😈 [ dec0ne, Mor Davidovich ]
Me and @idov31 are happy to introduce HWSyscalls, a new method to execute indirect syscalls using Hardware Breakpoints without calling directly to ntdll.dll, therefore bypassing the current way to detect it.
A detailed blog post will follow soon.
https://t.co/4u9DI7U4pX
🔗 https://github.com/Dec0ne/HWSyscalls/
🐥 [ tweet ]
Me and @idov31 are happy to introduce HWSyscalls, a new method to execute indirect syscalls using Hardware Breakpoints without calling directly to ntdll.dll, therefore bypassing the current way to detect it.
A detailed blog post will follow soon.
https://t.co/4u9DI7U4pX
🔗 https://github.com/Dec0ne/HWSyscalls/
🐥 [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ BlackArrowSec, BlackArrow ]
Windows Local Privilege Escalation via StorSvc service (writable SYSTEM path DLL search order Hijacking) /cc @antuache @_Kudaes_
➡️ https://t.co/8XMvewhgFn
🔗 https://github.com/blackarrowsec/redteam-research/tree/master/LPE%20via%20StorSvc
🐥 [ tweet ]
Windows Local Privilege Escalation via StorSvc service (writable SYSTEM path DLL search order Hijacking) /cc @antuache @_Kudaes_
➡️ https://t.co/8XMvewhgFn
🔗 https://github.com/blackarrowsec/redteam-research/tree/master/LPE%20via%20StorSvc
🐥 [ tweet ]
🔥2
😈 [ splinter_code, Antonio Cocomazzi ]
Cool discovery 😎
Can be used also to weaponize arbitrary file write vulnerabilities.
As a bonus, check the screenshot on how to weaponize #LocalPotato with this StorSvc DLL hijacking to get a SYSTEM shell.
🐥 [ tweet ][ quote ]
Cool discovery 😎
Can be used also to weaponize arbitrary file write vulnerabilities.
As a bonus, check the screenshot on how to weaponize #LocalPotato with this StorSvc DLL hijacking to get a SYSTEM shell.
🐥 [ tweet ][ quote ]
😈 [ joehowwolf, William Burgess ]
My first blog at CS - Dynamically spoofing call stacks with timers: https://t.co/qxsVkesDWZ
PoC: https://t.co/QB1I9R3zI3
🔗 https://www.cobaltstrike.com/blog/behind-the-mask-spoofing-call-stacks-dynamically-with-timers/
🔗 https://github.com/Cobalt-Strike/CallStackMasker
🐥 [ tweet ]
My first blog at CS - Dynamically spoofing call stacks with timers: https://t.co/qxsVkesDWZ
PoC: https://t.co/QB1I9R3zI3
🔗 https://www.cobaltstrike.com/blog/behind-the-mask-spoofing-call-stacks-dynamically-with-timers/
🔗 https://github.com/Cobalt-Strike/CallStackMasker
🐥 [ tweet ]
👹 [ snovvcrash, sn🥶vvcr💥sh ]
[BLOG 📝] Some notes on how to automate the generation of Position Independent Shellcodes (without msfvenom windows/x64/exec) from object files in memory (by @NinjaParanoid) to be used in Threadless Process Injection (by @_EthicalChaos_) ⬇️
https://t.co/OFdHn7lR7I
🔗 https://snovvcrash.rocks/2023/02/14/pic-generation-for-threadless-injection.html
🐥 [ tweet ]
[BLOG 📝] Some notes on how to automate the generation of Position Independent Shellcodes (without msfvenom windows/x64/exec) from object files in memory (by @NinjaParanoid) to be used in Threadless Process Injection (by @_EthicalChaos_) ⬇️
https://t.co/OFdHn7lR7I
🔗 https://snovvcrash.rocks/2023/02/14/pic-generation-for-threadless-injection.html
🐥 [ tweet ]
🔥6
😈 [ Threatlabz, Zscaler ThreatLabz ]
🕵️Zscaler ThreatLabz has observed a campaign targeting a government organization with a new post exploitation framework named #Havoc. During this attack, the threat actors have made several #opsec failures: https://t.co/TcupRUwAYi
IOCs are available here: https://t.co/PD8vP73AKV
🔗 https://www.zscaler.com/blogs/security-research/havoc-across-cyberspace
🔗 https://github.com/threatlabz/iocs/tree/main/havoc
🐥 [ tweet ]
🕵️Zscaler ThreatLabz has observed a campaign targeting a government organization with a new post exploitation framework named #Havoc. During this attack, the threat actors have made several #opsec failures: https://t.co/TcupRUwAYi
IOCs are available here: https://t.co/PD8vP73AKV
🔗 https://www.zscaler.com/blogs/security-research/havoc-across-cyberspace
🔗 https://github.com/threatlabz/iocs/tree/main/havoc
🐥 [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ D1rkMtr, D1rkMtr ]
Github as C2 Demonstration , free API = free C2 Infrastructure
https://t.co/cZc2RtAJxn
🔗 https://github.com/TheD1rkMtr/GithubC2
🐥 [ tweet ]
Github as C2 Demonstration , free API = free C2 Infrastructure
https://t.co/cZc2RtAJxn
🔗 https://github.com/TheD1rkMtr/GithubC2
🐥 [ tweet ]
😈 [ PortSwiggerRes, PortSwigger Research ]
Server-side prototype pollution: Black-box detection without the DoS
https://t.co/6guKOcUmdS
🔗 https://portswigger.net/research/server-side-prototype-pollution
🐥 [ tweet ]
Server-side prototype pollution: Black-box detection without the DoS
https://t.co/6guKOcUmdS
🔗 https://portswigger.net/research/server-side-prototype-pollution
🐥 [ tweet ]
😈 [ _zblurx, Thomas Seigneuret ]
https://t.co/1AxsR43O5Z
In order to learn Rust, I made a complete rewrite of @Defte_ Impersonate in plain Rust, and thanks to @g0h4n_0 it is now also usable as a dependency in your Rust projects (and he also made my code readable tho).
🔗 https://github.com/zblurx/impersonate-rs
🐥 [ tweet ]
https://t.co/1AxsR43O5Z
In order to learn Rust, I made a complete rewrite of @Defte_ Impersonate in plain Rust, and thanks to @g0h4n_0 it is now also usable as a dependency in your Rust projects (and he also made my code readable tho).
🔗 https://github.com/zblurx/impersonate-rs
🐥 [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ EmpireC2Project, Empire ]
How about pop-out windows and a process tab? Only 6 more days until Empire 5.0.
🐥 [ tweet ]
How about pop-out windows and a process tab? Only 6 more days until Empire 5.0.
🐥 [ tweet ]
выглядит круто, конечно, но такой он «игрушечный» все-таки👹 [ snovvcrash, sn🥶vvcr💥sh ]
Feeling guilty about steeling #DInvoke version of #RunPE from @_RastaMouse’s #SharpC2 for DInjector, but man this looks so 🔥🤤
🐥 [ tweet ][ quote ]
Feeling guilty about steeling #DInvoke version of #RunPE from @_RastaMouse’s #SharpC2 for DInjector, but man this looks so 🔥🤤
🐥 [ tweet ][ quote ]
🔥5
😈 [ 0x6d69636b, Michael Schneider ]
I wrote about the Microsoft Defender configuration with Microsoft Intune and what's different compared to GPO.
Surprise: Non-admin users can read exclusion lists! https://t.co/50zkrFKkSC
🔗 https://www.scip.ch/en/?labs.20230216
🐥 [ tweet ]
I wrote about the Microsoft Defender configuration with Microsoft Intune and what's different compared to GPO.
Surprise: Non-admin users can read exclusion lists! https://t.co/50zkrFKkSC
🔗 https://www.scip.ch/en/?labs.20230216
🐥 [ tweet ]
😈 [ decoder_it, ap ]
Short blog post on security issue in Windows group policy processing, fixed in CVE-2022-37955 https://t.co/fhoYftdOhQ
🔗 http://decoder.cloud/2023/02/16/eop-via-arbitrary-file-write-overwite-in-group-policy-client-gpsvc-cve-2022-37955/
🐥 [ tweet ]
Short blog post on security issue in Windows group policy processing, fixed in CVE-2022-37955 https://t.co/fhoYftdOhQ
🔗 http://decoder.cloud/2023/02/16/eop-via-arbitrary-file-write-overwite-in-group-policy-client-gpsvc-cve-2022-37955/
🐥 [ tweet ]
😈 [ pdiscoveryio, ProjectDiscovery.io ]
Our very own @olearycrew is new to the security engineering game - but he was able to use ProjectDiscovery tools to get his first bug bounty (from a Fortune 50 company no less).
Learn how: https://t.co/G64avj7AFM
#hackwithautomation #pdteam
🔗 https://blog.projectdiscovery.io/using-pd-tools-to-find-my-first-subdomain-takeover/
🐥 [ tweet ]
Our very own @olearycrew is new to the security engineering game - but he was able to use ProjectDiscovery tools to get his first bug bounty (from a Fortune 50 company no less).
Learn how: https://t.co/G64avj7AFM
#hackwithautomation #pdteam
🔗 https://blog.projectdiscovery.io/using-pd-tools-to-find-my-first-subdomain-takeover/
🐥 [ tweet ]
😈 [ biskopp3n, biskopp3n ]
Released a new Backup Operator to Domain Admin tool. It contains 4 different methods for escalation, more methods will be added: https://t.co/UytiiAipIO
🔗 https://github.com/improsec/BackupOperatorToolkit
🐥 [ tweet ]
Released a new Backup Operator to Domain Admin tool. It contains 4 different methods for escalation, more methods will be added: https://t.co/UytiiAipIO
🔗 https://github.com/improsec/BackupOperatorToolkit
🐥 [ tweet ]
😈 [ 0x0SojalSec, Md Ismail Šojal ]
#oneliner
✅ Subdomain enumeration
✅ Full port scan
✅ HTTP web server detection
#security #bugbountytips #portscan #subdomain #chaos
🐥 [ tweet ]
#oneliner
✅ Subdomain enumeration
✅ Full port scan
✅ HTTP web server detection
#security #bugbountytips #portscan #subdomain #chaos
🐥 [ tweet ]