😈 [ SEKTOR7net, SEKTOR7 Institute ]
Bypassing Windows Mark-of-the-Web (MotW) feature with a crafted ZIP file, by @mrgretzky
Enjoy the journey!
https://t.co/IdjSacJNPd
🔗 https://breakdev.org/zip-motw-bug-analysis/
🐥 [ tweet ]
Bypassing Windows Mark-of-the-Web (MotW) feature with a crafted ZIP file, by @mrgretzky
Enjoy the journey!
https://t.co/IdjSacJNPd
🔗 https://breakdev.org/zip-motw-bug-analysis/
🐥 [ tweet ]
😈 [ _Mayyhem, Chris Thompson ]
SCCM takeover by abusing automatic client push installation has less requirements than I thought. Check this post out for a detailed walkthrough and recommendations. Install KB15599094 and disable NTLM for client push installation to prevent this attack.
https://t.co/cg5CYRCBZV
🔗 https://posts.specterops.io/sccm-site-takeover-via-automatic-client-push-installation-f567ec80d5b1
🐥 [ tweet ]
SCCM takeover by abusing automatic client push installation has less requirements than I thought. Check this post out for a detailed walkthrough and recommendations. Install KB15599094 and disable NTLM for client push installation to prevent this attack.
https://t.co/cg5CYRCBZV
🔗 https://posts.specterops.io/sccm-site-takeover-via-automatic-client-push-installation-f567ec80d5b1
🐥 [ tweet ]
😈 [ an0n_r0, an0n ]
not a new one, but might be useful: Detecting Lateral Movement (and other) techniques through Event Logs by @jpcert_en
https://t.co/xIyta9ZESK
#DFIR
🔗 https://jpcertcc.github.io/ToolAnalysisResultSheet/
🐥 [ tweet ]
not a new one, but might be useful: Detecting Lateral Movement (and other) techniques through Event Logs by @jpcert_en
https://t.co/xIyta9ZESK
#DFIR
🔗 https://jpcertcc.github.io/ToolAnalysisResultSheet/
🐥 [ tweet ]
😈 [ emil_lerner, Emil Lerner ]
Here's a story about how I hacked Redis from the current ubuntu 22.04 repository using a bug I found almost 7 years ago (also a write-up for the "hardened redis" challenge from the recent @RealWorldCTF)
https://t.co/LizzeKFjPM
🔗 https://medium.com/@emil.lerner/hacking-redis-for-fun-and-ctf-points-3450c351bec1
🐥 [ tweet ]
Here's a story about how I hacked Redis from the current ubuntu 22.04 repository using a bug I found almost 7 years ago (also a write-up for the "hardened redis" challenge from the recent @RealWorldCTF)
https://t.co/LizzeKFjPM
🔗 https://medium.com/@emil.lerner/hacking-redis-for-fun-and-ctf-points-3450c351bec1
🐥 [ tweet ]
😈 [ 0xdeaddood, leandro ]
#Impacket is back! We're already working to take it to the next level! 🚀🌕
https://t.co/wLMsZOYauN
🔗 https://0xdeaddood.rocks/2023/01/14/we-are-back
🐥 [ tweet ]
#Impacket is back! We're already working to take it to the next level! 🚀🌕
https://t.co/wLMsZOYauN
🔗 https://0xdeaddood.rocks/2023/01/14/we-are-back
🐥 [ tweet ]
😈 [ SEKTOR7net, SEKTOR7 Institute ]
Detecting already in-memory loaded artifacts from kernel in real time, by @alonsocandado
https://t.co/0sxvPgIBfK
🔗 https://www.countercraftsec.com/blog/detecting-malicious-artifacts-using-an-etw-consumer-in-kernel-mode/
🐥 [ tweet ]
Detecting already in-memory loaded artifacts from kernel in real time, by @alonsocandado
https://t.co/0sxvPgIBfK
🔗 https://www.countercraftsec.com/blog/detecting-malicious-artifacts-using-an-etw-consumer-in-kernel-mode/
🐥 [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ Max_Mal_, Max_Malyutin ]
#IcedID (#BokBot), #Qakbot & #Bumblebee use Batch Obfuscation
Windows Command Shell Defense Evasion🔥
[+] set environment variable: set variable=string
https://t.co/tlJDIPZeOW
Quick and simple de-obfuscation;
Replace each %variable% with the string to get the malicious command
🔗 https://ss64.com/nt/set.html
🐥 [ tweet ]
#IcedID (#BokBot), #Qakbot & #Bumblebee use Batch Obfuscation
Windows Command Shell Defense Evasion🔥
[+] set environment variable: set variable=string
https://t.co/tlJDIPZeOW
Quick and simple de-obfuscation;
Replace each %variable% with the string to get the malicious command
🔗 https://ss64.com/nt/set.html
🐥 [ tweet ]
🤔1
😈 [ xct_de, xct ]
My first three videos on testing a relatively large, custom active directory environment are out. To get started, check out the first part here:
https://t.co/SFIq5svJjN
🔗 https://vulndev.io/2023/01/07/vl-shinra-and-so-it-begins-sqli-command-injection-hash-cracking/
🐥 [ tweet ]
My first three videos on testing a relatively large, custom active directory environment are out. To get started, check out the first part here:
https://t.co/SFIq5svJjN
🔗 https://vulndev.io/2023/01/07/vl-shinra-and-so-it-begins-sqli-command-injection-hash-cracking/
🐥 [ tweet ]
😈 [ ptswarm, PT SWARM ]
🏆 Our nominees for @PortSwigger Top 10 of 2022!
1️⃣ Jetty Features for Hacking Web Apps - https://swarm.ptsecurity.com/jetty-features-for-hacking-web-apps/
2️⃣ Exploiting Arbitrary Object Instantiations in PHP without Custom Classes - https://swarm.ptsecurity.com/exploiting-arbitrary-object-instantiations/
3️⃣ Discovering Domains via a Time-Correlation Attack on Certificate Transparency - https://swarm.ptsecurity.com/discovering-domains-via-a-time-correlation-attack/
Vote here: https://t.co/yOyXA5bQJ3
🔗 https://portswigger.net/polls/top-10-web-hacking-techniques-2022
🐥 [ tweet ]
🏆 Our nominees for @PortSwigger Top 10 of 2022!
1️⃣ Jetty Features for Hacking Web Apps - https://swarm.ptsecurity.com/jetty-features-for-hacking-web-apps/
2️⃣ Exploiting Arbitrary Object Instantiations in PHP without Custom Classes - https://swarm.ptsecurity.com/exploiting-arbitrary-object-instantiations/
3️⃣ Discovering Domains via a Time-Correlation Attack on Certificate Transparency - https://swarm.ptsecurity.com/discovering-domains-via-a-time-correlation-attack/
Vote here: https://t.co/yOyXA5bQJ3
🔗 https://portswigger.net/polls/top-10-web-hacking-techniques-2022
🐥 [ tweet ]
🔥7👍1
😈 [ _Wra7h, Christian W ]
Not sure why you would, but you can use Defender to trigger shellcode execution with WscRegisterForChanges.
https://t.co/jYTU80cX1P
API: https://t.co/7WcM7S7ykG
🔗 https://github.com/Wra7h/FlavorTown/blob/main/C/WcsRegisterForChanges.c
🔗 https://learn.microsoft.com/en-us/windows/win32/api/wscapi/nf-wscapi-wscregisterforchanges
🐥 [ tweet ]
Not sure why you would, but you can use Defender to trigger shellcode execution with WscRegisterForChanges.
https://t.co/jYTU80cX1P
API: https://t.co/7WcM7S7ykG
🔗 https://github.com/Wra7h/FlavorTown/blob/main/C/WcsRegisterForChanges.c
🔗 https://learn.microsoft.com/en-us/windows/win32/api/wscapi/nf-wscapi-wscregisterforchanges
🐥 [ tweet ]
😈 [ _RastaMouse, Rasta Mouse ]
Integrated a C# reflective loader into #SharpC2 for executing native binaries in memory.
Props to @benpturner, @m0rv4i & @strawp for the RunPE project.
🔗 https://github.com/rasta-mouse/SharpC2/commit/e48456d8d9cf47ea4243fc2ac9ee9214a2286d2d
🔗 https://github.com/nettitude/RunPE
🐥 [ tweet ]
Integrated a C# reflective loader into #SharpC2 for executing native binaries in memory.
Props to @benpturner, @m0rv4i & @strawp for the RunPE project.
🔗 https://github.com/rasta-mouse/SharpC2/commit/e48456d8d9cf47ea4243fc2ac9ee9214a2286d2d
🔗 https://github.com/nettitude/RunPE
🐥 [ tweet ]
😈 [ ShitSecure, S3cur3Th1sSh1t ]
I recently asked ChatGPT wheather it can provide me a Powershell Script to dump cleartext Credential-Manager Creds. It at some point hinted me to a Module named CredentialManager, which can do that in a very few lines of code:
https://t.co/RUZdrouflB
🔗 https://gist.github.com/S3cur3Th1sSh1t/e6f30b33d142ed8a5588e46eb328c0a6
🐥 [ tweet ]
I recently asked ChatGPT wheather it can provide me a Powershell Script to dump cleartext Credential-Manager Creds. It at some point hinted me to a Module named CredentialManager, which can do that in a very few lines of code:
https://t.co/RUZdrouflB
🔗 https://gist.github.com/S3cur3Th1sSh1t/e6f30b33d142ed8a5588e46eb328c0a6
🐥 [ tweet ]
🤯1
Forwarded from Багхантер
В ходе изучения нашумевшей нейросети ChatGPT частично удалось раскрыть ее потенциал, который могут использовать хакеры в работе. То, о чем я сегодня расскажу - это минимум, который можно отсюда извлечь, но даже он удивляет. Найти обход регулярки, узнать назначение каждого параметра / куки или заголовка, собрать fuzz.txt лист - запросто. Подробнее о том, чем может вам помочь эта нейросеть читайте в этой статье.
Please open Telegram to view this post
VIEW IN TELEGRAM
Telegraph
ChatGPT-fuzz.txt, обход регулярок, поиск уязвимостей - может ли нейросеть помочь хакеру?
В ходе изучения нашумевшей нейросети ChatGPT частично удалось раскрыть ее потенциал, который могут использовать хакеры в работе. То, о чем я сегодня расскажу - это минимум, который можно отсюда извлечь, но даже он удивляет. Найти обход регулярки, узнать назначение…
🔥2🤯2
😈 [ NUL0x4C, NULL ]
its been a long time since I last uploaded something, but earlier this day I had some time to drop this:
https://t.co/InVe1Nrr8F
🔗 https://github.com/NUL0x4C/APCLdr
🐥 [ tweet ]
its been a long time since I last uploaded something, but earlier this day I had some time to drop this:
https://t.co/InVe1Nrr8F
🔗 https://github.com/NUL0x4C/APCLdr
🐥 [ tweet ]
😈 [ theart42, Advanced Persistent Dread ]
As a project to learn some C# coding on Windows I ported the awesome netcat for Windows from C, so you can now load it reflectively. You can find the github repo here: https://t.co/WN84PoKioN
🔗 https://github.com/theart42/Sharpcat
🐥 [ tweet ]
As a project to learn some C# coding on Windows I ported the awesome netcat for Windows from C, so you can now load it reflectively. You can find the github repo here: https://t.co/WN84PoKioN
🔗 https://github.com/theart42/Sharpcat
🐥 [ tweet ]
😈 [ tijme, Tijme Gommers ]
Cobalt Strike BOF that utilises AMD's Ryzen Master kernel driver to read and write physical memory. It currently escalates privileges from administrator to SYSTEM. Future goal is to add features such as disabling EDR, disabling ETW TI or dumping LSASS.
https://t.co/vErevstmwd
🔗 https://github.com/tijme/amd-ryzen-master-driver-v17-exploit
🐥 [ tweet ]
Cobalt Strike BOF that utilises AMD's Ryzen Master kernel driver to read and write physical memory. It currently escalates privileges from administrator to SYSTEM. Future goal is to add features such as disabling EDR, disabling ETW TI or dumping LSASS.
https://t.co/vErevstmwd
🔗 https://github.com/tijme/amd-ryzen-master-driver-v17-exploit
🐥 [ tweet ]
😈 [ nikhil_mitt, Nikhil Mittal ]
TIL that it is possible to exclude Account Operators, Server Operators, Print Operators and Backup Operators from SDProp/AdminSDHolder! #ActiveDirectory #RedTeam
https://t.co/kzatGP3RfD
🔗 https://petri.com/active-directory-security-understanding-adminsdholder-object/
🐥 [ tweet ]
TIL that it is possible to exclude Account Operators, Server Operators, Print Operators and Backup Operators from SDProp/AdminSDHolder! #ActiveDirectory #RedTeam
https://t.co/kzatGP3RfD
🔗 https://petri.com/active-directory-security-understanding-adminsdholder-object/
🐥 [ tweet ]
😈 [ DirectoryRanger, DirectoryRanger ]
Silhouette. POC that mitigates the use of physical memory to dump credentials from LSASS, by @GabrielLandau
https://t.co/0z7P3olqyf
🔗 https://github.com/elastic/Silhouette
🐥 [ tweet ]
Silhouette. POC that mitigates the use of physical memory to dump credentials from LSASS, by @GabrielLandau
https://t.co/0z7P3olqyf
🔗 https://github.com/elastic/Silhouette
🐥 [ tweet ]