😈 [ splinter_code, Antonio Cocomazzi ]
Excited to share my latest research about the Vice Society Ransomware group and the growing threat of custom-branded ransomware! 🔥
https://t.co/5gMHUwBtcS
🔗 https://www.sentinelone.com/labs/custom-branded-ransomware-the-vice-society-group-and-the-threat-of-outsourced-development/
🐥 [ tweet ]
Excited to share my latest research about the Vice Society Ransomware group and the growing threat of custom-branded ransomware! 🔥
https://t.co/5gMHUwBtcS
🔗 https://www.sentinelone.com/labs/custom-branded-ransomware-the-vice-society-group-and-the-threat-of-outsourced-development/
🐥 [ tweet ]
😈 [ _RastaMouse, Rasta Mouse ]
I pushed all the NtCreateUserProcess stuff to my D/Invoke wiki.
https://t.co/tcv8vKrE86
🔗 https://dinvoke.net/en/ntdll/NtCreateUserProcess
🐥 [ tweet ]
I pushed all the NtCreateUserProcess stuff to my D/Invoke wiki.
https://t.co/tcv8vKrE86
🔗 https://dinvoke.net/en/ntdll/NtCreateUserProcess
🐥 [ tweet ]
😈 [ zux0x3a, Lawrence 勞倫斯 | لورانس ]
https://t.co/iBYhtXgMnn Comprehensive Rust Course
🔗 https://google.github.io/comprehensive-rust/
🐥 [ tweet ]
https://t.co/iBYhtXgMnn Comprehensive Rust Course
🔗 https://google.github.io/comprehensive-rust/
🐥 [ tweet ]
😈 [ JulioUrena, Julio Ureña ]
We released the #Kraken
#CrackMapExec module it's ready in @hackthebox_eu #Academy
Thank @mpgn_x64 for building the baseline for this module, helping me out, answering questions, and providing feedback along the way. @mpgn_x64 and #CME Rocks
https://t.co/DbiGMaiE0E
🔗 https://academy.hackthebox.com/module/details/84
🐥 [ tweet ]
We released the #Kraken
#CrackMapExec module it's ready in @hackthebox_eu #Academy
Thank @mpgn_x64 for building the baseline for this module, helping me out, answering questions, and providing feedback along the way. @mpgn_x64 and #CME Rocks
https://t.co/DbiGMaiE0E
🔗 https://academy.hackthebox.com/module/details/84
🐥 [ tweet ]
🔥1🤯1
👹 [ snovvcrash, sn🥶vvcr💥sh ]
(1/2) Despite being busy on an RT engagement, I’ve also played with the NtCreateUserProcess PoC in C# and if you’ve troubles with spawning the proc, you wanna take a closer look at the attributeList.TotalLength value.
#maldev
🐥 [ tweet ][ quote ]
(1/2) Despite being busy on an RT engagement, I’ve also played with the NtCreateUserProcess PoC in C# and if you’ve troubles with spawning the proc, you wanna take a closer look at the attributeList.TotalLength value.
#maldev
🐥 [ tweet ][ quote ]
😈 [ hasherezade, hasherezade ]
Just a reminder: this is free and doesn’t send anything to a server, nor requires passwords synchronization: https://t.co/4SPywdPC9K
🔗 https://hasherezade.github.io/passcrambler/
🐥 [ tweet ]
Just a reminder: this is free and doesn’t send anything to a server, nor requires passwords synchronization: https://t.co/4SPywdPC9K
🔗 https://hasherezade.github.io/passcrambler/
🐥 [ tweet ]
🔥2
😈 [ ly4k_, Oliver Lyak ]
Today we're publishing new techniques for recovering NTLM hashes from encrypted credentials protected by Windows Defender Credential Guard.
These techniques also work on victims logged on before the server was compromised.
https://t.co/euNIyX2dwW
🔗 https://research.ifcr.dk/pass-the-challenge-defeating-windows-defender-credential-guard-31a892eee22
🐥 [ tweet ]
Today we're publishing new techniques for recovering NTLM hashes from encrypted credentials protected by Windows Defender Credential Guard.
These techniques also work on victims logged on before the server was compromised.
https://t.co/euNIyX2dwW
🔗 https://research.ifcr.dk/pass-the-challenge-defeating-windows-defender-credential-guard-31a892eee22
🐥 [ tweet ]
🔥3
😈 [ 0xTriboulet, Santos (Steve) S. ]
Two articles that demonstrate the viability of unhooking by bringing your own copy of ntdll (byoDLL).
1) The first method creates a temp file (not_ntdll.dll)
2) The second method uses
@hasherezade's #pe2shc to load ntdll entirely in memory
https://t.co/98TA8SXBkX
🔗 https://steve-s.gitbook.io/0xtriboulet/unholy-unhooking
🐥 [ tweet ]
Two articles that demonstrate the viability of unhooking by bringing your own copy of ntdll (byoDLL).
1) The first method creates a temp file (not_ntdll.dll)
2) The second method uses
@hasherezade's #pe2shc to load ntdll entirely in memory
https://t.co/98TA8SXBkX
🔗 https://steve-s.gitbook.io/0xtriboulet/unholy-unhooking
🐥 [ tweet ]
😈 [ ShitSecure, S3cur3Th1sSh1t ]
https://t.co/Xbm4aP2soD
Just added to the Amsi-Bypass-Powershell repo:
https://t.co/WsoIqbBjsS
🔗 https://practicalsecurityanalytics.com/new-amsi-bypass-using-clr-hooking/
🔗 https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell/blob/master/README.md#Using-CLR-hooking
🐥 [ tweet ]
https://t.co/Xbm4aP2soD
Just added to the Amsi-Bypass-Powershell repo:
https://t.co/WsoIqbBjsS
🔗 https://practicalsecurityanalytics.com/new-amsi-bypass-using-clr-hooking/
🔗 https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell/blob/master/README.md#Using-CLR-hooking
🐥 [ tweet ]
😈 [ an0n_r0, an0n ]
that's exactly what I needed, thx. 🙏
probably I'll play with this more, as a 1st step added an http downloader for the shellcode in my fork:
https://t.co/oysgD1xqRc
🔗 https://gist.github.com/tothi/9cdd2be3b49cb42723726fd75df96471
🐥 [ tweet ][ quote ]
that's exactly what I needed, thx. 🙏
probably I'll play with this more, as a 1st step added an http downloader for the shellcode in my fork:
https://t.co/oysgD1xqRc
🔗 https://gist.github.com/tothi/9cdd2be3b49cb42723726fd75df96471
🐥 [ tweet ][ quote ]
👹 [ snovvcrash, sn🥶vvcr💥sh ]
Rewritten #DirtyVanity PoC injector to C# and #DInvoke. Great stuff @eliran_nissan!
https://t.co/ifQLPMSFpb
Happy upcoming New Year to everyone! 🎄
🔗 https://gist.github.com/snovvcrash/09deab831d49028e194e8ee83f2616a9
🐥 [ tweet ][ quote ]
Rewritten #DirtyVanity PoC injector to C# and #DInvoke. Great stuff @eliran_nissan!
https://t.co/ifQLPMSFpb
Happy upcoming New Year to everyone! 🎄
🔗 https://gist.github.com/snovvcrash/09deab831d49028e194e8ee83f2616a9
🐥 [ tweet ][ quote ]
🔥5
Лень подводить итоги года по типу «я много всего сделяль, я крутой, кхм, пук…», поэтому просто немного арта от ][
Всех с наступающим! 🎄🎅🏻
EDIT. А, ну да, меня уже поправили, главная ачивка - это @fuckushitbitch. Я думал, это и так очевидно 🤷🏻♂️
Всех с наступающим! 🎄🎅🏻
EDIT. А, ну да, меня уже поправили, главная ачивка - это @fuckushitbitch. Я думал, это и так очевидно 🤷🏻♂️
🔥14
😈 [ jack_halon, Jack Halon ]
To wrap up 2022, I'm releasing the final part of my 3-part browser exploitation series on Chrome!
In this post, we demonstrate the practical use of the concepts we've learned throughout the series by analyzing and exploiting CVE-2018-17463.
Enjoy!
https://t.co/Xhrnh4fqNB
🔗 https://jhalon.github.io/chrome-browser-exploitation-3/
🐥 [ tweet ]
To wrap up 2022, I'm releasing the final part of my 3-part browser exploitation series on Chrome!
In this post, we demonstrate the practical use of the concepts we've learned throughout the series by analyzing and exploiting CVE-2018-17463.
Enjoy!
https://t.co/Xhrnh4fqNB
🔗 https://jhalon.github.io/chrome-browser-exploitation-3/
🐥 [ tweet ]
😈 [ zux0x3a, Lawrence 勞倫斯 | لورانس ]
Created A Pascal Reverse Shell with Encrypted Traffic Using the XOR Algorithm to encrypt the network communications between client/server. The current PoC demonstrates the ability to reduce the static detection ratio.
https://t.co/1dHcFDGB1F
🔗 https://ired.dev/discussion/16/a-pascal-reverse-shell-with-encrypted-traffic-using-the-xor-algorithm/
🐥 [ tweet ]
Created A Pascal Reverse Shell with Encrypted Traffic Using the XOR Algorithm to encrypt the network communications between client/server. The current PoC demonstrates the ability to reduce the static detection ratio.
https://t.co/1dHcFDGB1F
🔗 https://ired.dev/discussion/16/a-pascal-reverse-shell-with-encrypted-traffic-using-the-xor-algorithm/
🐥 [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ SEKTOR7net, SEKTOR7 Institute ]
New tool released!
CaFeBiBa - COFF object parser for binaries compiled with MSVC.
Enjoy!
https://t.co/h52wRRdaxY
#redteam #rto
🔗 https://blog.sektor7.net/#!res/2022/cafebiba.md
🐥 [ tweet ]
New tool released!
CaFeBiBa - COFF object parser for binaries compiled with MSVC.
Enjoy!
https://t.co/h52wRRdaxY
#redteam #rto
🔗 https://blog.sektor7.net/#!res/2022/cafebiba.md
🐥 [ tweet ]
😈 [ 0xTriboulet, Santos (Steve) S. ]
Novel @Windows Defender bypass that leverage’s Defender’s inability to detect a malicious executable with a >2MB stack requirement.
1) Make a big payload
2) Put it in main()
3) ???
4) PROFIT
https://t.co/C2dk5EDlVe
🔗 https://steve-s.gitbook.io/0xtriboulet/deceiving-defender/deceiving-defender-the-big-stack-bypass
🐥 [ tweet ]
Novel @Windows Defender bypass that leverage’s Defender’s inability to detect a malicious executable with a >2MB stack requirement.
1) Make a big payload
2) Put it in main()
3) ???
4) PROFIT
https://t.co/C2dk5EDlVe
🔗 https://steve-s.gitbook.io/0xtriboulet/deceiving-defender/deceiving-defender-the-big-stack-bypass
🐥 [ tweet ]