😈 [ KlezVirus, d3adc0de ]

[RELEASE] After a little wait, I'm happy to present SilentMoonwalk, a PoC implementation of a TRUE call stack spoofer, result of a joint research on an original technique developed by namazso, done with my friends @trickster012 and @waldoirc.
Enjoy! ;)
https://t.co/C5QBzNawza

🔗 https://github.com/klezVirus/SilentMoonwalk

🐥 [ tweet ]

😈 [ ShitSecure, S3cur3Th1sSh1t ]

Responder does not catch NTLMv1 Hashes for "reasons"?

Try "ntlmrelayx[.]py -ntlmchallenge 1122334455667788 -of hashes.txt" instead.

🐥 [ tweet ]

😈 [ ShitSecure, S3cur3Th1sSh1t ]

Certipy throws strange Kerberos errors when using auth for NT-Hash retrieval of Computer Accounts? Like
"KRB_AP_ERR_BAD_INTEGRITY(Integrity check on decrypted field failed)" or others?

Use "-ldap-shell" instead to authenticate to LDAP and configure RBCD to take over the target.

🐥 [ tweet ]

😈 [ michlbrmly, Michael Bromley ]

I got #ChatGPT to tell me what it really thinks about us humans.

🐥 [ tweet ]

чет это уже даже не смешно

Чо, говорите, при KES ваще низя сдампить лсасс (из юзерленда + без записи чего-либо на диск, кста)? Ага да

😈 [ M4yFly, Mayfly ]

Goad writeup part 11 is up. This one is about acl/ace exploitation.
https://t.co/5Sg0xtviyU

🔗 https://mayfly277.github.io/posts/GOADv2-pwning-part11/

🐥 [ tweet ]

😈 [ tiraniddo, James Forshaw ]

The Kerberos PAC verification bypass me and @monoxgas showed at the end of our BH presentation and was fixed last month is now open in the issue tracker. Certainly an interesting one :) https://t.co/iIePeeKpOR

🔗 https://bugs.chromium.org/p/project-zero/issues/detail?id=2346

🐥 [ tweet ]

😈 [ R0h1rr1m, Furkan Göksel ]

It is public now! #BHEU

Asmjit Based Polymorphic Encryptor

🔗 https://github.com/frkngksl/Shoggoth
🔗 https://www.blackhat.com/eu-22/arsenal/schedule/index.html#shoggoth-asmjit-based-polymorphic-encryptor-29588

🐥 [ tweet ][ quote ]

😈 [ lpha3ch0, Steve Campbell ]

Pywerview in the Kali repo is outdated and broken so I created a Dockerfile to simplify installing in an isolated container. Also submitted a pull request to add it to the repo: https://t.co/wt9XbHtcDY

🔗 https://github.com/the-useless-one/pywerview/pull/54

🐥 [ tweet ]

😈 [ theluemmel, ADCluemmelSec ]

Are you also tired of
"This setting is managed by your administrator or organization"
messages, preventing you from altering settings, although you are admin?
Fear no more, I got you covered - well at least partially:
AV
FW
DeviceGuard
Edge
FF
https://t.co/ZHf1QoMSfo

🔗 https://gist.github.com/LuemmelSec/20e2b6429eccf0bac91ac6f17bc98c87

🐥 [ tweet ]

😈 [ Cneelis, Cn33liz ]

It is #BOFFriday again!

Today's release:
> Klist, a BOF implementation to display Kerberos tickets.
> Psk, display loaded kernel modules and summarise installed security products.

Check out the @OutflankNL C2-Tool-Collection repo: https://t.co/Wq1obZlEtk

🔗 https://github.com/outflanknl/C2-Tool-Collection

🐥 [ tweet ]

😈 [ chvancooten, Cas van Cooten ]

I have to say, using #ChatGPT as a Telegram bot works impressively well

(Script: https://t.co/vxDGzGaa9K)

🔗 https://github.com/m1guelpf/chatgpt-telegram

🐥 [ tweet ]

😈 [ KlezVirus, d3adc0de ]

[BLOG POST] And as promised, this is a brief article the describing the technique used within SilentMoonwalk. Might be a good weekend read!
https://t.co/FUnW2Ca6VP

🔗 https://klezvirus.github.io/RedTeaming/AV_Evasion/StackSpoofing/

🐥 [ tweet ]