😈 [ SEKTOR7net, SEKTOR7 Institute ]
Detecting already in-memory loaded artifacts from kernel in real time, by @alonsocandado
https://t.co/0sxvPgIBfK
🔗 https://www.countercraftsec.com/blog/detecting-malicious-artifacts-using-an-etw-consumer-in-kernel-mode/
🐥 [ tweet ]
Detecting already in-memory loaded artifacts from kernel in real time, by @alonsocandado
https://t.co/0sxvPgIBfK
🔗 https://www.countercraftsec.com/blog/detecting-malicious-artifacts-using-an-etw-consumer-in-kernel-mode/
🐥 [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ Max_Mal_, Max_Malyutin ]
#IcedID (#BokBot), #Qakbot & #Bumblebee use Batch Obfuscation
Windows Command Shell Defense Evasion🔥
[+] set environment variable: set variable=string
https://t.co/tlJDIPZeOW
Quick and simple de-obfuscation;
Replace each %variable% with the string to get the malicious command
🔗 https://ss64.com/nt/set.html
🐥 [ tweet ]
#IcedID (#BokBot), #Qakbot & #Bumblebee use Batch Obfuscation
Windows Command Shell Defense Evasion🔥
[+] set environment variable: set variable=string
https://t.co/tlJDIPZeOW
Quick and simple de-obfuscation;
Replace each %variable% with the string to get the malicious command
🔗 https://ss64.com/nt/set.html
🐥 [ tweet ]
🤔1
😈 [ xct_de, xct ]
My first three videos on testing a relatively large, custom active directory environment are out. To get started, check out the first part here:
https://t.co/SFIq5svJjN
🔗 https://vulndev.io/2023/01/07/vl-shinra-and-so-it-begins-sqli-command-injection-hash-cracking/
🐥 [ tweet ]
My first three videos on testing a relatively large, custom active directory environment are out. To get started, check out the first part here:
https://t.co/SFIq5svJjN
🔗 https://vulndev.io/2023/01/07/vl-shinra-and-so-it-begins-sqli-command-injection-hash-cracking/
🐥 [ tweet ]
😈 [ ptswarm, PT SWARM ]
🏆 Our nominees for @PortSwigger Top 10 of 2022!
1️⃣ Jetty Features for Hacking Web Apps - https://swarm.ptsecurity.com/jetty-features-for-hacking-web-apps/
2️⃣ Exploiting Arbitrary Object Instantiations in PHP without Custom Classes - https://swarm.ptsecurity.com/exploiting-arbitrary-object-instantiations/
3️⃣ Discovering Domains via a Time-Correlation Attack on Certificate Transparency - https://swarm.ptsecurity.com/discovering-domains-via-a-time-correlation-attack/
Vote here: https://t.co/yOyXA5bQJ3
🔗 https://portswigger.net/polls/top-10-web-hacking-techniques-2022
🐥 [ tweet ]
🏆 Our nominees for @PortSwigger Top 10 of 2022!
1️⃣ Jetty Features for Hacking Web Apps - https://swarm.ptsecurity.com/jetty-features-for-hacking-web-apps/
2️⃣ Exploiting Arbitrary Object Instantiations in PHP without Custom Classes - https://swarm.ptsecurity.com/exploiting-arbitrary-object-instantiations/
3️⃣ Discovering Domains via a Time-Correlation Attack on Certificate Transparency - https://swarm.ptsecurity.com/discovering-domains-via-a-time-correlation-attack/
Vote here: https://t.co/yOyXA5bQJ3
🔗 https://portswigger.net/polls/top-10-web-hacking-techniques-2022
🐥 [ tweet ]
🔥7👍1
😈 [ _Wra7h, Christian W ]
Not sure why you would, but you can use Defender to trigger shellcode execution with WscRegisterForChanges.
https://t.co/jYTU80cX1P
API: https://t.co/7WcM7S7ykG
🔗 https://github.com/Wra7h/FlavorTown/blob/main/C/WcsRegisterForChanges.c
🔗 https://learn.microsoft.com/en-us/windows/win32/api/wscapi/nf-wscapi-wscregisterforchanges
🐥 [ tweet ]
Not sure why you would, but you can use Defender to trigger shellcode execution with WscRegisterForChanges.
https://t.co/jYTU80cX1P
API: https://t.co/7WcM7S7ykG
🔗 https://github.com/Wra7h/FlavorTown/blob/main/C/WcsRegisterForChanges.c
🔗 https://learn.microsoft.com/en-us/windows/win32/api/wscapi/nf-wscapi-wscregisterforchanges
🐥 [ tweet ]
😈 [ _RastaMouse, Rasta Mouse ]
Integrated a C# reflective loader into #SharpC2 for executing native binaries in memory.
Props to @benpturner, @m0rv4i & @strawp for the RunPE project.
🔗 https://github.com/rasta-mouse/SharpC2/commit/e48456d8d9cf47ea4243fc2ac9ee9214a2286d2d
🔗 https://github.com/nettitude/RunPE
🐥 [ tweet ]
Integrated a C# reflective loader into #SharpC2 for executing native binaries in memory.
Props to @benpturner, @m0rv4i & @strawp for the RunPE project.
🔗 https://github.com/rasta-mouse/SharpC2/commit/e48456d8d9cf47ea4243fc2ac9ee9214a2286d2d
🔗 https://github.com/nettitude/RunPE
🐥 [ tweet ]
😈 [ ShitSecure, S3cur3Th1sSh1t ]
I recently asked ChatGPT wheather it can provide me a Powershell Script to dump cleartext Credential-Manager Creds. It at some point hinted me to a Module named CredentialManager, which can do that in a very few lines of code:
https://t.co/RUZdrouflB
🔗 https://gist.github.com/S3cur3Th1sSh1t/e6f30b33d142ed8a5588e46eb328c0a6
🐥 [ tweet ]
I recently asked ChatGPT wheather it can provide me a Powershell Script to dump cleartext Credential-Manager Creds. It at some point hinted me to a Module named CredentialManager, which can do that in a very few lines of code:
https://t.co/RUZdrouflB
🔗 https://gist.github.com/S3cur3Th1sSh1t/e6f30b33d142ed8a5588e46eb328c0a6
🐥 [ tweet ]
🤯1
Forwarded from Багхантер
В ходе изучения нашумевшей нейросети ChatGPT частично удалось раскрыть ее потенциал, который могут использовать хакеры в работе. То, о чем я сегодня расскажу - это минимум, который можно отсюда извлечь, но даже он удивляет. Найти обход регулярки, узнать назначение каждого параметра / куки или заголовка, собрать fuzz.txt лист - запросто. Подробнее о том, чем может вам помочь эта нейросеть читайте в этой статье.
Please open Telegram to view this post
VIEW IN TELEGRAM
Telegraph
ChatGPT-fuzz.txt, обход регулярок, поиск уязвимостей - может ли нейросеть помочь хакеру?
В ходе изучения нашумевшей нейросети ChatGPT частично удалось раскрыть ее потенциал, который могут использовать хакеры в работе. То, о чем я сегодня расскажу - это минимум, который можно отсюда извлечь, но даже он удивляет. Найти обход регулярки, узнать назначение…
🔥2🤯2
😈 [ NUL0x4C, NULL ]
its been a long time since I last uploaded something, but earlier this day I had some time to drop this:
https://t.co/InVe1Nrr8F
🔗 https://github.com/NUL0x4C/APCLdr
🐥 [ tweet ]
its been a long time since I last uploaded something, but earlier this day I had some time to drop this:
https://t.co/InVe1Nrr8F
🔗 https://github.com/NUL0x4C/APCLdr
🐥 [ tweet ]
😈 [ theart42, Advanced Persistent Dread ]
As a project to learn some C# coding on Windows I ported the awesome netcat for Windows from C, so you can now load it reflectively. You can find the github repo here: https://t.co/WN84PoKioN
🔗 https://github.com/theart42/Sharpcat
🐥 [ tweet ]
As a project to learn some C# coding on Windows I ported the awesome netcat for Windows from C, so you can now load it reflectively. You can find the github repo here: https://t.co/WN84PoKioN
🔗 https://github.com/theart42/Sharpcat
🐥 [ tweet ]
😈 [ tijme, Tijme Gommers ]
Cobalt Strike BOF that utilises AMD's Ryzen Master kernel driver to read and write physical memory. It currently escalates privileges from administrator to SYSTEM. Future goal is to add features such as disabling EDR, disabling ETW TI or dumping LSASS.
https://t.co/vErevstmwd
🔗 https://github.com/tijme/amd-ryzen-master-driver-v17-exploit
🐥 [ tweet ]
Cobalt Strike BOF that utilises AMD's Ryzen Master kernel driver to read and write physical memory. It currently escalates privileges from administrator to SYSTEM. Future goal is to add features such as disabling EDR, disabling ETW TI or dumping LSASS.
https://t.co/vErevstmwd
🔗 https://github.com/tijme/amd-ryzen-master-driver-v17-exploit
🐥 [ tweet ]
😈 [ nikhil_mitt, Nikhil Mittal ]
TIL that it is possible to exclude Account Operators, Server Operators, Print Operators and Backup Operators from SDProp/AdminSDHolder! #ActiveDirectory #RedTeam
https://t.co/kzatGP3RfD
🔗 https://petri.com/active-directory-security-understanding-adminsdholder-object/
🐥 [ tweet ]
TIL that it is possible to exclude Account Operators, Server Operators, Print Operators and Backup Operators from SDProp/AdminSDHolder! #ActiveDirectory #RedTeam
https://t.co/kzatGP3RfD
🔗 https://petri.com/active-directory-security-understanding-adminsdholder-object/
🐥 [ tweet ]
😈 [ DirectoryRanger, DirectoryRanger ]
Silhouette. POC that mitigates the use of physical memory to dump credentials from LSASS, by @GabrielLandau
https://t.co/0z7P3olqyf
🔗 https://github.com/elastic/Silhouette
🐥 [ tweet ]
Silhouette. POC that mitigates the use of physical memory to dump credentials from LSASS, by @GabrielLandau
https://t.co/0z7P3olqyf
🔗 https://github.com/elastic/Silhouette
🐥 [ tweet ]
😈 [ NUL0x4C, NULL ]
since "bringing your own version of ntdll" is a thing now, try downloading it from https://t.co/rGLjvyccIl instead of manually setting up a server to host ntdll's versions
🔗 https://winbindex.m417z.com/?file=ntdll.dll
🐥 [ tweet ]
since "bringing your own version of ntdll" is a thing now, try downloading it from https://t.co/rGLjvyccIl instead of manually setting up a server to host ntdll's versions
🔗 https://winbindex.m417z.com/?file=ntdll.dll
🐥 [ tweet ]
😈 [ Octoberfest73, Octoberfest7 ]
I’m pleased to release Inline-Execute-PE, a CobaltStrike toolkit enabling users to load and repeatedly run unmanaged Windows exe’s in Beacon memory without dropping to disk or creating a new process each time. https://t.co/1byTo7uCV1
#redteam #cybersecurity #malware
🔗 https://github.com/Octoberfest7/Inline-Execute-PE
🐥 [ tweet ]
I’m pleased to release Inline-Execute-PE, a CobaltStrike toolkit enabling users to load and repeatedly run unmanaged Windows exe’s in Beacon memory without dropping to disk or creating a new process each time. https://t.co/1byTo7uCV1
#redteam #cybersecurity #malware
🔗 https://github.com/Octoberfest7/Inline-Execute-PE
🐥 [ tweet ]
😈 [ BoreanJordan, Jordan Borean ]
Fresh new PowerShell module called ctypes https://t.co/Mtgfey0kLX. This makes it easier to prototype PInvoke calls in PowerShell. As an example, to call
🔗 https://www.powershellgallery.com/packages/Ctypes/0.1.0
🐥 [ tweet ]
Fresh new PowerShell module called ctypes https://t.co/Mtgfey0kLX. This makes it easier to prototype PInvoke calls in PowerShell. As an example, to call
GetCurrentProcess(), it's simply:$k32 = New-CtypesLib Kernel32.dll
$k32.GetCurrentProcess[IntPtr]()🔗 https://www.powershellgallery.com/packages/Ctypes/0.1.0
🐥 [ tweet ]
🔥6
😈 [ 424f424f, rvrsh3ll ]
Guess I'm a miscreant. Check out my tool to create "HotKey" .lnk files. https://t.co/iWqIf3FjNJ
🔗 https://github.com/rvrsh3ll/Misc-Powershell-Scripts/blob/master/Create-HotKeyLNK.ps1
🐥 [ tweet ][ quote ]
Guess I'm a miscreant. Check out my tool to create "HotKey" .lnk files. https://t.co/iWqIf3FjNJ
🔗 https://github.com/rvrsh3ll/Misc-Powershell-Scripts/blob/master/Create-HotKeyLNK.ps1
🐥 [ tweet ][ quote ]
😈 [ TrustedSec, TrustedSec ]
In this guide from @GuhnooPlusLinux, you'll learn how the new #BOFLoader extension allows BOFs to be used from a #Meterpreter session. Discover new attacks made possible in Meterpreter and avoid common errors. https://t.co/THThviAluo
🔗 https://hubs.la/Q01z2t0t0
🐥 [ tweet ]
In this guide from @GuhnooPlusLinux, you'll learn how the new #BOFLoader extension allows BOFs to be used from a #Meterpreter session. Discover new attacks made possible in Meterpreter and avoid common errors. https://t.co/THThviAluo
🔗 https://hubs.la/Q01z2t0t0
🐥 [ tweet ]
😈 [ c2_matrix, C2 Matrix | #C2Matrix ]
Excellent post on understanding how Sliver C2 works from both attack and defense perspective. Dare we say... #purpleteam #C2Matrix #redteam #blueteam
https://t.co/HfAgxwrv6C
🔗 https://www.cybereason.com/blog/sliver-c2-leveraged-by-many-threat-actors
🐥 [ tweet ]
Excellent post on understanding how Sliver C2 works from both attack and defense perspective. Dare we say... #purpleteam #C2Matrix #redteam #blueteam
https://t.co/HfAgxwrv6C
🔗 https://www.cybereason.com/blog/sliver-c2-leveraged-by-many-threat-actors
🐥 [ tweet ]