😈 [ dafthack, Beau Bullock ]

"We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo"
https://t.co/KjHlNpHbLb

🔗 https://blog.lastpass.com/2022/11/notice-of-recent-security-incident/

🐥 [ tweet ]

😈 [ mhskai2017, kiwids ]

I wrote a blog post that talks about how we can abuse yet another Chrome Remote Debugging feature to "stalk" end users. https://t.co/xPHw3j4Qrb

🔗 https://posts.specterops.io/stalking-inside-of-your-chromium-browser-757848b67949

🐥 [ tweet ]

😈 [ sensepost, Orange Cyberdefense's SensePost Team ]

In this post @Sant0rryu shows an attack chain where you can abuse ADCS to escalate from a Virtual Account / Service account to local SYSTEM. As homage to other *potato tools, it could even be called CertPotato. 👀

https://t.co/5vD4a00P0G

🔗 https://sensepost.com/blog/2022/certpotato-using-adcs-to-privesc-from-virtual-and-network-service-accounts-to-local-system/

🐥 [ tweet ]

😈 [ _nwodtuhs, Charlie Bromberg ]

Icymi, I'm now maintaining an Impacket fork which merges PRs a bit quicker than the official repo. This fork is dedicated to the Exegol project but can be used elsewhere if needed. You can PR there as well if you'd like and I'll do my best to review asap https://t.co/1newB3iqgs

🔗 https://github.com/ThePorgs/impacket

🐥 [ tweet ]

наконец-то, блеать

👹 [ snovvcrash, sn🥶vvcr💥sh ]

[#HackTip ⚒️] A simple post-exploitation tip when you’ve added a GitLab admin from a compomised gitlab-rails console: if there’s only LDAP auth available and you cannot sign in even when you possess valid creds, do this to enable password auth for web 🤓

https://t.co/uJCcbhQZNz

🔗 https://ppn.snovvcrash.rocks/pentest/infrastructure/devops/gitlab#gitlab-rails

🐥 [ tweet ]

HR здорового человека

😈 [ byt3bl33d3r, Marcello ]

Just published some research and noscripts that allow you to do DLL sideloading/proxy loading with Nim DLLs.
Also, by accident figured out how to remove the NimMain function from the export table :)
https://t.co/4BVo8uPBXc

🔗 https://github.com/byt3bl33d3r/NimDllSideload

🐥 [ tweet ]

😈 [ filip_dragovic, Filip Dragovic ]

Here is PoC for CVE-2022-41120 https://t.co/oXkBYi4bWk. I combined arb file delete and limited arb file write to get code execution as NT Authority\System.

🔗 https://github.com/Wh04m1001/SysmonEoP

🐥 [ tweet ]

😈 [ SEKTOR7net, SEKTOR7 Institute ]

Finally made some progress (w/ help from https://t.co/M9jH1yfUK0).

Interestingly the bot logs into a box via SSH and sends the commands from the user, sharing the session between different users.

This Sunday's gonna be fun...

🔗 https://www.engraved.blog/building-a-virtual-machine-inside/

🐥 [ tweet ]

😈 [ KlezVirus, d3adc0de ]

[RELEASE] After a little wait, I'm happy to present SilentMoonwalk, a PoC implementation of a TRUE call stack spoofer, result of a joint research on an original technique developed by namazso, done with my friends @trickster012 and @waldoirc.
Enjoy! ;)
https://t.co/C5QBzNawza

🔗 https://github.com/klezVirus/SilentMoonwalk

🐥 [ tweet ]

😈 [ ShitSecure, S3cur3Th1sSh1t ]

Responder does not catch NTLMv1 Hashes for "reasons"?

Try "ntlmrelayx[.]py -ntlmchallenge 1122334455667788 -of hashes.txt" instead.

🐥 [ tweet ]

😈 [ ShitSecure, S3cur3Th1sSh1t ]

Certipy throws strange Kerberos errors when using auth for NT-Hash retrieval of Computer Accounts? Like
"KRB_AP_ERR_BAD_INTEGRITY(Integrity check on decrypted field failed)" or others?

Use "-ldap-shell" instead to authenticate to LDAP and configure RBCD to take over the target.

🐥 [ tweet ]

😈 [ michlbrmly, Michael Bromley ]

I got #ChatGPT to tell me what it really thinks about us humans.

🐥 [ tweet ]

чет это уже даже не смешно

Чо, говорите, при KES ваще низя сдампить лсасс (из юзерленда + без записи чего-либо на диск, кста)? Ага да

😈 [ M4yFly, Mayfly ]

Goad writeup part 11 is up. This one is about acl/ace exploitation.
https://t.co/5Sg0xtviyU

🔗 https://mayfly277.github.io/posts/GOADv2-pwning-part11/

🐥 [ tweet ]