😈 [ ShitSecure, S3cur3Th1sSh1t ]
I recently asked ChatGPT wheather it can provide me a Powershell Script to dump cleartext Credential-Manager Creds. It at some point hinted me to a Module named CredentialManager, which can do that in a very few lines of code:
https://t.co/RUZdrouflB
🔗 https://gist.github.com/S3cur3Th1sSh1t/e6f30b33d142ed8a5588e46eb328c0a6
🐥 [ tweet ]
I recently asked ChatGPT wheather it can provide me a Powershell Script to dump cleartext Credential-Manager Creds. It at some point hinted me to a Module named CredentialManager, which can do that in a very few lines of code:
https://t.co/RUZdrouflB
🔗 https://gist.github.com/S3cur3Th1sSh1t/e6f30b33d142ed8a5588e46eb328c0a6
🐥 [ tweet ]
🤯1
Forwarded from Багхантер
В ходе изучения нашумевшей нейросети ChatGPT частично удалось раскрыть ее потенциал, который могут использовать хакеры в работе. То, о чем я сегодня расскажу - это минимум, который можно отсюда извлечь, но даже он удивляет. Найти обход регулярки, узнать назначение каждого параметра / куки или заголовка, собрать fuzz.txt лист - запросто. Подробнее о том, чем может вам помочь эта нейросеть читайте в этой статье.
Please open Telegram to view this post
VIEW IN TELEGRAM
Telegraph
ChatGPT-fuzz.txt, обход регулярок, поиск уязвимостей - может ли нейросеть помочь хакеру?
В ходе изучения нашумевшей нейросети ChatGPT частично удалось раскрыть ее потенциал, который могут использовать хакеры в работе. То, о чем я сегодня расскажу - это минимум, который можно отсюда извлечь, но даже он удивляет. Найти обход регулярки, узнать назначение…
🔥2🤯2
😈 [ NUL0x4C, NULL ]
its been a long time since I last uploaded something, but earlier this day I had some time to drop this:
https://t.co/InVe1Nrr8F
🔗 https://github.com/NUL0x4C/APCLdr
🐥 [ tweet ]
its been a long time since I last uploaded something, but earlier this day I had some time to drop this:
https://t.co/InVe1Nrr8F
🔗 https://github.com/NUL0x4C/APCLdr
🐥 [ tweet ]
😈 [ theart42, Advanced Persistent Dread ]
As a project to learn some C# coding on Windows I ported the awesome netcat for Windows from C, so you can now load it reflectively. You can find the github repo here: https://t.co/WN84PoKioN
🔗 https://github.com/theart42/Sharpcat
🐥 [ tweet ]
As a project to learn some C# coding on Windows I ported the awesome netcat for Windows from C, so you can now load it reflectively. You can find the github repo here: https://t.co/WN84PoKioN
🔗 https://github.com/theart42/Sharpcat
🐥 [ tweet ]
😈 [ tijme, Tijme Gommers ]
Cobalt Strike BOF that utilises AMD's Ryzen Master kernel driver to read and write physical memory. It currently escalates privileges from administrator to SYSTEM. Future goal is to add features such as disabling EDR, disabling ETW TI or dumping LSASS.
https://t.co/vErevstmwd
🔗 https://github.com/tijme/amd-ryzen-master-driver-v17-exploit
🐥 [ tweet ]
Cobalt Strike BOF that utilises AMD's Ryzen Master kernel driver to read and write physical memory. It currently escalates privileges from administrator to SYSTEM. Future goal is to add features such as disabling EDR, disabling ETW TI or dumping LSASS.
https://t.co/vErevstmwd
🔗 https://github.com/tijme/amd-ryzen-master-driver-v17-exploit
🐥 [ tweet ]
😈 [ nikhil_mitt, Nikhil Mittal ]
TIL that it is possible to exclude Account Operators, Server Operators, Print Operators and Backup Operators from SDProp/AdminSDHolder! #ActiveDirectory #RedTeam
https://t.co/kzatGP3RfD
🔗 https://petri.com/active-directory-security-understanding-adminsdholder-object/
🐥 [ tweet ]
TIL that it is possible to exclude Account Operators, Server Operators, Print Operators and Backup Operators from SDProp/AdminSDHolder! #ActiveDirectory #RedTeam
https://t.co/kzatGP3RfD
🔗 https://petri.com/active-directory-security-understanding-adminsdholder-object/
🐥 [ tweet ]
😈 [ DirectoryRanger, DirectoryRanger ]
Silhouette. POC that mitigates the use of physical memory to dump credentials from LSASS, by @GabrielLandau
https://t.co/0z7P3olqyf
🔗 https://github.com/elastic/Silhouette
🐥 [ tweet ]
Silhouette. POC that mitigates the use of physical memory to dump credentials from LSASS, by @GabrielLandau
https://t.co/0z7P3olqyf
🔗 https://github.com/elastic/Silhouette
🐥 [ tweet ]
😈 [ NUL0x4C, NULL ]
since "bringing your own version of ntdll" is a thing now, try downloading it from https://t.co/rGLjvyccIl instead of manually setting up a server to host ntdll's versions
🔗 https://winbindex.m417z.com/?file=ntdll.dll
🐥 [ tweet ]
since "bringing your own version of ntdll" is a thing now, try downloading it from https://t.co/rGLjvyccIl instead of manually setting up a server to host ntdll's versions
🔗 https://winbindex.m417z.com/?file=ntdll.dll
🐥 [ tweet ]
😈 [ Octoberfest73, Octoberfest7 ]
I’m pleased to release Inline-Execute-PE, a CobaltStrike toolkit enabling users to load and repeatedly run unmanaged Windows exe’s in Beacon memory without dropping to disk or creating a new process each time. https://t.co/1byTo7uCV1
#redteam #cybersecurity #malware
🔗 https://github.com/Octoberfest7/Inline-Execute-PE
🐥 [ tweet ]
I’m pleased to release Inline-Execute-PE, a CobaltStrike toolkit enabling users to load and repeatedly run unmanaged Windows exe’s in Beacon memory without dropping to disk or creating a new process each time. https://t.co/1byTo7uCV1
#redteam #cybersecurity #malware
🔗 https://github.com/Octoberfest7/Inline-Execute-PE
🐥 [ tweet ]
😈 [ BoreanJordan, Jordan Borean ]
Fresh new PowerShell module called ctypes https://t.co/Mtgfey0kLX. This makes it easier to prototype PInvoke calls in PowerShell. As an example, to call
🔗 https://www.powershellgallery.com/packages/Ctypes/0.1.0
🐥 [ tweet ]
Fresh new PowerShell module called ctypes https://t.co/Mtgfey0kLX. This makes it easier to prototype PInvoke calls in PowerShell. As an example, to call
GetCurrentProcess(), it's simply:$k32 = New-CtypesLib Kernel32.dll
$k32.GetCurrentProcess[IntPtr]()🔗 https://www.powershellgallery.com/packages/Ctypes/0.1.0
🐥 [ tweet ]
🔥6
😈 [ 424f424f, rvrsh3ll ]
Guess I'm a miscreant. Check out my tool to create "HotKey" .lnk files. https://t.co/iWqIf3FjNJ
🔗 https://github.com/rvrsh3ll/Misc-Powershell-Scripts/blob/master/Create-HotKeyLNK.ps1
🐥 [ tweet ][ quote ]
Guess I'm a miscreant. Check out my tool to create "HotKey" .lnk files. https://t.co/iWqIf3FjNJ
🔗 https://github.com/rvrsh3ll/Misc-Powershell-Scripts/blob/master/Create-HotKeyLNK.ps1
🐥 [ tweet ][ quote ]
😈 [ TrustedSec, TrustedSec ]
In this guide from @GuhnooPlusLinux, you'll learn how the new #BOFLoader extension allows BOFs to be used from a #Meterpreter session. Discover new attacks made possible in Meterpreter and avoid common errors. https://t.co/THThviAluo
🔗 https://hubs.la/Q01z2t0t0
🐥 [ tweet ]
In this guide from @GuhnooPlusLinux, you'll learn how the new #BOFLoader extension allows BOFs to be used from a #Meterpreter session. Discover new attacks made possible in Meterpreter and avoid common errors. https://t.co/THThviAluo
🔗 https://hubs.la/Q01z2t0t0
🐥 [ tweet ]
😈 [ c2_matrix, C2 Matrix | #C2Matrix ]
Excellent post on understanding how Sliver C2 works from both attack and defense perspective. Dare we say... #purpleteam #C2Matrix #redteam #blueteam
https://t.co/HfAgxwrv6C
🔗 https://www.cybereason.com/blog/sliver-c2-leveraged-by-many-threat-actors
🐥 [ tweet ]
Excellent post on understanding how Sliver C2 works from both attack and defense perspective. Dare we say... #purpleteam #C2Matrix #redteam #blueteam
https://t.co/HfAgxwrv6C
🔗 https://www.cybereason.com/blog/sliver-c2-leveraged-by-many-threat-actors
🐥 [ tweet ]
😈 [ AnubisOnSec, anubis ]
The very first Red Team based article officially published by @nvidia is out now!
Honored to have my write up be the first one, but there will be many more coming out from my team this year.
https://t.co/y62teiMpi5
🔗 https://developer.nvidia.com/blog/exploiting-and-securing-jenkins-instances-at-scale-with-groovywaiter/
🐥 [ tweet ]
The very first Red Team based article officially published by @nvidia is out now!
Honored to have my write up be the first one, but there will be many more coming out from my team this year.
https://t.co/y62teiMpi5
🔗 https://developer.nvidia.com/blog/exploiting-and-securing-jenkins-instances-at-scale-with-groovywaiter/
🐥 [ tweet ]
😈 [ elad_shamir, Elad Shamir ]
Have you ever wondered how RODCs work and whether compromising one would necessarily allow for privilege escalation?
The answers are in my new post:
At the Edge of Tier Zero: The Curious Case of the RODC
https://t.co/GeNn1cxxhX
🔗 https://posts.specterops.io/at-the-edge-of-tier-zero-the-curious-case-of-the-rodc-ef5f1799ca06
🐥 [ tweet ]
Have you ever wondered how RODCs work and whether compromising one would necessarily allow for privilege escalation?
The answers are in my new post:
At the Edge of Tier Zero: The Curious Case of the RODC
https://t.co/GeNn1cxxhX
🔗 https://posts.specterops.io/at-the-edge-of-tier-zero-the-curious-case-of-the-rodc-ef5f1799ca06
🐥 [ tweet ]
😈 [ bohops, bohops ]
PyBOF: In-memory loading and execution of Beacon Object Files (BOFs) through Python
https://t.co/Qu499zWNAn
cc: @kakt1s2015
🔗 https://github.com/rkbennett/pybof
🐥 [ tweet ]
PyBOF: In-memory loading and execution of Beacon Object Files (BOFs) through Python
https://t.co/Qu499zWNAn
cc: @kakt1s2015
🔗 https://github.com/rkbennett/pybof
🐥 [ tweet ]
😈 [ eversinc33, eversinc33 ]
I am probably just tripping, but I didnt find any C# implementation of the StartWebclient BOF from @OutflankNL on github (?) so I did a quick copy paste port to C# to make that windows privesc even more straightforward https://t.co/LJgDB8Bd7E
🔗 https://github.com/eversinc33/SharpStartWebclient
🐥 [ tweet ]
I am probably just tripping, but I didnt find any C# implementation of the StartWebclient BOF from @OutflankNL on github (?) so I did a quick copy paste port to C# to make that windows privesc even more straightforward https://t.co/LJgDB8Bd7E
🔗 https://github.com/eversinc33/SharpStartWebclient
🐥 [ tweet ]
Offensive Xwitter
🔐 Мне очень нравятся атаки на #KeePass, поэтому держите подборку инструментов и ресерчей на тему: - https://blog.harmj0y.net/redteaming/a-case-study-in-attacking-keepass/ - https://blog.harmj0y.net/redteaming/keethief-a-case-study-in-attacking-keepass-part…
😈 [ an0n_r0, an0n ]
somehow CVE-2023-24055 has been assigned on #KeePass for an attack path published by @harmj0y and @tifkin_ 7 years ago in 2016: https://t.co/kmWcoLBReo (look at the section Exfiltration Without Malware – KeePass’ Trigger System). awesome!🙃
🔗 https://blog.harmj0y.net/redteaming/keethief-a-case-study-in-attacking-keepass-part-2/
🐥 [ tweet ][ quote ]
somehow CVE-2023-24055 has been assigned on #KeePass for an attack path published by @harmj0y and @tifkin_ 7 years ago in 2016: https://t.co/kmWcoLBReo (look at the section Exfiltration Without Malware – KeePass’ Trigger System). awesome!🙃
🔗 https://blog.harmj0y.net/redteaming/keethief-a-case-study-in-attacking-keepass-part-2/
🐥 [ tweet ][ quote ]
😈 [ _nwodtuhs, Charlie Bromberg “Shutdown” ]
Big up to @Fransosiche and @Wlayzz for the new "HTTP Request Smuggling" page on The Hacker Recipes 🧑🍳
https://t.co/9k8aKrAIjz
🔗 https://www.thehacker.recipes/web/config/http-request-smuggling
🐥 [ tweet ]
Big up to @Fransosiche and @Wlayzz for the new "HTTP Request Smuggling" page on The Hacker Recipes 🧑🍳
https://t.co/9k8aKrAIjz
🔗 https://www.thehacker.recipes/web/config/http-request-smuggling
🐥 [ tweet ]