ]
Always good to have some NotCovenant running on a fully fledged Defender EDR system ^^
Thx @assume_breach for his cool writeups lately:
https://t.co/jAyRonr2sF
🔗 https://assume-breach.medium.com/
🐥 [ tweet ]
Always good to have some NotCovenant running on a fully fledged Defender EDR system ^^
Thx @assume_breach for his cool writeups lately:
https://t.co/jAyRonr2sF
🔗 https://assume-breach.medium.com/
🐥 [ tweet ]
😈 [ _dirkjan, Dirk-jan ]
The video recording of my Black Hat talk this summer "Backdooring and Hijacking Azure AD Accounts by Abusing External Identities" made it to YouTube: https://t.co/yOwxDB8reo
🔗 https://www.youtube.com/watch?v=uKDS2t9_KsA
🐥 [ tweet ]
The video recording of my Black Hat talk this summer "Backdooring and Hijacking Azure AD Accounts by Abusing External Identities" made it to YouTube: https://t.co/yOwxDB8reo
🔗 https://www.youtube.com/watch?v=uKDS2t9_KsA
🐥 [ tweet ]
😈 [ gladiatx0r, Maximus ]
Just a reminder that if LDAP(S) signing/binding is not enforced then you can still LPE on any Windows workstation. Awesome video demo by @vendetce shows you how. Alternatively start Webclient programmatically https://t.co/TCanM8C6Ai or switch out P.P. for https://t.co/3i83NdpQzc
🔗 https://gist.github.com/klezVirus/af004842a73779e1d03d47e041115797
🔗 https://github.com/nccgroup/Change-Lockscreen
🐥 [ tweet ][ quote ]
Just a reminder that if LDAP(S) signing/binding is not enforced then you can still LPE on any Windows workstation. Awesome video demo by @vendetce shows you how. Alternatively start Webclient programmatically https://t.co/TCanM8C6Ai or switch out P.P. for https://t.co/3i83NdpQzc
🔗 https://gist.github.com/klezVirus/af004842a73779e1d03d47e041115797
🔗 https://github.com/nccgroup/Change-Lockscreen
🐥 [ tweet ][ quote ]
😈 [ pdiscoveryio, ProjectDiscovery.io ]
Proxify - A portable CLI-based HTTP/Socks proxy written in Golang https://t.co/6M9dHWGtWo
#hackwithautomation #proxy #security #opensource
🔗 https://blog.projectdiscovery.io/proxify-portable-cli-based-proxy/
🐥 [ tweet ]
Proxify - A portable CLI-based HTTP/Socks proxy written in Golang https://t.co/6M9dHWGtWo
#hackwithautomation #proxy #security #opensource
🔗 https://blog.projectdiscovery.io/proxify-portable-cli-based-proxy/
🐥 [ tweet ]
😈 [ Synacktiv, Synacktiv ]
Our ninjas @yaumn_ and @mickaelweb recently assessed Microsoft Defender for Identity detection capabilities. In their recent blogpost, they describe the product's architecture, present some bypasses and give general Red Team advices. https://t.co/tuBoWYEVQ9
🔗 https://www.synacktiv.com/publications/a-dive-into-microsoft-defender-for-identity.html
🐥 [ tweet ]
Our ninjas @yaumn_ and @mickaelweb recently assessed Microsoft Defender for Identity detection capabilities. In their recent blogpost, they describe the product's architecture, present some bypasses and give general Red Team advices. https://t.co/tuBoWYEVQ9
🔗 https://www.synacktiv.com/publications/a-dive-into-microsoft-defender-for-identity.html
🐥 [ tweet ]
😈 [ _EthicalChaos_, Ceri 🏴 ]
@_RastaMouse Python via choco is great, all fluid and just works. A Hyper-V VM with Windows 11 on + choco is awesome attacking machine. I have WSL on there as backup but rarely use, even for relaying
🐥 [ tweet ]
@_RastaMouse Python via choco is great, all fluid and just works. A Hyper-V VM with Windows 11 on + choco is awesome attacking machine. I have WSL on there as backup but rarely use, even for relaying
🐥 [ tweet ]
хороший совет для виндосетапа от этикал хаосаX (formerly Twitter)
CCob🏴 (@_EthicalChaos_) on X
Ceri Coburn: Hacker | R̷u̷n̷n̷e̷r̷ DIYer| Vizsla Fanboy and a Little Welsh Bull apparently 🏴
Author of poorly coded tools: https://t.co/P6tT2qQksC
Author of poorly coded tools: https://t.co/P6tT2qQksC
🔥2
Кулстори про SPN-less RBCD с Линукса без Rubeus 👇🏻
https://threadreaderapp.com/thread/1595814518558543874.html
(с Rubeus это вот так)
https://threadreaderapp.com/thread/1595814518558543874.html
(с Rubeus это вот так)
Threadreaderapp
Thread by @snovvcrash on Thread Reader App
@snovvcrash: 🧵 (1/x) I know you love #pentest stories, so here’s one of those ⬇️ There’s a non-DC computer (Victim) that is a member of the Exchange Trusted Subsytem group and has DCSync privs. The WebClient...…
🤯2🔥1
😈 [ i_bo0om, Bo0oM ]
Defending against automatization using nginx
https://t.co/MTsVPFxDsJ
🔗 https://speakerdeck.com/bo0om/defending-against-automatization-using-nginx
🐥 [ tweet ]
Defending against automatization using nginx
https://t.co/MTsVPFxDsJ
🔗 https://speakerdeck.com/bo0om/defending-against-automatization-using-nginx
🐥 [ tweet ]
🤯1
😈 [ OutflankNL, Outflank ]
KerberosAsk is the latest addition to our OST offering. It is a fully inline BOF implementation of some of the core Kerberos commands from Rubeus/Kekeo.
Ask a TGT, a service ticket or exploit CVE-2022-33679. Also works with certs to support your ADCS magic.
Demo below. ⬇️ (1/3)
🐥 [ tweet ]
KerberosAsk is the latest addition to our OST offering. It is a fully inline BOF implementation of some of the core Kerberos commands from Rubeus/Kekeo.
Ask a TGT, a service ticket or exploit CVE-2022-33679. Also works with certs to support your ADCS magic.
Demo below. ⬇️ (1/3)
🐥 [ tweet ]
😈 [ an0n_r0, an0n ]
ntfsDump: just found this from @3gstudent (and used successfully for reading ntds.dit on a DC):
https://t.co/hFGhEg2eYH
similar to the powershell version Invoke-Ninjacopy, but this time it is a c++ binary. sometimes it is better to have a binary than a PS (for opsec reasons).
🔗 https://github.com/3gstudent/ntfsDump
🐥 [ tweet ]
ntfsDump: just found this from @3gstudent (and used successfully for reading ntds.dit on a DC):
https://t.co/hFGhEg2eYH
similar to the powershell version Invoke-Ninjacopy, but this time it is a c++ binary. sometimes it is better to have a binary than a PS (for opsec reasons).
🔗 https://github.com/3gstudent/ntfsDump
🐥 [ tweet ]
😈 [ SkelSec, SkelSec ]
minikerberos got a public update v0.3.5(pip+github):
Supports RC4_MD4 auth
CVE2022-33647 added
CVE2022-33679 added
RC4-TGS-REP ticket decryptor with NT hashes added (read: no need to know password)
Thx for @porchetta_ind supporters!
https://t.co/VdSkb0DEkv
🔗 https://github.com/skelsec/minikerberos/
🐥 [ tweet ]
minikerberos got a public update v0.3.5(pip+github):
Supports RC4_MD4 auth
CVE2022-33647 added
CVE2022-33679 added
RC4-TGS-REP ticket decryptor with NT hashes added (read: no need to know password)
Thx for @porchetta_ind supporters!
https://t.co/VdSkb0DEkv
🔗 https://github.com/skelsec/minikerberos/
🐥 [ tweet ]
😈 [ EmpireC2Project, Empire ]
Interested in all the features that #EmpireC2Project has to offer? Check out our docs to stay up-to-date!
https://t.co/rR7JV1C55s
🔗 http://empirec2project.com
🐥 [ tweet ]
Interested in all the features that #EmpireC2Project has to offer? Check out our docs to stay up-to-date!
https://t.co/rR7JV1C55s
🔗 http://empirec2project.com
🐥 [ tweet ]
😈 [ t3l3machus, Panagiotis Chartas ]
New & simple tool for quickly and easily locating, web hosting and transferring resources (e.g., exploits/enumeration noscripts) from your filesystem to a victim machine during privilege escalation.
Also supports PUT requests so you can transfer files from victim to attacker box.
🔗 https://github.com/t3l3machus/wwwtree
🐥 [ tweet ]
New & simple tool for quickly and easily locating, web hosting and transferring resources (e.g., exploits/enumeration noscripts) from your filesystem to a victim machine during privilege escalation.
Also supports PUT requests so you can transfer files from victim to attacker box.
🔗 https://github.com/t3l3machus/wwwtree
🐥 [ tweet ]
🔥3
😈 [ sadreck, Pavel ]
Fresh out the oven, Spartacus DLL Hijacking Discovery all-in-one!
👉Utilises SysInternals ProcMon
👉Built-in ProcMon raw config/log parser/generator
👉Auto-generate DLL proxies including their Exports
👉Ability to process huge ProcMon outputs
https://t.co/GfVRULiE0R
🔗 https://github.com/Accenture/Spartacus
🐥 [ tweet ]
Fresh out the oven, Spartacus DLL Hijacking Discovery all-in-one!
👉Utilises SysInternals ProcMon
👉Built-in ProcMon raw config/log parser/generator
👉Auto-generate DLL proxies including their Exports
👉Ability to process huge ProcMon outputs
https://t.co/GfVRULiE0R
🔗 https://github.com/Accenture/Spartacus
🐥 [ tweet ]
😈 [ jdu2600, John U ]
@_xpn_ 👋 Published a blog with an updated noscript that should detect each (known) class of bypass.
https://t.co/TmkBL2oWlE
🔗 https://www.elastic.co/security-labs/get-injectedthreadex-detection-thread-creation-trampolines
🐥 [ tweet ]
@_xpn_ 👋 Published a blog with an updated noscript that should detect each (known) class of bypass.
https://t.co/TmkBL2oWlE
🔗 https://www.elastic.co/security-labs/get-injectedthreadex-detection-thread-creation-trampolines
🐥 [ tweet ]
в продолжение https://blog.xpnsec.com/undersanding-and-evading-get-injectedthread/😈 [ aceb0nd, Acebond (acebond@infosec.exchange) ]
@an0n_r0 @3gstudent https://t.co/nTA2o87ies I made this and it works with execute-assembly to stay in memory.
🔗 https://github.com/RedCursorSecurityConsulting/NTFSCopy
🐥 [ tweet ]
@an0n_r0 @3gstudent https://t.co/nTA2o87ies I made this and it works with execute-assembly to stay in memory.
🔗 https://github.com/RedCursorSecurityConsulting/NTFSCopy
🐥 [ tweet ]
😈 [ ustayready, Mike Felch ]
Want to create great phishing links using an open-redirect on https://t.co/PMEpjfi11c? While they don't last forever, they are a great way to trick unsuspecting victims into clicking a legit looking URL before expiring! https://t.co/au1tGZgHQ1 Follow the 🧵for how it works..
🔗 http://www.google.com
🔗 https://gist.github.com/ustayready/3ba2e4b1a4ec3cdad188f0f7d0dc4b73
🐥 [ tweet ]
Want to create great phishing links using an open-redirect on https://t.co/PMEpjfi11c? While they don't last forever, they are a great way to trick unsuspecting victims into clicking a legit looking URL before expiring! https://t.co/au1tGZgHQ1 Follow the 🧵for how it works..
🔗 http://www.google.com
🔗 https://gist.github.com/ustayready/3ba2e4b1a4ec3cdad188f0f7d0dc4b73
🐥 [ tweet ]
😈 [ _choisec, Sunggwan Choi ]
Finished the RTO2 course and passed the CRTL exam the during Thanksgiving break. Wrote a review blog post on the course, lab, and the exam.
https://t.co/hkxthto8wL
Thank you @_RastaMouse for yet another great course. Wonder when the "RTO3 when" meme will start.
🔗 https://blog.sunggwanchoi.com/red-team-ops-2-review/
🐥 [ tweet ]
Finished the RTO2 course and passed the CRTL exam the during Thanksgiving break. Wrote a review blog post on the course, lab, and the exam.
https://t.co/hkxthto8wL
Thank you @_RastaMouse for yet another great course. Wonder when the "RTO3 when" meme will start.
🔗 https://blog.sunggwanchoi.com/red-team-ops-2-review/
🐥 [ tweet ]