👹 [ snovvcrash, sn🥶vvcr💥sh ]
(1/2) Despite being busy on an RT engagement, I’ve also played with the NtCreateUserProcess PoC in C# and if you’ve troubles with spawning the proc, you wanna take a closer look at the attributeList.TotalLength value.
#maldev
🐥 [ tweet ][ quote ]
(1/2) Despite being busy on an RT engagement, I’ve also played with the NtCreateUserProcess PoC in C# and if you’ve troubles with spawning the proc, you wanna take a closer look at the attributeList.TotalLength value.
#maldev
🐥 [ tweet ][ quote ]
😈 [ hasherezade, hasherezade ]
Just a reminder: this is free and doesn’t send anything to a server, nor requires passwords synchronization: https://t.co/4SPywdPC9K
🔗 https://hasherezade.github.io/passcrambler/
🐥 [ tweet ]
Just a reminder: this is free and doesn’t send anything to a server, nor requires passwords synchronization: https://t.co/4SPywdPC9K
🔗 https://hasherezade.github.io/passcrambler/
🐥 [ tweet ]
🔥2
😈 [ ly4k_, Oliver Lyak ]
Today we're publishing new techniques for recovering NTLM hashes from encrypted credentials protected by Windows Defender Credential Guard.
These techniques also work on victims logged on before the server was compromised.
https://t.co/euNIyX2dwW
🔗 https://research.ifcr.dk/pass-the-challenge-defeating-windows-defender-credential-guard-31a892eee22
🐥 [ tweet ]
Today we're publishing new techniques for recovering NTLM hashes from encrypted credentials protected by Windows Defender Credential Guard.
These techniques also work on victims logged on before the server was compromised.
https://t.co/euNIyX2dwW
🔗 https://research.ifcr.dk/pass-the-challenge-defeating-windows-defender-credential-guard-31a892eee22
🐥 [ tweet ]
🔥3
😈 [ 0xTriboulet, Santos (Steve) S. ]
Two articles that demonstrate the viability of unhooking by bringing your own copy of ntdll (byoDLL).
1) The first method creates a temp file (not_ntdll.dll)
2) The second method uses
@hasherezade's #pe2shc to load ntdll entirely in memory
https://t.co/98TA8SXBkX
🔗 https://steve-s.gitbook.io/0xtriboulet/unholy-unhooking
🐥 [ tweet ]
Two articles that demonstrate the viability of unhooking by bringing your own copy of ntdll (byoDLL).
1) The first method creates a temp file (not_ntdll.dll)
2) The second method uses
@hasherezade's #pe2shc to load ntdll entirely in memory
https://t.co/98TA8SXBkX
🔗 https://steve-s.gitbook.io/0xtriboulet/unholy-unhooking
🐥 [ tweet ]
😈 [ ShitSecure, S3cur3Th1sSh1t ]
https://t.co/Xbm4aP2soD
Just added to the Amsi-Bypass-Powershell repo:
https://t.co/WsoIqbBjsS
🔗 https://practicalsecurityanalytics.com/new-amsi-bypass-using-clr-hooking/
🔗 https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell/blob/master/README.md#Using-CLR-hooking
🐥 [ tweet ]
https://t.co/Xbm4aP2soD
Just added to the Amsi-Bypass-Powershell repo:
https://t.co/WsoIqbBjsS
🔗 https://practicalsecurityanalytics.com/new-amsi-bypass-using-clr-hooking/
🔗 https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell/blob/master/README.md#Using-CLR-hooking
🐥 [ tweet ]
😈 [ an0n_r0, an0n ]
that's exactly what I needed, thx. 🙏
probably I'll play with this more, as a 1st step added an http downloader for the shellcode in my fork:
https://t.co/oysgD1xqRc
🔗 https://gist.github.com/tothi/9cdd2be3b49cb42723726fd75df96471
🐥 [ tweet ][ quote ]
that's exactly what I needed, thx. 🙏
probably I'll play with this more, as a 1st step added an http downloader for the shellcode in my fork:
https://t.co/oysgD1xqRc
🔗 https://gist.github.com/tothi/9cdd2be3b49cb42723726fd75df96471
🐥 [ tweet ][ quote ]
👹 [ snovvcrash, sn🥶vvcr💥sh ]
Rewritten #DirtyVanity PoC injector to C# and #DInvoke. Great stuff @eliran_nissan!
https://t.co/ifQLPMSFpb
Happy upcoming New Year to everyone! 🎄
🔗 https://gist.github.com/snovvcrash/09deab831d49028e194e8ee83f2616a9
🐥 [ tweet ][ quote ]
Rewritten #DirtyVanity PoC injector to C# and #DInvoke. Great stuff @eliran_nissan!
https://t.co/ifQLPMSFpb
Happy upcoming New Year to everyone! 🎄
🔗 https://gist.github.com/snovvcrash/09deab831d49028e194e8ee83f2616a9
🐥 [ tweet ][ quote ]
🔥5
Лень подводить итоги года по типу «я много всего сделяль, я крутой, кхм, пук…», поэтому просто немного арта от ][
Всех с наступающим! 🎄🎅🏻
EDIT. А, ну да, меня уже поправили, главная ачивка - это @fuckushitbitch. Я думал, это и так очевидно 🤷🏻♂️
Всех с наступающим! 🎄🎅🏻
EDIT. А, ну да, меня уже поправили, главная ачивка - это @fuckushitbitch. Я думал, это и так очевидно 🤷🏻♂️
🔥14
😈 [ jack_halon, Jack Halon ]
To wrap up 2022, I'm releasing the final part of my 3-part browser exploitation series on Chrome!
In this post, we demonstrate the practical use of the concepts we've learned throughout the series by analyzing and exploiting CVE-2018-17463.
Enjoy!
https://t.co/Xhrnh4fqNB
🔗 https://jhalon.github.io/chrome-browser-exploitation-3/
🐥 [ tweet ]
To wrap up 2022, I'm releasing the final part of my 3-part browser exploitation series on Chrome!
In this post, we demonstrate the practical use of the concepts we've learned throughout the series by analyzing and exploiting CVE-2018-17463.
Enjoy!
https://t.co/Xhrnh4fqNB
🔗 https://jhalon.github.io/chrome-browser-exploitation-3/
🐥 [ tweet ]
😈 [ zux0x3a, Lawrence 勞倫斯 | لورانس ]
Created A Pascal Reverse Shell with Encrypted Traffic Using the XOR Algorithm to encrypt the network communications between client/server. The current PoC demonstrates the ability to reduce the static detection ratio.
https://t.co/1dHcFDGB1F
🔗 https://ired.dev/discussion/16/a-pascal-reverse-shell-with-encrypted-traffic-using-the-xor-algorithm/
🐥 [ tweet ]
Created A Pascal Reverse Shell with Encrypted Traffic Using the XOR Algorithm to encrypt the network communications between client/server. The current PoC demonstrates the ability to reduce the static detection ratio.
https://t.co/1dHcFDGB1F
🔗 https://ired.dev/discussion/16/a-pascal-reverse-shell-with-encrypted-traffic-using-the-xor-algorithm/
🐥 [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ SEKTOR7net, SEKTOR7 Institute ]
New tool released!
CaFeBiBa - COFF object parser for binaries compiled with MSVC.
Enjoy!
https://t.co/h52wRRdaxY
#redteam #rto
🔗 https://blog.sektor7.net/#!res/2022/cafebiba.md
🐥 [ tweet ]
New tool released!
CaFeBiBa - COFF object parser for binaries compiled with MSVC.
Enjoy!
https://t.co/h52wRRdaxY
#redteam #rto
🔗 https://blog.sektor7.net/#!res/2022/cafebiba.md
🐥 [ tweet ]
😈 [ 0xTriboulet, Santos (Steve) S. ]
Novel @Windows Defender bypass that leverage’s Defender’s inability to detect a malicious executable with a >2MB stack requirement.
1) Make a big payload
2) Put it in main()
3) ???
4) PROFIT
https://t.co/C2dk5EDlVe
🔗 https://steve-s.gitbook.io/0xtriboulet/deceiving-defender/deceiving-defender-the-big-stack-bypass
🐥 [ tweet ]
Novel @Windows Defender bypass that leverage’s Defender’s inability to detect a malicious executable with a >2MB stack requirement.
1) Make a big payload
2) Put it in main()
3) ???
4) PROFIT
https://t.co/C2dk5EDlVe
🔗 https://steve-s.gitbook.io/0xtriboulet/deceiving-defender/deceiving-defender-the-big-stack-bypass
🐥 [ tweet ]
😈 [ bWlrYQ, \` ]
Hello !
I've just released my first blogpost about VLAN Hopping and how to exploit and mitigate it. Post is available in French 🇫🇷 and English 🇬🇧. Feel free to check it out and give me any kind of feedback 😄
https://t.co/GHaR939SV6
🔗 https://bwlryq.net/posts/vlan_hopping/
🐥 [ tweet ]
Hello !
I've just released my first blogpost about VLAN Hopping and how to exploit and mitigate it. Post is available in French 🇫🇷 and English 🇬🇧. Feel free to check it out and give me any kind of feedback 😄
https://t.co/GHaR939SV6
🔗 https://bwlryq.net/posts/vlan_hopping/
🐥 [ tweet ]
😈 [ _RastaMouse, Rasta Mouse ]
[BLOG]
Crappy post on creating custom implicit and explicit C# class conversions.
https://t.co/8DAIkC8QEa
🔗 https://offensivedefence.co.uk/posts/implicit-explicit-conversions/
🐥 [ tweet ]
[BLOG]
Crappy post on creating custom implicit and explicit C# class conversions.
https://t.co/8DAIkC8QEa
🔗 https://offensivedefence.co.uk/posts/implicit-explicit-conversions/
🐥 [ tweet ]
😈 [ _Wra7h, Christian W ]
Wrote a noscript to create a new .csproj for Seatbelt that will build with just the commands/command group you specify. 1/2
https://t.co/DtlM1GNECj
🔗 https://github.com/Wra7h/PowerShell-Scripts/tree/main/Invoke-Retractor
🐥 [ tweet ]
Wrote a noscript to create a new .csproj for Seatbelt that will build with just the commands/command group you specify. 1/2
https://t.co/DtlM1GNECj
🔗 https://github.com/Wra7h/PowerShell-Scripts/tree/main/Invoke-Retractor
🐥 [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ zux0x3a, Lawrence 勞倫斯 | لورانس ]
I have released Linux/Unix-based binary with the same features
check it out: https://t.co/vVZdsTXNKW
🔗 https://ired.dev/discussion/17/a-pascal-reverse-shell-with-encrypted-traffic-using-the-xor-algorithm-linux#latest
🐥 [ tweet ][ quote ]
I have released Linux/Unix-based binary with the same features
check it out: https://t.co/vVZdsTXNKW
🔗 https://ired.dev/discussion/17/a-pascal-reverse-shell-with-encrypted-traffic-using-the-xor-algorithm-linux#latest
🐥 [ tweet ][ quote ]