😈 [ an0n_r0, an0n ]
ntfsDump: just found this from @3gstudent (and used successfully for reading ntds.dit on a DC):
https://t.co/hFGhEg2eYH
similar to the powershell version Invoke-Ninjacopy, but this time it is a c++ binary. sometimes it is better to have a binary than a PS (for opsec reasons).
🔗 https://github.com/3gstudent/ntfsDump
🐥 [ tweet ]
ntfsDump: just found this from @3gstudent (and used successfully for reading ntds.dit on a DC):
https://t.co/hFGhEg2eYH
similar to the powershell version Invoke-Ninjacopy, but this time it is a c++ binary. sometimes it is better to have a binary than a PS (for opsec reasons).
🔗 https://github.com/3gstudent/ntfsDump
🐥 [ tweet ]
😈 [ SkelSec, SkelSec ]
minikerberos got a public update v0.3.5(pip+github):
Supports RC4_MD4 auth
CVE2022-33647 added
CVE2022-33679 added
RC4-TGS-REP ticket decryptor with NT hashes added (read: no need to know password)
Thx for @porchetta_ind supporters!
https://t.co/VdSkb0DEkv
🔗 https://github.com/skelsec/minikerberos/
🐥 [ tweet ]
minikerberos got a public update v0.3.5(pip+github):
Supports RC4_MD4 auth
CVE2022-33647 added
CVE2022-33679 added
RC4-TGS-REP ticket decryptor with NT hashes added (read: no need to know password)
Thx for @porchetta_ind supporters!
https://t.co/VdSkb0DEkv
🔗 https://github.com/skelsec/minikerberos/
🐥 [ tweet ]
😈 [ EmpireC2Project, Empire ]
Interested in all the features that #EmpireC2Project has to offer? Check out our docs to stay up-to-date!
https://t.co/rR7JV1C55s
🔗 http://empirec2project.com
🐥 [ tweet ]
Interested in all the features that #EmpireC2Project has to offer? Check out our docs to stay up-to-date!
https://t.co/rR7JV1C55s
🔗 http://empirec2project.com
🐥 [ tweet ]
😈 [ t3l3machus, Panagiotis Chartas ]
New & simple tool for quickly and easily locating, web hosting and transferring resources (e.g., exploits/enumeration noscripts) from your filesystem to a victim machine during privilege escalation.
Also supports PUT requests so you can transfer files from victim to attacker box.
🔗 https://github.com/t3l3machus/wwwtree
🐥 [ tweet ]
New & simple tool for quickly and easily locating, web hosting and transferring resources (e.g., exploits/enumeration noscripts) from your filesystem to a victim machine during privilege escalation.
Also supports PUT requests so you can transfer files from victim to attacker box.
🔗 https://github.com/t3l3machus/wwwtree
🐥 [ tweet ]
🔥3
😈 [ sadreck, Pavel ]
Fresh out the oven, Spartacus DLL Hijacking Discovery all-in-one!
👉Utilises SysInternals ProcMon
👉Built-in ProcMon raw config/log parser/generator
👉Auto-generate DLL proxies including their Exports
👉Ability to process huge ProcMon outputs
https://t.co/GfVRULiE0R
🔗 https://github.com/Accenture/Spartacus
🐥 [ tweet ]
Fresh out the oven, Spartacus DLL Hijacking Discovery all-in-one!
👉Utilises SysInternals ProcMon
👉Built-in ProcMon raw config/log parser/generator
👉Auto-generate DLL proxies including their Exports
👉Ability to process huge ProcMon outputs
https://t.co/GfVRULiE0R
🔗 https://github.com/Accenture/Spartacus
🐥 [ tweet ]
😈 [ jdu2600, John U ]
@_xpn_ 👋 Published a blog with an updated noscript that should detect each (known) class of bypass.
https://t.co/TmkBL2oWlE
🔗 https://www.elastic.co/security-labs/get-injectedthreadex-detection-thread-creation-trampolines
🐥 [ tweet ]
@_xpn_ 👋 Published a blog with an updated noscript that should detect each (known) class of bypass.
https://t.co/TmkBL2oWlE
🔗 https://www.elastic.co/security-labs/get-injectedthreadex-detection-thread-creation-trampolines
🐥 [ tweet ]
в продолжение https://blog.xpnsec.com/undersanding-and-evading-get-injectedthread/😈 [ aceb0nd, Acebond (acebond@infosec.exchange) ]
@an0n_r0 @3gstudent https://t.co/nTA2o87ies I made this and it works with execute-assembly to stay in memory.
🔗 https://github.com/RedCursorSecurityConsulting/NTFSCopy
🐥 [ tweet ]
@an0n_r0 @3gstudent https://t.co/nTA2o87ies I made this and it works with execute-assembly to stay in memory.
🔗 https://github.com/RedCursorSecurityConsulting/NTFSCopy
🐥 [ tweet ]
😈 [ ustayready, Mike Felch ]
Want to create great phishing links using an open-redirect on https://t.co/PMEpjfi11c? While they don't last forever, they are a great way to trick unsuspecting victims into clicking a legit looking URL before expiring! https://t.co/au1tGZgHQ1 Follow the 🧵for how it works..
🔗 http://www.google.com
🔗 https://gist.github.com/ustayready/3ba2e4b1a4ec3cdad188f0f7d0dc4b73
🐥 [ tweet ]
Want to create great phishing links using an open-redirect on https://t.co/PMEpjfi11c? While they don't last forever, they are a great way to trick unsuspecting victims into clicking a legit looking URL before expiring! https://t.co/au1tGZgHQ1 Follow the 🧵for how it works..
🔗 http://www.google.com
🔗 https://gist.github.com/ustayready/3ba2e4b1a4ec3cdad188f0f7d0dc4b73
🐥 [ tweet ]
😈 [ _choisec, Sunggwan Choi ]
Finished the RTO2 course and passed the CRTL exam the during Thanksgiving break. Wrote a review blog post on the course, lab, and the exam.
https://t.co/hkxthto8wL
Thank you @_RastaMouse for yet another great course. Wonder when the "RTO3 when" meme will start.
🔗 https://blog.sunggwanchoi.com/red-team-ops-2-review/
🐥 [ tweet ]
Finished the RTO2 course and passed the CRTL exam the during Thanksgiving break. Wrote a review blog post on the course, lab, and the exam.
https://t.co/hkxthto8wL
Thank you @_RastaMouse for yet another great course. Wonder when the "RTO3 when" meme will start.
🔗 https://blog.sunggwanchoi.com/red-team-ops-2-review/
🐥 [ tweet ]
😈 [ ShitSecure, S3cur3Th1sSh1t ]
Found an vhdx/vmdk/vhd file in a network share? Volumiser from @_EthicalChaos_ gets you covered to exfiltrate e.G. SAM/SYSTEM to compromise the system via Administrator Pass-The-Hash:
https://t.co/OMiWBOVaS8
Really easy and intuitive to use 👏
🔗 https://github.com/CCob/Volumiser
🐥 [ tweet ]
Found an vhdx/vmdk/vhd file in a network share? Volumiser from @_EthicalChaos_ gets you covered to exfiltrate e.G. SAM/SYSTEM to compromise the system via Administrator Pass-The-Hash:
https://t.co/OMiWBOVaS8
Really easy and intuitive to use 👏
🔗 https://github.com/CCob/Volumiser
🐥 [ tweet ]
😈 [ dafthack, Beau Bullock ]
"We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo"
https://t.co/KjHlNpHbLb
🔗 https://blog.lastpass.com/2022/11/notice-of-recent-security-incident/
🐥 [ tweet ]
"We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo"
https://t.co/KjHlNpHbLb
🔗 https://blog.lastpass.com/2022/11/notice-of-recent-security-incident/
🐥 [ tweet ]
😈 [ mhskai2017, kiwids ]
I wrote a blog post that talks about how we can abuse yet another Chrome Remote Debugging feature to "stalk" end users. https://t.co/xPHw3j4Qrb
🔗 https://posts.specterops.io/stalking-inside-of-your-chromium-browser-757848b67949
🐥 [ tweet ]
I wrote a blog post that talks about how we can abuse yet another Chrome Remote Debugging feature to "stalk" end users. https://t.co/xPHw3j4Qrb
🔗 https://posts.specterops.io/stalking-inside-of-your-chromium-browser-757848b67949
🐥 [ tweet ]
😈 [ sensepost, Orange Cyberdefense's SensePost Team ]
In this post @Sant0rryu shows an attack chain where you can abuse ADCS to escalate from a Virtual Account / Service account to local SYSTEM. As homage to other *potato tools, it could even be called CertPotato. 👀
https://t.co/5vD4a00P0G
🔗 https://sensepost.com/blog/2022/certpotato-using-adcs-to-privesc-from-virtual-and-network-service-accounts-to-local-system/
🐥 [ tweet ]
In this post @Sant0rryu shows an attack chain where you can abuse ADCS to escalate from a Virtual Account / Service account to local SYSTEM. As homage to other *potato tools, it could even be called CertPotato. 👀
https://t.co/5vD4a00P0G
🔗 https://sensepost.com/blog/2022/certpotato-using-adcs-to-privesc-from-virtual-and-network-service-accounts-to-local-system/
🐥 [ tweet ]
😈 [ _nwodtuhs, Charlie Bromberg ]
Icymi, I'm now maintaining an Impacket fork which merges PRs a bit quicker than the official repo. This fork is dedicated to the Exegol project but can be used elsewhere if needed. You can PR there as well if you'd like and I'll do my best to review asap https://t.co/1newB3iqgs
🔗 https://github.com/ThePorgs/impacket
🐥 [ tweet ]
Icymi, I'm now maintaining an Impacket fork which merges PRs a bit quicker than the official repo. This fork is dedicated to the Exegol project but can be used elsewhere if needed. You can PR there as well if you'd like and I'll do my best to review asap https://t.co/1newB3iqgs
🔗 https://github.com/ThePorgs/impacket
🐥 [ tweet ]
наконец-то, блеать🔥2
👹 [ snovvcrash, sn🥶vvcr💥sh ]
[#HackTip ⚒️] A simple post-exploitation tip when you’ve added a GitLab admin from a compomised gitlab-rails console: if there’s only LDAP auth available and you cannot sign in even when you possess valid creds, do this to enable password auth for web 🤓
https://t.co/uJCcbhQZNz
🔗 https://ppn.snovvcrash.rocks/pentest/infrastructure/devops/gitlab#gitlab-rails
🐥 [ tweet ]
[#HackTip ⚒️] A simple post-exploitation tip when you’ve added a GitLab admin from a compomised gitlab-rails console: if there’s only LDAP auth available and you cannot sign in even when you possess valid creds, do this to enable password auth for web 🤓
https://t.co/uJCcbhQZNz
🔗 https://ppn.snovvcrash.rocks/pentest/infrastructure/devops/gitlab#gitlab-rails
🐥 [ tweet ]
🔥2
😈 [ byt3bl33d3r, Marcello ]
Just published some research and noscripts that allow you to do DLL sideloading/proxy loading with Nim DLLs.
Also, by accident figured out how to remove the NimMain function from the export table :)
https://t.co/4BVo8uPBXc
🔗 https://github.com/byt3bl33d3r/NimDllSideload
🐥 [ tweet ]
Just published some research and noscripts that allow you to do DLL sideloading/proxy loading with Nim DLLs.
Also, by accident figured out how to remove the NimMain function from the export table :)
https://t.co/4BVo8uPBXc
🔗 https://github.com/byt3bl33d3r/NimDllSideload
🐥 [ tweet ]
😈 [ filip_dragovic, Filip Dragovic ]
Here is PoC for CVE-2022-41120 https://t.co/oXkBYi4bWk. I combined arb file delete and limited arb file write to get code execution as NT Authority\System.
🔗 https://github.com/Wh04m1001/SysmonEoP
🐥 [ tweet ]
Here is PoC for CVE-2022-41120 https://t.co/oXkBYi4bWk. I combined arb file delete and limited arb file write to get code execution as NT Authority\System.
🔗 https://github.com/Wh04m1001/SysmonEoP
🐥 [ tweet ]
😈 [ SEKTOR7net, SEKTOR7 Institute ]
Finally made some progress (w/ help from https://t.co/M9jH1yfUK0).
Interestingly the bot logs into a box via SSH and sends the commands from the user, sharing the session between different users.
This Sunday's gonna be fun...
🔗 https://www.engraved.blog/building-a-virtual-machine-inside/
🐥 [ tweet ]
Finally made some progress (w/ help from https://t.co/M9jH1yfUK0).
Interestingly the bot logs into a box via SSH and sends the commands from the user, sharing the session between different users.
This Sunday's gonna be fun...
🔗 https://www.engraved.blog/building-a-virtual-machine-inside/
🐥 [ tweet ]