😈 [ _nwodtuhs, Charlie Bromberg “Shutdown” ]
🎅 xmas contribution to one of the tools I used most in 2022. #BloodHound
https://t.co/KqJYEOfzOs
🔗 https://github.com/BloodHoundAD/BloodHound/pull/625
🐥 [ tweet ]
🎅 xmas contribution to one of the tools I used most in 2022. #BloodHound
https://t.co/KqJYEOfzOs
🔗 https://github.com/BloodHoundAD/BloodHound/pull/625
🐥 [ tweet ]
😈 [ IKalendarov, Ilan Kalendarov ]
New research of mine about using hardware breakpoint for EDR evasion. Thanks to @rad9800 for the inspiration on this topic.
https://t.co/Ax2IZkSOI2
🔗 https://cymulate.com/blog/blindside-a-new-technique-for-edr-evasion-with-hardware-breakpoints?utm_campaign=Oktopost-Research&utm_content=Oktopost-Twitter&utm_medium=Twitter&utm_source=Organic_Social
🐥 [ tweet ]
New research of mine about using hardware breakpoint for EDR evasion. Thanks to @rad9800 for the inspiration on this topic.
https://t.co/Ax2IZkSOI2
🔗 https://cymulate.com/blog/blindside-a-new-technique-for-edr-evasion-with-hardware-breakpoints?utm_campaign=Oktopost-Research&utm_content=Oktopost-Twitter&utm_medium=Twitter&utm_source=Organic_Social
🐥 [ tweet ]
😈 [ mariuszbit, mgeeky | Mariusz Banach ]
☢️ Recently we started seeing Threat Actors abusing MSI Windows Installation files for Initial Access & code execution
🔥 I now release Part 1 insights into how MSIs can be abused, PoCs for 🔴 & dissection utility for 🔵
🦠 Let me know what you think!
https://t.co/X7vi6BGQg5
🔗 https://mgeeky.tech/msi-shenanigans-part-1/
🔗 https://github.com/mgeeky/msi-shenanigans
🔗 https://github.com/mgeeky/msidump
🐥 [ tweet ]
☢️ Recently we started seeing Threat Actors abusing MSI Windows Installation files for Initial Access & code execution
🔥 I now release Part 1 insights into how MSIs can be abused, PoCs for 🔴 & dissection utility for 🔵
🦠 Let me know what you think!
https://t.co/X7vi6BGQg5
🔗 https://mgeeky.tech/msi-shenanigans-part-1/
🔗 https://github.com/mgeeky/msi-shenanigans
🔗 https://github.com/mgeeky/msidump
🐥 [ tweet ]
X (formerly Twitter)
mgeeky | Mariusz Banach (@mariuszbit) on X
🔴 Red Team operator, ex-MWR/F-Secure pentester, ex-AV engine developer @ESET, green tea addict. 🫖 @mgeeky@infosec.exchange
😈 [ _RastaMouse, Rasta Mouse ]
I've been trying to get NtCreateUserProcess working in C#, but no joy yet. If anyone wants to take a stab at fixing the code, it's here:
https://t.co/ma3iuCSFjj
🔗 https://gist.github.com/rasta-mouse/2f6316083dd2f38bb91f160cca2088df
🐥 [ tweet ]
I've been trying to get NtCreateUserProcess working in C#, but no joy yet. If anyone wants to take a stab at fixing the code, it's here:
https://t.co/ma3iuCSFjj
🔗 https://gist.github.com/rasta-mouse/2f6316083dd2f38bb91f160cca2088df
🐥 [ tweet ]
😈 [ M4yFly, Mayfly ]
Finally, the last part of GOAD writeups is done ! 🥳
Part 12 : Trusts
https://t.co/q6XDr8GTUD
🔗 https://mayfly277.github.io/posts/GOADv2-pwning-part12/
🐥 [ tweet ]
Finally, the last part of GOAD writeups is done ! 🥳
Part 12 : Trusts
https://t.co/q6XDr8GTUD
🔗 https://mayfly277.github.io/posts/GOADv2-pwning-part12/
🐥 [ tweet ]
Писал тут на коленке скрипт для энума существующих емейлов на Mail.ru через Tor. Текстом не отдам, придется переписывать 😆
🔥6
😈 [ sprocket_ed, ed ]
Not bad - https://t.co/RdbIsLfGRy
🔗 https://github.com/m1guelpf/plz-cli
🐥 [ tweet ]
Not bad - https://t.co/RdbIsLfGRy
🔗 https://github.com/m1guelpf/plz-cli
🐥 [ tweet ]
🔥4
😈 [ an0n_r0, an0n ]
what a wonderful technique for stealing chrome/edge cookies without knowing the user password via chrome debug mode by @mangopdf:
https://t.co/T2ct1WI6e3
have not known it before (what a shame😄), although it is 4+ yrs old and still working.
here it is, demo using Sliver C2.🔥
🔗 https://mango.pdf.zone/stealing-chrome-cookies-without-a-password
🐥 [ tweet ]
what a wonderful technique for stealing chrome/edge cookies without knowing the user password via chrome debug mode by @mangopdf:
https://t.co/T2ct1WI6e3
have not known it before (what a shame😄), although it is 4+ yrs old and still working.
here it is, demo using Sliver C2.🔥
🔗 https://mango.pdf.zone/stealing-chrome-cookies-without-a-password
🐥 [ tweet ]
😈 [ splinter_code, Antonio Cocomazzi ]
Excited to share my latest research about the Vice Society Ransomware group and the growing threat of custom-branded ransomware! 🔥
https://t.co/5gMHUwBtcS
🔗 https://www.sentinelone.com/labs/custom-branded-ransomware-the-vice-society-group-and-the-threat-of-outsourced-development/
🐥 [ tweet ]
Excited to share my latest research about the Vice Society Ransomware group and the growing threat of custom-branded ransomware! 🔥
https://t.co/5gMHUwBtcS
🔗 https://www.sentinelone.com/labs/custom-branded-ransomware-the-vice-society-group-and-the-threat-of-outsourced-development/
🐥 [ tweet ]
😈 [ _RastaMouse, Rasta Mouse ]
I pushed all the NtCreateUserProcess stuff to my D/Invoke wiki.
https://t.co/tcv8vKrE86
🔗 https://dinvoke.net/en/ntdll/NtCreateUserProcess
🐥 [ tweet ]
I pushed all the NtCreateUserProcess stuff to my D/Invoke wiki.
https://t.co/tcv8vKrE86
🔗 https://dinvoke.net/en/ntdll/NtCreateUserProcess
🐥 [ tweet ]
😈 [ zux0x3a, Lawrence 勞倫斯 | لورانس ]
https://t.co/iBYhtXgMnn Comprehensive Rust Course
🔗 https://google.github.io/comprehensive-rust/
🐥 [ tweet ]
https://t.co/iBYhtXgMnn Comprehensive Rust Course
🔗 https://google.github.io/comprehensive-rust/
🐥 [ tweet ]
😈 [ JulioUrena, Julio Ureña ]
We released the #Kraken
#CrackMapExec module it's ready in @hackthebox_eu #Academy
Thank @mpgn_x64 for building the baseline for this module, helping me out, answering questions, and providing feedback along the way. @mpgn_x64 and #CME Rocks
https://t.co/DbiGMaiE0E
🔗 https://academy.hackthebox.com/module/details/84
🐥 [ tweet ]
We released the #Kraken
#CrackMapExec module it's ready in @hackthebox_eu #Academy
Thank @mpgn_x64 for building the baseline for this module, helping me out, answering questions, and providing feedback along the way. @mpgn_x64 and #CME Rocks
https://t.co/DbiGMaiE0E
🔗 https://academy.hackthebox.com/module/details/84
🐥 [ tweet ]
🔥1🤯1
👹 [ snovvcrash, sn🥶vvcr💥sh ]
(1/2) Despite being busy on an RT engagement, I’ve also played with the NtCreateUserProcess PoC in C# and if you’ve troubles with spawning the proc, you wanna take a closer look at the attributeList.TotalLength value.
#maldev
🐥 [ tweet ][ quote ]
(1/2) Despite being busy on an RT engagement, I’ve also played with the NtCreateUserProcess PoC in C# and if you’ve troubles with spawning the proc, you wanna take a closer look at the attributeList.TotalLength value.
#maldev
🐥 [ tweet ][ quote ]
😈 [ hasherezade, hasherezade ]
Just a reminder: this is free and doesn’t send anything to a server, nor requires passwords synchronization: https://t.co/4SPywdPC9K
🔗 https://hasherezade.github.io/passcrambler/
🐥 [ tweet ]
Just a reminder: this is free and doesn’t send anything to a server, nor requires passwords synchronization: https://t.co/4SPywdPC9K
🔗 https://hasherezade.github.io/passcrambler/
🐥 [ tweet ]
🔥2
😈 [ ly4k_, Oliver Lyak ]
Today we're publishing new techniques for recovering NTLM hashes from encrypted credentials protected by Windows Defender Credential Guard.
These techniques also work on victims logged on before the server was compromised.
https://t.co/euNIyX2dwW
🔗 https://research.ifcr.dk/pass-the-challenge-defeating-windows-defender-credential-guard-31a892eee22
🐥 [ tweet ]
Today we're publishing new techniques for recovering NTLM hashes from encrypted credentials protected by Windows Defender Credential Guard.
These techniques also work on victims logged on before the server was compromised.
https://t.co/euNIyX2dwW
🔗 https://research.ifcr.dk/pass-the-challenge-defeating-windows-defender-credential-guard-31a892eee22
🐥 [ tweet ]
🔥3
😈 [ 0xTriboulet, Santos (Steve) S. ]
Two articles that demonstrate the viability of unhooking by bringing your own copy of ntdll (byoDLL).
1) The first method creates a temp file (not_ntdll.dll)
2) The second method uses
@hasherezade's #pe2shc to load ntdll entirely in memory
https://t.co/98TA8SXBkX
🔗 https://steve-s.gitbook.io/0xtriboulet/unholy-unhooking
🐥 [ tweet ]
Two articles that demonstrate the viability of unhooking by bringing your own copy of ntdll (byoDLL).
1) The first method creates a temp file (not_ntdll.dll)
2) The second method uses
@hasherezade's #pe2shc to load ntdll entirely in memory
https://t.co/98TA8SXBkX
🔗 https://steve-s.gitbook.io/0xtriboulet/unholy-unhooking
🐥 [ tweet ]
😈 [ ShitSecure, S3cur3Th1sSh1t ]
https://t.co/Xbm4aP2soD
Just added to the Amsi-Bypass-Powershell repo:
https://t.co/WsoIqbBjsS
🔗 https://practicalsecurityanalytics.com/new-amsi-bypass-using-clr-hooking/
🔗 https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell/blob/master/README.md#Using-CLR-hooking
🐥 [ tweet ]
https://t.co/Xbm4aP2soD
Just added to the Amsi-Bypass-Powershell repo:
https://t.co/WsoIqbBjsS
🔗 https://practicalsecurityanalytics.com/new-amsi-bypass-using-clr-hooking/
🔗 https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell/blob/master/README.md#Using-CLR-hooking
🐥 [ tweet ]