😈 [ _Wra7h, Christian W ]
70 shellcode execution methods to pop calc and chill to
https://t.co/YdvfxlkFRJ
🔗 https://github.com/Wra7h/FlavorTown/tree/main/C
🐥 [ tweet ]
70 shellcode execution methods to pop calc and chill to
https://t.co/YdvfxlkFRJ
🔗 https://github.com/Wra7h/FlavorTown/tree/main/C
🐥 [ tweet ]
😈 [ a13xp0p0v, Alexander Popov ]
I summarized the experience with code collaboration platforms in a short article:
"Mirroring GitHub projects in 2023"
https://t.co/kit4Dlik7t
🔗 https://a13xp0p0v.github.io/2023/01/29/mirroring-github-projects.html
🐥 [ tweet ]
I summarized the experience with code collaboration platforms in a short article:
"Mirroring GitHub projects in 2023"
https://t.co/kit4Dlik7t
🔗 https://a13xp0p0v.github.io/2023/01/29/mirroring-github-projects.html
🐥 [ tweet ]
😈 [ NinjaParanoid, Chetan Nayak (Brute Ratel C4 Author) ]
Some EDRs catch indirect syscalls with callstack analysis. Here is a totally new technique which build a clean callstack originating from ntdll to avoid detections. No ROP required and tested and works against every EDR. Enjoy! 🔥
https://t.co/sALgfx6WQ0
🔗 https://0xdarkvortex.dev/hiding-in-plainsight/
🐥 [ tweet ]
Some EDRs catch indirect syscalls with callstack analysis. Here is a totally new technique which build a clean callstack originating from ntdll to avoid detections. No ROP required and tested and works against every EDR. Enjoy! 🔥
https://t.co/sALgfx6WQ0
🔗 https://0xdarkvortex.dev/hiding-in-plainsight/
🐥 [ tweet ]
😈 [ d3lb3_, Julien Bedel ]
(1/5) New kid in town 🔓
Following last week sudden regain of interest in KeePass trigger system abuse, I decided to prepone the release of KeePwn: an Impacket-based noscript dedicated to KeePass discovery and secret extraction for red teamers!
https://t.co/SXsy3UFY3K
🔗 https://github.com/Orange-Cyberdefense/KeePwn
🐥 [ tweet ]
(1/5) New kid in town 🔓
Following last week sudden regain of interest in KeePass trigger system abuse, I decided to prepone the release of KeePwn: an Impacket-based noscript dedicated to KeePass discovery and secret extraction for red teamers!
https://t.co/SXsy3UFY3K
🔗 https://github.com/Orange-Cyberdefense/KeePwn
🐥 [ tweet ]
🤯2
😈 [ _bin_Ash, Ash ]
Impacket's psexec drops a binary (RemCom) that is over 10 years old when creating the service it uses for command execution.
May we all aspire to write tooling that is still relevant 10 years later. RemCom = goated 🐐
Ref: https://t.co/LTNRaflIKr
RemCom: https://t.co/YrKw1nBtAt
🔗 https://github.com/fortra/impacket/blob/master/examples/psexec.py
🔗 https://github.com/kavika13/RemCom
🐥 [ tweet ]
Impacket's psexec drops a binary (RemCom) that is over 10 years old when creating the service it uses for command execution.
May we all aspire to write tooling that is still relevant 10 years later. RemCom = goated 🐐
Ref: https://t.co/LTNRaflIKr
RemCom: https://t.co/YrKw1nBtAt
🔗 https://github.com/fortra/impacket/blob/master/examples/psexec.py
🔗 https://github.com/kavika13/RemCom
🐥 [ tweet ]
🔥2😁1
Offensive Xwitter
BloodHound Unleashed.pdf
😈 [ n00py1, n00py ]
Slide from the CactusCon talk on all the ways to get data populated into BloodHound. Any that I missed? Which is your favorite?
🐥 [ tweet ]
Slide from the CactusCon talk on all the ways to get data populated into BloodHound. Any that I missed? Which is your favorite?
🐥 [ tweet ]
🤔2
😈 [ metasploit, Metasploit Project ]
Metasploit Framework 6.3 is out now🎉
New features include native Kerberos authentication support, streamlined Active Directory attack workflows (AD CS, AD DS), and new modules that request, forge, and convert tickets between formats. https://t.co/Ucwrtmzt9W
🔗 https://www.rapid7.com/blog/post/2023/01/30/metasploit-framework-6-3-released/
🐥 [ tweet ]
Metasploit Framework 6.3 is out now🎉
New features include native Kerberos authentication support, streamlined Active Directory attack workflows (AD CS, AD DS), and new modules that request, forge, and convert tickets between formats. https://t.co/Ucwrtmzt9W
🔗 https://www.rapid7.com/blog/post/2023/01/30/metasploit-framework-6-3-released/
🐥 [ tweet ]
😈 [ SkelSec, SkelSec ]
First version of pySnaffler is uploaded to @porchetta_ind git!
It is the python port of the well-known Snaffler tool from @mikeloss and @sh3r4_hax.
pySnaffler is compatible with the TOML classifiers of the original project. More info below
https://t.co/76Dfren3TC
🔗 https://gitlab.porchetta.industries/Skelsec/pysnaffler
🐥 [ tweet ]
First version of pySnaffler is uploaded to @porchetta_ind git!
It is the python port of the well-known Snaffler tool from @mikeloss and @sh3r4_hax.
pySnaffler is compatible with the TOML classifiers of the original project. More info below
https://t.co/76Dfren3TC
🔗 https://gitlab.porchetta.industries/Skelsec/pysnaffler
🐥 [ tweet ]
👹 [ snovvcrash, sn🥶vvcr💥sh ]
I got curious about how easy it would be to bypass some of the static detections for the RemComSvc binary (which is over 10 years old) and yeah… Pretty easy 😂
https://t.co/U44Ik5RxFQ
#psexec #impacket #remcom
🔗 https://gist.github.com/snovvcrash/123945e8f06c7182769846265637fedb
🐥 [ tweet ][ quote ]
I got curious about how easy it would be to bypass some of the static detections for the RemComSvc binary (which is over 10 years old) and yeah… Pretty easy 😂
https://t.co/U44Ik5RxFQ
#psexec #impacket #remcom
🔗 https://gist.github.com/snovvcrash/123945e8f06c7182769846265637fedb
🐥 [ tweet ][ quote ]
😈 [ bohops, bohops ]
[DynamicDotNet Tooling] Added a POC "Dynamic Assembly Loader" to the repo that loads and executes an assembly using a dynamic method and emitted MSIL instructions (C#).
System.Reflection.Emit is quite powerful (maybe more to come in a future blog post)
https://t.co/i801jA3gGh
🔗 https://github.com/bohops/DynamicDotNet/blob/main/assembly_loader/DynamicAssemblyLoader.cs
🐥 [ tweet ]
[DynamicDotNet Tooling] Added a POC "Dynamic Assembly Loader" to the repo that loads and executes an assembly using a dynamic method and emitted MSIL instructions (C#).
System.Reflection.Emit is quite powerful (maybe more to come in a future blog post)
https://t.co/i801jA3gGh
🔗 https://github.com/bohops/DynamicDotNet/blob/main/assembly_loader/DynamicAssemblyLoader.cs
🐥 [ tweet ]
😈 [ zux0x3a, Lawrence 勞倫斯 | لورانس ]
https://t.co/Oa8giJvjNq Stealthy Lsass Dumper - can abuse ProcExp152.sys driver to dump PPL Lsass, no dbghelp.lib calls.
🔗 https://github.com/OmriBaso/RToolZ
🐥 [ tweet ]
https://t.co/Oa8giJvjNq Stealthy Lsass Dumper - can abuse ProcExp152.sys driver to dump PPL Lsass, no dbghelp.lib calls.
🔗 https://github.com/OmriBaso/RToolZ
🐥 [ tweet ]
😈 [ n00py1, n00py ]
Exploiting Resource Based Constrained Delegation (RBCD) with Pure Metasploit
https://t.co/IWuIKiiMzF
🔗 https://www.n00py.io/2023/01/exploiting-resource-based-constrained-delegation-rbcd-with-pure-metasploit/
🐥 [ tweet ]
Exploiting Resource Based Constrained Delegation (RBCD) with Pure Metasploit
https://t.co/IWuIKiiMzF
🔗 https://www.n00py.io/2023/01/exploiting-resource-based-constrained-delegation-rbcd-with-pure-metasploit/
🐥 [ tweet ]
😈 [ 0x0SojalSec, Md Ismail Šojal ]
The shortest payload for a tiny php reverse shell written in 19 bytes using only non-alphanumeric characters. Hex values inside ⛶ indicate raw bytes.
This will help to bypass WAF and execute PHP reverse shell for RCE.
get more detail about this👇
🔗 https://gist.github.com/0xSojalSec/5bee09c7035985ddc13fddb16f191075
#bugbountyTips #bugbounty
🐥 [ tweet ]
The shortest payload for a tiny php reverse shell written in 19 bytes using only non-alphanumeric characters. Hex values inside ⛶ indicate raw bytes.
This will help to bypass WAF and execute PHP reverse shell for RCE.
get more detail about this👇
🔗 https://gist.github.com/0xSojalSec/5bee09c7035985ddc13fddb16f191075
#bugbountyTips #bugbounty
🐥 [ tweet ]
Forwarded from APT
⭐️ Privileger
Privilger allows you to work with privileges in Windows as easily as possible. There are three modes:
— Add privileges to an account;
— Start a process by adding a specific privilege to its token;
— Remove privilege from the user.
Thanks to:
@Michaelzhm
https://github.com/MzHmO/Privileger
#ad #windows #privilege #lsa
Privilger allows you to work with privileges in Windows as easily as possible. There are three modes:
— Add privileges to an account;
— Start a process by adding a specific privilege to its token;
— Remove privilege from the user.
Thanks to:
@Michaelzhm
https://github.com/MzHmO/Privileger
#ad #windows #privilege #lsa
🔥2