😈 [ splinter_code, Antonio Cocomazzi ]
🔥 Brace yourself #LocalPotato is out 🥔
Our new NTLM reflection attack in local authentication allows for arbitrary file read/write & elevation of privilege.
Patched by Microsoft, but other protocols may still be vulnerable.
cc @decoder_it
Enjoy! 👇
https://t.co/3Lge45hb7L
🔗 https://www.localpotato.com/localpotato_html/LocalPotato.html
🔗 https://github.com/decoder-it/LocalPotato
🐥 [ tweet ]
🔥 Brace yourself #LocalPotato is out 🥔
Our new NTLM reflection attack in local authentication allows for arbitrary file read/write & elevation of privilege.
Patched by Microsoft, but other protocols may still be vulnerable.
cc @decoder_it
Enjoy! 👇
https://t.co/3Lge45hb7L
🔗 https://www.localpotato.com/localpotato_html/LocalPotato.html
🔗 https://github.com/decoder-it/LocalPotato
🐥 [ tweet ]
😈 [ OtterHacker, OtterHacker ]
I published my Kerberos experiments. The code is here for educational use only. Do not use it for pentest as it is neither OPSEC nor stable and kinda messy.
But if you want to see how to play with #Kerberos with #Windows, it can be a starting point ! 😊
https://t.co/CPP2EfSKCb
🔗 https://github.com/OtterHacker/Cerbere
🐥 [ tweet ]
I published my Kerberos experiments. The code is here for educational use only. Do not use it for pentest as it is neither OPSEC nor stable and kinda messy.
But if you want to see how to play with #Kerberos with #Windows, it can be a starting point ! 😊
https://t.co/CPP2EfSKCb
🔗 https://github.com/OtterHacker/Cerbere
🐥 [ tweet ]
🔥2
😈 [ d3lb3_, Julien Bedel ]
(2/3) If you are interested in the subject, make sure to have a look at @quarkslab's article. It demonstrate how to abuse KeePass plugin cache's access right and load DLLs in a low privilege context.
https://t.co/xHTqby9xO9
🔗 https://blog.quarkslab.com/post-exploitation-abusing-the-keepass-plugin-cache.html
🐥 [ tweet ]
(2/3) If you are interested in the subject, make sure to have a look at @quarkslab's article. It demonstrate how to abuse KeePass plugin cache's access right and load DLLs in a low privilege context.
https://t.co/xHTqby9xO9
🔗 https://blog.quarkslab.com/post-exploitation-abusing-the-keepass-plugin-cache.html
🐥 [ tweet ]
🤔1
😈 [ an0n_r0, an0n ]
a nice benchmark of subdomain enumeration tools by @BlackLanternLLC
https://t.co/k4qKJyRs5Q
🔗 https://blog.blacklanternsecurity.com/p/subdomain-enumeration-tool-face-off
🐥 [ tweet ]
a nice benchmark of subdomain enumeration tools by @BlackLanternLLC
https://t.co/k4qKJyRs5Q
🔗 https://blog.blacklanternsecurity.com/p/subdomain-enumeration-tool-face-off
🐥 [ tweet ]
😈 [ _EthicalChaos_, CCob🏴 ]
Now I can relax. My first public talk competed at @BSidesCymru, my home town. Here's are the slides and the POC released as part of the talk for those who couldn't make it in person https://t.co/j8Tf9r6cwd
🔗 https://github.com/CCob/ThreadlessInject
🐥 [ tweet ]
Now I can relax. My first public talk competed at @BSidesCymru, my home town. Here's are the slides and the POC released as part of the talk for those who couldn't make it in person https://t.co/j8Tf9r6cwd
🔗 https://github.com/CCob/ThreadlessInject
🐥 [ tweet ]
😈 [ dec0ne, Mor Davidovich ]
Me and @idov31 are happy to introduce HWSyscalls, a new method to execute indirect syscalls using Hardware Breakpoints without calling directly to ntdll.dll, therefore bypassing the current way to detect it.
A detailed blog post will follow soon.
https://t.co/4u9DI7U4pX
🔗 https://github.com/Dec0ne/HWSyscalls/
🐥 [ tweet ]
Me and @idov31 are happy to introduce HWSyscalls, a new method to execute indirect syscalls using Hardware Breakpoints without calling directly to ntdll.dll, therefore bypassing the current way to detect it.
A detailed blog post will follow soon.
https://t.co/4u9DI7U4pX
🔗 https://github.com/Dec0ne/HWSyscalls/
🐥 [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ BlackArrowSec, BlackArrow ]
Windows Local Privilege Escalation via StorSvc service (writable SYSTEM path DLL search order Hijacking) /cc @antuache @_Kudaes_
➡️ https://t.co/8XMvewhgFn
🔗 https://github.com/blackarrowsec/redteam-research/tree/master/LPE%20via%20StorSvc
🐥 [ tweet ]
Windows Local Privilege Escalation via StorSvc service (writable SYSTEM path DLL search order Hijacking) /cc @antuache @_Kudaes_
➡️ https://t.co/8XMvewhgFn
🔗 https://github.com/blackarrowsec/redteam-research/tree/master/LPE%20via%20StorSvc
🐥 [ tweet ]
🔥2
😈 [ splinter_code, Antonio Cocomazzi ]
Cool discovery 😎
Can be used also to weaponize arbitrary file write vulnerabilities.
As a bonus, check the screenshot on how to weaponize #LocalPotato with this StorSvc DLL hijacking to get a SYSTEM shell.
🐥 [ tweet ][ quote ]
Cool discovery 😎
Can be used also to weaponize arbitrary file write vulnerabilities.
As a bonus, check the screenshot on how to weaponize #LocalPotato with this StorSvc DLL hijacking to get a SYSTEM shell.
🐥 [ tweet ][ quote ]
😈 [ joehowwolf, William Burgess ]
My first blog at CS - Dynamically spoofing call stacks with timers: https://t.co/qxsVkesDWZ
PoC: https://t.co/QB1I9R3zI3
🔗 https://www.cobaltstrike.com/blog/behind-the-mask-spoofing-call-stacks-dynamically-with-timers/
🔗 https://github.com/Cobalt-Strike/CallStackMasker
🐥 [ tweet ]
My first blog at CS - Dynamically spoofing call stacks with timers: https://t.co/qxsVkesDWZ
PoC: https://t.co/QB1I9R3zI3
🔗 https://www.cobaltstrike.com/blog/behind-the-mask-spoofing-call-stacks-dynamically-with-timers/
🔗 https://github.com/Cobalt-Strike/CallStackMasker
🐥 [ tweet ]
👹 [ snovvcrash, sn🥶vvcr💥sh ]
[BLOG 📝] Some notes on how to automate the generation of Position Independent Shellcodes (without msfvenom windows/x64/exec) from object files in memory (by @NinjaParanoid) to be used in Threadless Process Injection (by @_EthicalChaos_) ⬇️
https://t.co/OFdHn7lR7I
🔗 https://snovvcrash.rocks/2023/02/14/pic-generation-for-threadless-injection.html
🐥 [ tweet ]
[BLOG 📝] Some notes on how to automate the generation of Position Independent Shellcodes (without msfvenom windows/x64/exec) from object files in memory (by @NinjaParanoid) to be used in Threadless Process Injection (by @_EthicalChaos_) ⬇️
https://t.co/OFdHn7lR7I
🔗 https://snovvcrash.rocks/2023/02/14/pic-generation-for-threadless-injection.html
🐥 [ tweet ]
🔥6
😈 [ Threatlabz, Zscaler ThreatLabz ]
🕵️Zscaler ThreatLabz has observed a campaign targeting a government organization with a new post exploitation framework named #Havoc. During this attack, the threat actors have made several #opsec failures: https://t.co/TcupRUwAYi
IOCs are available here: https://t.co/PD8vP73AKV
🔗 https://www.zscaler.com/blogs/security-research/havoc-across-cyberspace
🔗 https://github.com/threatlabz/iocs/tree/main/havoc
🐥 [ tweet ]
🕵️Zscaler ThreatLabz has observed a campaign targeting a government organization with a new post exploitation framework named #Havoc. During this attack, the threat actors have made several #opsec failures: https://t.co/TcupRUwAYi
IOCs are available here: https://t.co/PD8vP73AKV
🔗 https://www.zscaler.com/blogs/security-research/havoc-across-cyberspace
🔗 https://github.com/threatlabz/iocs/tree/main/havoc
🐥 [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ D1rkMtr, D1rkMtr ]
Github as C2 Demonstration , free API = free C2 Infrastructure
https://t.co/cZc2RtAJxn
🔗 https://github.com/TheD1rkMtr/GithubC2
🐥 [ tweet ]
Github as C2 Demonstration , free API = free C2 Infrastructure
https://t.co/cZc2RtAJxn
🔗 https://github.com/TheD1rkMtr/GithubC2
🐥 [ tweet ]
😈 [ PortSwiggerRes, PortSwigger Research ]
Server-side prototype pollution: Black-box detection without the DoS
https://t.co/6guKOcUmdS
🔗 https://portswigger.net/research/server-side-prototype-pollution
🐥 [ tweet ]
Server-side prototype pollution: Black-box detection without the DoS
https://t.co/6guKOcUmdS
🔗 https://portswigger.net/research/server-side-prototype-pollution
🐥 [ tweet ]
😈 [ _zblurx, Thomas Seigneuret ]
https://t.co/1AxsR43O5Z
In order to learn Rust, I made a complete rewrite of @Defte_ Impersonate in plain Rust, and thanks to @g0h4n_0 it is now also usable as a dependency in your Rust projects (and he also made my code readable tho).
🔗 https://github.com/zblurx/impersonate-rs
🐥 [ tweet ]
https://t.co/1AxsR43O5Z
In order to learn Rust, I made a complete rewrite of @Defte_ Impersonate in plain Rust, and thanks to @g0h4n_0 it is now also usable as a dependency in your Rust projects (and he also made my code readable tho).
🔗 https://github.com/zblurx/impersonate-rs
🐥 [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ EmpireC2Project, Empire ]
How about pop-out windows and a process tab? Only 6 more days until Empire 5.0.
🐥 [ tweet ]
How about pop-out windows and a process tab? Only 6 more days until Empire 5.0.
🐥 [ tweet ]
выглядит круто, конечно, но такой он «игрушечный» все-таки👹 [ snovvcrash, sn🥶vvcr💥sh ]
Feeling guilty about steeling #DInvoke version of #RunPE from @_RastaMouse’s #SharpC2 for DInjector, but man this looks so 🔥🤤
🐥 [ tweet ][ quote ]
Feeling guilty about steeling #DInvoke version of #RunPE from @_RastaMouse’s #SharpC2 for DInjector, but man this looks so 🔥🤤
🐥 [ tweet ][ quote ]
🔥5
😈 [ 0x6d69636b, Michael Schneider ]
I wrote about the Microsoft Defender configuration with Microsoft Intune and what's different compared to GPO.
Surprise: Non-admin users can read exclusion lists! https://t.co/50zkrFKkSC
🔗 https://www.scip.ch/en/?labs.20230216
🐥 [ tweet ]
I wrote about the Microsoft Defender configuration with Microsoft Intune and what's different compared to GPO.
Surprise: Non-admin users can read exclusion lists! https://t.co/50zkrFKkSC
🔗 https://www.scip.ch/en/?labs.20230216
🐥 [ tweet ]