😈 [ beriberikix, Jonathan Beri ]
👀 Browser-based Telnet demo using the much-discussed Direct Sockets API: https://t.co/6YUFHdYXne
🔗 https://github.com/GoogleChromeLabs/telnet-client
🐥 [ tweet ]
👀 Browser-based Telnet demo using the much-discussed Direct Sockets API: https://t.co/6YUFHdYXne
🔗 https://github.com/GoogleChromeLabs/telnet-client
🐥 [ tweet ]
телнет в хроме? 🤔😈 [ pdiscoveryio, ProjectDiscovery.io ]
Check out the first video in our new series, “Nuclei Fundamentals.” In this series, we'll cover all of @pdnuclei – from the basics of getting started to advanced use cases for penetration testing.
https://t.co/WG1YdfskW0
🔗 https://www.youtube.com/watch?v=b5qMyQvL1ZA
🐥 [ tweet ]
Check out the first video in our new series, “Nuclei Fundamentals.” In this series, we'll cover all of @pdnuclei – from the basics of getting started to advanced use cases for penetration testing.
https://t.co/WG1YdfskW0
🔗 https://www.youtube.com/watch?v=b5qMyQvL1ZA
🐥 [ tweet ]
😈 [ FuzzySec, b33f ]
Check out the blog post I wrote for IBM @XForce. I provide an analysis of DKOM attacks on Kernel ETW providers, give technical implementation details and tie that back to in-the-wild capabilities used by Lazarus last year 🔪🔥 https://t.co/pcSGzXvYxg
🔗 https://securityintelligence.com/posts/direct-kernel-object-manipulation-attacks-etw-providers/
🐥 [ tweet ]
Check out the blog post I wrote for IBM @XForce. I provide an analysis of DKOM attacks on Kernel ETW providers, give technical implementation details and tie that back to in-the-wild capabilities used by Lazarus last year 🔪🔥 https://t.co/pcSGzXvYxg
🔗 https://securityintelligence.com/posts/direct-kernel-object-manipulation-attacks-etw-providers/
🐥 [ tweet ]
Forwarded from Netsec
A Deep Dive Into a PoshC2 Implant
https://ift.tt/ZXC31Eo
Submitted February 21, 2023 at 08:32PM by CyberMasterV
via reddit https://ift.tt/UYRiqj5
https://ift.tt/ZXC31Eo
Submitted February 21, 2023 at 08:32PM by CyberMasterV
via reddit https://ift.tt/UYRiqj5
SecurityScorecard
Resources
Explore cybersecurity white papers, data sheets, webinars, videos, informative blogs, and more with SecurityScorecard.
😈 [ N4k3dTurtl3, NA ]
New post and Impacket improvement from @Icebreaker_Team's @Crypt0s https://t.co/EaNpnK8SWL
🔗 https://icebreaker.team/blogs/dumping-passwords-from-microsoft-active-directory-lightweight-directory-services-ad-lds/
🐥 [ tweet ]
New post and Impacket improvement from @Icebreaker_Team's @Crypt0s https://t.co/EaNpnK8SWL
🔗 https://icebreaker.team/blogs/dumping-passwords-from-microsoft-active-directory-lightweight-directory-services-ad-lds/
🐥 [ tweet ]
😈 [ 0xBoku, Bobby Cooke ]
DLL module stomping and all beacon memory allocators are now supported! The options are pulled right from the malleable C2 profile!
VirtualAlloc is the only one via direct syscall. The new allocators DLL module stomping, HeapAlloc, MapViewOfFile, were https://t.co/WnolPE5YIw
🔗 https://github.com/xforcered/BokuLoader
🐥 [ tweet ]
DLL module stomping and all beacon memory allocators are now supported! The options are pulled right from the malleable C2 profile!
VirtualAlloc is the only one via direct syscall. The new allocators DLL module stomping, HeapAlloc, MapViewOfFile, were https://t.co/WnolPE5YIw
🔗 https://github.com/xforcered/BokuLoader
🐥 [ tweet ]
😈 [ yarden_shafir, Yarden Shafir ]
PPLs (aka "not a security boundary") are getting some new protections in Windows 11. One of them fixes a technique documented by @elastic last year where they "sandbox" Windows Defender by modifying its token: https://t.co/kt6bl3czjN
🔗 https://www.elastic.co/security-labs/sandboxing-antimalware-products
🐥 [ tweet ]
PPLs (aka "not a security boundary") are getting some new protections in Windows 11. One of them fixes a technique documented by @elastic last year where they "sandbox" Windows Defender by modifying its token: https://t.co/kt6bl3czjN
🔗 https://www.elastic.co/security-labs/sandboxing-antimalware-products
🐥 [ tweet ]
Forwarded from Ralf Hacker Channel (Ralf Hacker)
Offensive Xwitter
Photo
Небольшой тизер 🙈
Пока готовится вторая часть, с первой можно ознакомиться по ссылке ⬇️
🔗 https://habr.com/ru/company/angarasecurity/blog/661341/
UPD. Произошли технические шоколадки, пока релиз переносится на неопределенный срок (сказали, что незя про такое писать в паблик). We’re sorry.
Пока готовится вторая часть, с первой можно ознакомиться по ссылке ⬇️
🔗 https://habr.com/ru/company/angarasecurity/blog/661341/
UPD. Произошли технические шоколадки, пока релиз переносится на неопределенный срок (сказали, что незя про такое писать в паблик). We’re sorry.
🔥8😢2
😈 [ 0x6d69636b, Michael Schneider ]
Use Flipper Zero to attack wireless peripherals, an article of my colleague @wr3ckralph: https://t.co/KGZ69fjUEH
🔗 https://www.scip.ch/en/?labs.20230223
🐥 [ tweet ]
Use Flipper Zero to attack wireless peripherals, an article of my colleague @wr3ckralph: https://t.co/KGZ69fjUEH
🔗 https://www.scip.ch/en/?labs.20230223
🐥 [ tweet ]
😈 [ 0gtweet, Grzegorz Tworek ]
Need an almost invisible, post-exploitation, persistent, fileless, LPE backdoor? There are many, but this one looks really beautiful for me: type "sc.exe sdset scmanager D:(A;;KA;;;WD)" from an elevated command prompt.
🐥 [ tweet ]
Проверить на предмет компрометации можно так:
Need an almost invisible, post-exploitation, persistent, fileless, LPE backdoor? There are many, but this one looks really beautiful for me: type "sc.exe sdset scmanager D:(A;;KA;;;WD)" from an elevated command prompt.
🐥 [ tweet ]
Проверить на предмет компрометации можно так:
ConvertFrom-SddlString -Sddl $(sc.exe sdshow scmanager | select -Last 1) | select -Expand DiscretionaryAcl
😈 [ BlWasp_, BlackWasp ]
I've added the last *Potato exploits to my article which follows the various developments regarding these EoP techiques. Normally up-to-date with the recents JuicyPotatoNG, CertPotato and LocalPotato : https://t.co/xRR41cr3Cm
🔗 https://hideandsec.sh/books/windows-sNL/page/in-the-potato-family-i-want-them-all
🐥 [ tweet ]
I've added the last *Potato exploits to my article which follows the various developments regarding these EoP techiques. Normally up-to-date with the recents JuicyPotatoNG, CertPotato and LocalPotato : https://t.co/xRR41cr3Cm
🔗 https://hideandsec.sh/books/windows-sNL/page/in-the-potato-family-i-want-them-all
🐥 [ tweet ]
😈 [ ShitSecure, S3cur3Th1sSh1t ]
This inspired me to make it Powershell Add-Type compatible:
https://t.co/RBPe0kXXhj
Easy Hardware Breakpoint AMSI bypass for everyone 🤓
🔗 https://gist.github.com/susMdT/360c64c842583f8732cc1c98a60bfd9e
🔗 https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell#Using-Hardware-Breakpoints
🐥 [ tweet ][ quote ]
This inspired me to make it Powershell Add-Type compatible:
https://t.co/RBPe0kXXhj
Easy Hardware Breakpoint AMSI bypass for everyone 🤓
🔗 https://gist.github.com/susMdT/360c64c842583f8732cc1c98a60bfd9e
🔗 https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell#Using-Hardware-Breakpoints
🐥 [ tweet ][ quote ]
😈 [ BHinfoSecurity, Black Hills Information Security ]
BHIS | Tester's Blog
Have you ever encountered a situation where port forwarding limited your pivot attempts? How did you manage to overcome this limitation?
Forwarding Traffic Through SSH
by: @nand0ps
Published: 2/23/2023
Learn more: https://t.co/mvjIz6kR5y
🔗 https://www.blackhillsinfosec.com/forwarding-traffic-through-ssh/
🐥 [ tweet ]
BHIS | Tester's Blog
Have you ever encountered a situation where port forwarding limited your pivot attempts? How did you manage to overcome this limitation?
Forwarding Traffic Through SSH
by: @nand0ps
Published: 2/23/2023
Learn more: https://t.co/mvjIz6kR5y
🔗 https://www.blackhillsinfosec.com/forwarding-traffic-through-ssh/
🐥 [ tweet ]
😈 [ Tract0r_, Tract0r ]
I've written a new blog post about Sacrificial Sessions.
If you would like to know more about how to not mess up with Kerberos tickets on your next engagement, check it out.
https://t.co/au3au48ljh
🔗 https://unshade.tech/sacrificial-session
🐥 [ tweet ]
I've written a new blog post about Sacrificial Sessions.
If you would like to know more about how to not mess up with Kerberos tickets on your next engagement, check it out.
https://t.co/au3au48ljh
🔗 https://unshade.tech/sacrificial-session
🐥 [ tweet ]
😈 [ VakninHai, Hai vaknin ]
me and @cybergentix just published Lateral movement using Internet Explorer DCOM object and StdRegProv
#redteam
#Security
https://t.co/pm5AAHUX9N
🔗 https://link.medium.com/1vF0htMuExb
🐥 [ tweet ]
me and @cybergentix just published Lateral movement using Internet Explorer DCOM object and StdRegProv
#redteam
#Security
https://t.co/pm5AAHUX9N
🔗 https://link.medium.com/1vF0htMuExb
🐥 [ tweet ]
😈 [ 0xdf_, 0xdf ]
Awkward is all about web exploitation, with auth bypass, jwt forging into awk injection, and command injection. In Beyond Root, I'll show two unintended paths (one patched, one not) that are fun learning opportunities as well.
https://t.co/rEqywcTkoV
🔗 https://0xdf.gitlab.io/2023/02/25/htb-awkward.html
🐥 [ tweet ]
Awkward is all about web exploitation, with auth bypass, jwt forging into awk injection, and command injection. In Beyond Root, I'll show two unintended paths (one patched, one not) that are fun learning opportunities as well.
https://t.co/rEqywcTkoV
🔗 https://0xdf.gitlab.io/2023/02/25/htb-awkward.html
🐥 [ tweet ]
😈 [ secu_x11, Secu ]
The Kraken has been released! A modular multi-language webshell (PHP, JSP, ASPX) focused on web post-exploitation and defense evasion.
https://t.co/AcN0hNdPre
🔗 https://github.com/kraken-ng/Kraken
🐥 [ tweet ]
The Kraken has been released! A modular multi-language webshell (PHP, JSP, ASPX) focused on web post-exploitation and defense evasion.
https://t.co/AcN0hNdPre
🔗 https://github.com/kraken-ng/Kraken
🐥 [ tweet ]
🔥2
😈 [ David3141593, David Buchanan ]
python memfd_create() oneliner:
This prints the path of a memfd, which you can use to do whatever you want (like fileless ELF execution!)
🐥 [ tweet ]
python memfd_create() oneliner:
python3 -c "import os;os.fork()or(os.setsid(),print(f'/proc/{os.getpid()}/fd/{os.memfd_create(str())}'),os.kill(os.getpid(),19))"This prints the path of a memfd, which you can use to do whatever you want (like fileless ELF execution!)
🐥 [ tweet ]
🤯2
Offensive Xwitter
😈 [ Tyl0us, Matt Eidelberg ] I've had so much fun learning rust. This is an excellent example of the power of rust, no EDR unhooking, patching of ETW, syscalls, or LITCRYPT and it calls home against EDRs. More to come soon #redteam 🐥 [ tweet ] давно пора…
Че, пацаны, аниме?
Пока еще бесплатный курс по расту от Расты, рекомендую ⬇️
🔗 https://training.zeropointsecurity.co.uk/courses/take/rust-for-n00bs
UPD. И в догонку еще плейлист от 0xdf по AOC2015 на расте ⬇️
🔗 https://www.youtube.com/playlist?list=PLJt6nPUdQbiSLYLKKRfydWeMOBwOjzM2y
#rust #courses
Пока еще бесплатный курс по расту от Расты, рекомендую ⬇️
🔗 https://training.zeropointsecurity.co.uk/courses/take/rust-for-n00bs
UPD. И в догонку еще плейлист от 0xdf по AOC2015 на расте ⬇️
🔗 https://www.youtube.com/playlist?list=PLJt6nPUdQbiSLYLKKRfydWeMOBwOjzM2y
#rust #courses
🔥1🤯1
Offensive Xwitter
😈 [ 0gtweet, Grzegorz Tworek ] Need an almost invisible, post-exploitation, persistent, fileless, LPE backdoor? There are many, but this one looks really beautiful for me: type "sc.exe sdset scmanager D:(A;;KA;;;WD)" from an elevated command prompt. 🐥 […
👹 [ snovvcrash, sn🥶vvcr💥sh ]
Now something more useful (I guess) ⬇️
https://t.co/IRqg93jbA3
Once again, inspired by another recent example from @0gtweet (#persistence by backdooring SCManager SDDL) 🙌🏻
🔗 https://github.com/snovvcrash/BOFs/blob/main/BackdoorSCManager/entry.c
🐥 [ tweet ][ quote ]
Now something more useful (I guess) ⬇️
https://t.co/IRqg93jbA3
Once again, inspired by another recent example from @0gtweet (#persistence by backdooring SCManager SDDL) 🙌🏻
🔗 https://github.com/snovvcrash/BOFs/blob/main/BackdoorSCManager/entry.c
🐥 [ tweet ][ quote ]
🔥4