👹 [ snovvcrash, sn🥶vvcr💥sh ]
[#HackTip ⚒️] A simple post-exploitation tip when you’ve added a GitLab admin from a compomised gitlab-rails console: if there’s only LDAP auth available and you cannot sign in even when you possess valid creds, do this to enable password auth for web 🤓
https://t.co/uJCcbhQZNz
🔗 https://ppn.snovvcrash.rocks/pentest/infrastructure/devops/gitlab#gitlab-rails
🐥 [ tweet ]
[#HackTip ⚒️] A simple post-exploitation tip when you’ve added a GitLab admin from a compomised gitlab-rails console: if there’s only LDAP auth available and you cannot sign in even when you possess valid creds, do this to enable password auth for web 🤓
https://t.co/uJCcbhQZNz
🔗 https://ppn.snovvcrash.rocks/pentest/infrastructure/devops/gitlab#gitlab-rails
🐥 [ tweet ]
🔥2
😈 [ byt3bl33d3r, Marcello ]
Just published some research and noscripts that allow you to do DLL sideloading/proxy loading with Nim DLLs.
Also, by accident figured out how to remove the NimMain function from the export table :)
https://t.co/4BVo8uPBXc
🔗 https://github.com/byt3bl33d3r/NimDllSideload
🐥 [ tweet ]
Just published some research and noscripts that allow you to do DLL sideloading/proxy loading with Nim DLLs.
Also, by accident figured out how to remove the NimMain function from the export table :)
https://t.co/4BVo8uPBXc
🔗 https://github.com/byt3bl33d3r/NimDllSideload
🐥 [ tweet ]
😈 [ filip_dragovic, Filip Dragovic ]
Here is PoC for CVE-2022-41120 https://t.co/oXkBYi4bWk. I combined arb file delete and limited arb file write to get code execution as NT Authority\System.
🔗 https://github.com/Wh04m1001/SysmonEoP
🐥 [ tweet ]
Here is PoC for CVE-2022-41120 https://t.co/oXkBYi4bWk. I combined arb file delete and limited arb file write to get code execution as NT Authority\System.
🔗 https://github.com/Wh04m1001/SysmonEoP
🐥 [ tweet ]
😈 [ SEKTOR7net, SEKTOR7 Institute ]
Finally made some progress (w/ help from https://t.co/M9jH1yfUK0).
Interestingly the bot logs into a box via SSH and sends the commands from the user, sharing the session between different users.
This Sunday's gonna be fun...
🔗 https://www.engraved.blog/building-a-virtual-machine-inside/
🐥 [ tweet ]
Finally made some progress (w/ help from https://t.co/M9jH1yfUK0).
Interestingly the bot logs into a box via SSH and sends the commands from the user, sharing the session between different users.
This Sunday's gonna be fun...
🔗 https://www.engraved.blog/building-a-virtual-machine-inside/
🐥 [ tweet ]
😈 [ KlezVirus, d3adc0de ]
[RELEASE] After a little wait, I'm happy to present SilentMoonwalk, a PoC implementation of a TRUE call stack spoofer, result of a joint research on an original technique developed by namazso, done with my friends @trickster012 and @waldoirc.
Enjoy! ;)
https://t.co/C5QBzNawza
🔗 https://github.com/klezVirus/SilentMoonwalk
🐥 [ tweet ]
[RELEASE] After a little wait, I'm happy to present SilentMoonwalk, a PoC implementation of a TRUE call stack spoofer, result of a joint research on an original technique developed by namazso, done with my friends @trickster012 and @waldoirc.
Enjoy! ;)
https://t.co/C5QBzNawza
🔗 https://github.com/klezVirus/SilentMoonwalk
🐥 [ tweet ]
😈 [ ShitSecure, S3cur3Th1sSh1t ]
Responder does not catch NTLMv1 Hashes for "reasons"?
Try "ntlmrelayx[.]py -ntlmchallenge 1122334455667788 -of hashes.txt" instead.
🐥 [ tweet ]
Responder does not catch NTLMv1 Hashes for "reasons"?
Try "ntlmrelayx[.]py -ntlmchallenge 1122334455667788 -of hashes.txt" instead.
🐥 [ tweet ]
X (formerly Twitter)
S3cur3Th1sSh1t (@ShitSecure) on X
Pentesting, noscripting, pwning!
😈 [ ShitSecure, S3cur3Th1sSh1t ]
Certipy throws strange Kerberos errors when using auth for NT-Hash retrieval of Computer Accounts? Like
"KRB_AP_ERR_BAD_INTEGRITY(Integrity check on decrypted field failed)" or others?
Use "-ldap-shell" instead to authenticate to LDAP and configure RBCD to take over the target.
🐥 [ tweet ]
Certipy throws strange Kerberos errors when using auth for NT-Hash retrieval of Computer Accounts? Like
"KRB_AP_ERR_BAD_INTEGRITY(Integrity check on decrypted field failed)" or others?
Use "-ldap-shell" instead to authenticate to LDAP and configure RBCD to take over the target.
🐥 [ tweet ]
😈 [ michlbrmly, Michael Bromley ]
I got #ChatGPT to tell me what it really thinks about us humans.
🐥 [ tweet ]
I got #ChatGPT to tell me what it really thinks about us humans.
🐥 [ tweet ]
чет это уже даже не смешно😁4🥱1
Чо, говорите, при KES ваще низя сдампить лсасс (из юзерленда + без записи чего-либо на диск, кста)? Ага да
😈 [ M4yFly, Mayfly ]
Goad writeup part 11 is up. This one is about acl/ace exploitation.
https://t.co/5Sg0xtviyU
🔗 https://mayfly277.github.io/posts/GOADv2-pwning-part11/
🐥 [ tweet ]
Goad writeup part 11 is up. This one is about acl/ace exploitation.
https://t.co/5Sg0xtviyU
🔗 https://mayfly277.github.io/posts/GOADv2-pwning-part11/
🐥 [ tweet ]
🔥5
😈 [ tiraniddo, James Forshaw ]
The Kerberos PAC verification bypass me and @monoxgas showed at the end of our BH presentation and was fixed last month is now open in the issue tracker. Certainly an interesting one :) https://t.co/iIePeeKpOR
🔗 https://bugs.chromium.org/p/project-zero/issues/detail?id=2346
🐥 [ tweet ]
The Kerberos PAC verification bypass me and @monoxgas showed at the end of our BH presentation and was fixed last month is now open in the issue tracker. Certainly an interesting one :) https://t.co/iIePeeKpOR
🔗 https://bugs.chromium.org/p/project-zero/issues/detail?id=2346
🐥 [ tweet ]
😈 [ R0h1rr1m, Furkan Göksel ]
It is public now! #BHEU
Asmjit Based Polymorphic Encryptor
🔗 https://github.com/frkngksl/Shoggoth
🔗 https://www.blackhat.com/eu-22/arsenal/schedule/index.html#shoggoth-asmjit-based-polymorphic-encryptor-29588
🐥 [ tweet ][ quote ]
It is public now! #BHEU
Asmjit Based Polymorphic Encryptor
🔗 https://github.com/frkngksl/Shoggoth
🔗 https://www.blackhat.com/eu-22/arsenal/schedule/index.html#shoggoth-asmjit-based-polymorphic-encryptor-29588
🐥 [ tweet ][ quote ]
😈 [ lpha3ch0, Steve Campbell ]
Pywerview in the Kali repo is outdated and broken so I created a Dockerfile to simplify installing in an isolated container. Also submitted a pull request to add it to the repo: https://t.co/wt9XbHtcDY
🔗 https://github.com/the-useless-one/pywerview/pull/54
🐥 [ tweet ]
Pywerview in the Kali repo is outdated and broken so I created a Dockerfile to simplify installing in an isolated container. Also submitted a pull request to add it to the repo: https://t.co/wt9XbHtcDY
🔗 https://github.com/the-useless-one/pywerview/pull/54
🐥 [ tweet ]
😈 [ theluemmel, ADCluemmelSec ]
Are you also tired of
"This setting is managed by your administrator or organization"
messages, preventing you from altering settings, although you are admin?
Fear no more, I got you covered - well at least partially:
AV
FW
DeviceGuard
Edge
FF
https://t.co/ZHf1QoMSfo
🔗 https://gist.github.com/LuemmelSec/20e2b6429eccf0bac91ac6f17bc98c87
🐥 [ tweet ]
Are you also tired of
"This setting is managed by your administrator or organization"
messages, preventing you from altering settings, although you are admin?
Fear no more, I got you covered - well at least partially:
AV
FW
DeviceGuard
Edge
FF
https://t.co/ZHf1QoMSfo
🔗 https://gist.github.com/LuemmelSec/20e2b6429eccf0bac91ac6f17bc98c87
🐥 [ tweet ]