😈 [ nikhil_mitt, Nikhil Mittal ]
[Blog] My non-tech post on "Our vision for Red Team Labs, Platform and Certifications (CRTP, CRTE, CARTP and more)"
#AlteredSecurity
https://t.co/D4fFL6RcwG
🔗 https://www.alteredsecurity.com/post/redlabs
🐥 [ tweet ]
[Blog] My non-tech post on "Our vision for Red Team Labs, Platform and Certifications (CRTP, CRTE, CARTP and more)"
#AlteredSecurity
https://t.co/D4fFL6RcwG
🔗 https://www.alteredsecurity.com/post/redlabs
🐥 [ tweet ]
IMG_5582.PNG
3.4 MB
😈 [ last0x00, last - @last0x00@infosec.exchange ]
I was today years old when I found out there is a #CrackMapExec reference in graphical PNG format with a resolution of more than 7000x10000 hosted here👇
https://t.co/Q7HgNqDK9Q
🔗 https://raw.githubusercontent.com/Ignitetechnologies/Mindmap/main/Crackmapexec/Crackmapexec%20HD.png
🐥 [ tweet ]
I was today years old when I found out there is a #CrackMapExec reference in graphical PNG format with a resolution of more than 7000x10000 hosted here👇
https://t.co/Q7HgNqDK9Q
🔗 https://raw.githubusercontent.com/Ignitetechnologies/Mindmap/main/Crackmapexec/Crackmapexec%20HD.png
🐥 [ tweet ]
🤯2🔥1
IMG_5583.PNG
2 MB
😈 [ Jenaye_fr, Jenaye ]
Hello everyone ! 👋
I would like to share with you a mindmap (v1) about bypassing AV/EDR.
In Redteam setup, I suggest the manual mode only.
Thanks to @Zabannn for his contribution
Link : https://t.co/2eOWcBMXzc
#BypassAV #BypassEDR #RT
🔗 https://github.com/CMEPW/BypassAV
🐥 [ tweet ]
Hello everyone ! 👋
I would like to share with you a mindmap (v1) about bypassing AV/EDR.
In Redteam setup, I suggest the manual mode only.
Thanks to @Zabannn for his contribution
Link : https://t.co/2eOWcBMXzc
#BypassAV #BypassEDR #RT
🔗 https://github.com/CMEPW/BypassAV
🐥 [ tweet ]
🔥2
😈 [ 0x0SojalSec, Md Ismail Šojal ]
Nuclei Automation.⚔️
https://t.co/CDes83cCD0
Full Nuclei automation noscript with logic explanation
#bugbountytips #infosec #nuclei #automation
🔗 https://github.com/iamthefrogy/nerdbug
🐥 [ tweet ]
Nuclei Automation.⚔️
https://t.co/CDes83cCD0
Full Nuclei automation noscript with logic explanation
#bugbountytips #infosec #nuclei #automation
🔗 https://github.com/iamthefrogy/nerdbug
🐥 [ tweet ]
🔥1😁1
👹 [ snovvcrash, sn🥶vvcr💥sh ]
[#HackTip ⚒️] One idea for NTDS on-site dumping without VSS: NTFSCopy (thx @RedCursorSec) + #impacket’s RemoteOperations.getBootKey() + secretsdump[.]py (e.g., via a pre-compiled binary or @naksyn’s awesome Pyramid) 🤪
https://t.co/0UATJuJ1ob
🔗 https://ppn.snovvcrash.rocks/pentest/infrastructure/ad/credentials-dump/ntds#raw-ntds.dit-copy
🐥 [ tweet ][ quote ]
[#HackTip ⚒️] One idea for NTDS on-site dumping without VSS: NTFSCopy (thx @RedCursorSec) + #impacket’s RemoteOperations.getBootKey() + secretsdump[.]py (e.g., via a pre-compiled binary or @naksyn’s awesome Pyramid) 🤪
https://t.co/0UATJuJ1ob
🔗 https://ppn.snovvcrash.rocks/pentest/infrastructure/ad/credentials-dump/ntds#raw-ntds.dit-copy
🐥 [ tweet ][ quote ]
😈 [ filip_dragovic, Filip Dragovic ]
Another way to abuse SeImpersonate privilege.
This time using RasMan service.
https://t.co/FmWTBrKkCy
🔗 https://github.com/crisprss/RasmanPotato
🐥 [ tweet ]
Another way to abuse SeImpersonate privilege.
This time using RasMan service.
https://t.co/FmWTBrKkCy
🔗 https://github.com/crisprss/RasmanPotato
🐥 [ tweet ]
🥱1
😈 [ pdiscoveryio, ProjectDiscovery.io ]
Learn all about SSL and TLS certificates in our hacker's guide! Get up to speed with TLSx from ProjectDiscovery, the fast & configurable tool for finding vulnerabilities & reconnaissance. #hackwithautomation #cybersecuritytips
https://t.co/uKhaSB90Nq
🔗 https://blog.projectdiscovery.io/a-hackers-guide-to-ssl-certificates-featuring-tlsx/
🐥 [ tweet ]
Learn all about SSL and TLS certificates in our hacker's guide! Get up to speed with TLSx from ProjectDiscovery, the fast & configurable tool for finding vulnerabilities & reconnaissance. #hackwithautomation #cybersecuritytips
https://t.co/uKhaSB90Nq
🔗 https://blog.projectdiscovery.io/a-hackers-guide-to-ssl-certificates-featuring-tlsx/
🐥 [ tweet ]
😈 [ garrfoster, Garrett ]
New blog post building on @Oddvarmoe 's original research with pre-created computer accounts. I share how sysadmins are inadvertently creating them and how they can be used to circumvent domain join restrictions.
https://t.co/tezVz1caxU
🔗 https://www.optiv.com/insights/source-zero/blog/diving-deeper-pre-created-computer-accounts
🐥 [ tweet ]
New blog post building on @Oddvarmoe 's original research with pre-created computer accounts. I share how sysadmins are inadvertently creating them and how they can be used to circumvent domain join restrictions.
https://t.co/tezVz1caxU
🔗 https://www.optiv.com/insights/source-zero/blog/diving-deeper-pre-created-computer-accounts
🐥 [ tweet ]
Немного ссылок про DCSync, методы его детекта и обход сетевой сигнатуру IDS с
https://habr.com/ru/company/rvision/blog/709866/
https://habr.com/ru/company/rvision/blog/709942/
https://threadreaderapp.com/thread/1622684071473123351.html
#dcsync
secretsdump.py:https://habr.com/ru/company/rvision/blog/709866/
https://habr.com/ru/company/rvision/blog/709942/
https://threadreaderapp.com/thread/1622684071473123351.html
#dcsync
😈 [ bohops, bohops ]
Just wanted to thank @snovvcrash for contributing a PowerShell DLL assembly loader to the DynamicDotNet repo! 🙏
https://t.co/RRx7eneF5o
🔗 https://github.com/bohops/DynamicDotNet/blob/main/assembly_loader/DynamicAssemblyDllLoader.ps1
🐥 [ tweet ][ quote ]
Just wanted to thank @snovvcrash for contributing a PowerShell DLL assembly loader to the DynamicDotNet repo! 🙏
https://t.co/RRx7eneF5o
🔗 https://github.com/bohops/DynamicDotNet/blob/main/assembly_loader/DynamicAssemblyDllLoader.ps1
🐥 [ tweet ][ quote ]
🔥3
😈 [ PortSwiggerRes, PortSwigger Research ]
The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2022!
https://t.co/NXiHK9eUjT
🔗 https://portswigger.net/research/top-10-web-hacking-techniques-of-2022
🐥 [ tweet ]
The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2022!
https://t.co/NXiHK9eUjT
🔗 https://portswigger.net/research/top-10-web-hacking-techniques-of-2022
🐥 [ tweet ]
😈 [ BHinfoSecurity, Black Hills Information Security ]
BHIS | Tester's Blog
Rogue RDP – Revisiting Initial Access Methods
by: @ustayready
Published: 2/28/2022
Learn More: https://t.co/Uaps11rLlF
🔗 https://www.blackhillsinfosec.com/rogue-rdp-revisiting-initial-access-methods/
🐥 [ tweet ]
BHIS | Tester's Blog
Rogue RDP – Revisiting Initial Access Methods
by: @ustayready
Published: 2/28/2022
Learn More: https://t.co/Uaps11rLlF
🔗 https://www.blackhillsinfosec.com/rogue-rdp-revisiting-initial-access-methods/
🐥 [ tweet ]
😈 [ aetsu, 𝕬𝖊𝖙𝖘𝖚 ]
Offphish - Phishing revisited in 2023 https://t.co/IQj5QfoXj8
🔗 https://www.securesystems.de/blog/offphish-phishing-revisited-in-2023/
🐥 [ tweet ]
Offphish - Phishing revisited in 2023 https://t.co/IQj5QfoXj8
🔗 https://www.securesystems.de/blog/offphish-phishing-revisited-in-2023/
🐥 [ tweet ]
😈 [ mrgretzky, Kuba Gretzky ]
Great post by @m417z on overcoming difficulties with the implementation of system-wide process DLL injection.
https://t.co/QHS4E0rL3P
🔗 https://m417z.com/Implementing-Global-Injection-and-Hooking-in-Windows/
🐥 [ tweet ]
Great post by @m417z on overcoming difficulties with the implementation of system-wide process DLL injection.
https://t.co/QHS4E0rL3P
🔗 https://m417z.com/Implementing-Global-Injection-and-Hooking-in-Windows/
🐥 [ tweet ]
😈 [ splinter_code, Antonio Cocomazzi ]
🔥 Brace yourself #LocalPotato is out 🥔
Our new NTLM reflection attack in local authentication allows for arbitrary file read/write & elevation of privilege.
Patched by Microsoft, but other protocols may still be vulnerable.
cc @decoder_it
Enjoy! 👇
https://t.co/3Lge45hb7L
🔗 https://www.localpotato.com/localpotato_html/LocalPotato.html
🔗 https://github.com/decoder-it/LocalPotato
🐥 [ tweet ]
🔥 Brace yourself #LocalPotato is out 🥔
Our new NTLM reflection attack in local authentication allows for arbitrary file read/write & elevation of privilege.
Patched by Microsoft, but other protocols may still be vulnerable.
cc @decoder_it
Enjoy! 👇
https://t.co/3Lge45hb7L
🔗 https://www.localpotato.com/localpotato_html/LocalPotato.html
🔗 https://github.com/decoder-it/LocalPotato
🐥 [ tweet ]
😈 [ OtterHacker, OtterHacker ]
I published my Kerberos experiments. The code is here for educational use only. Do not use it for pentest as it is neither OPSEC nor stable and kinda messy.
But if you want to see how to play with #Kerberos with #Windows, it can be a starting point ! 😊
https://t.co/CPP2EfSKCb
🔗 https://github.com/OtterHacker/Cerbere
🐥 [ tweet ]
I published my Kerberos experiments. The code is here for educational use only. Do not use it for pentest as it is neither OPSEC nor stable and kinda messy.
But if you want to see how to play with #Kerberos with #Windows, it can be a starting point ! 😊
https://t.co/CPP2EfSKCb
🔗 https://github.com/OtterHacker/Cerbere
🐥 [ tweet ]
🔥2
😈 [ d3lb3_, Julien Bedel ]
(2/3) If you are interested in the subject, make sure to have a look at @quarkslab's article. It demonstrate how to abuse KeePass plugin cache's access right and load DLLs in a low privilege context.
https://t.co/xHTqby9xO9
🔗 https://blog.quarkslab.com/post-exploitation-abusing-the-keepass-plugin-cache.html
🐥 [ tweet ]
(2/3) If you are interested in the subject, make sure to have a look at @quarkslab's article. It demonstrate how to abuse KeePass plugin cache's access right and load DLLs in a low privilege context.
https://t.co/xHTqby9xO9
🔗 https://blog.quarkslab.com/post-exploitation-abusing-the-keepass-plugin-cache.html
🐥 [ tweet ]
🤔1
😈 [ an0n_r0, an0n ]
a nice benchmark of subdomain enumeration tools by @BlackLanternLLC
https://t.co/k4qKJyRs5Q
🔗 https://blog.blacklanternsecurity.com/p/subdomain-enumeration-tool-face-off
🐥 [ tweet ]
a nice benchmark of subdomain enumeration tools by @BlackLanternLLC
https://t.co/k4qKJyRs5Q
🔗 https://blog.blacklanternsecurity.com/p/subdomain-enumeration-tool-face-off
🐥 [ tweet ]
😈 [ _EthicalChaos_, CCob🏴 ]
Now I can relax. My first public talk competed at @BSidesCymru, my home town. Here's are the slides and the POC released as part of the talk for those who couldn't make it in person https://t.co/j8Tf9r6cwd
🔗 https://github.com/CCob/ThreadlessInject
🐥 [ tweet ]
Now I can relax. My first public talk competed at @BSidesCymru, my home town. Here's are the slides and the POC released as part of the talk for those who couldn't make it in person https://t.co/j8Tf9r6cwd
🔗 https://github.com/CCob/ThreadlessInject
🐥 [ tweet ]