😈 [ 0xdeaddood, leandro ]
📝 New blog post! Let's talk about NTLM authentication coercion methods using Impacket.
Somedays ago, we updated mssqlclient[.]py with many new commands. Among them, the xp_dirtree option was added. MSSQL and xp_dirtree, you know the rest 😉.
https://t.co/hbfSi3YTRC
🔗 https://0xdeaddood.rocks/2023/02/28/relaying-everything-coercing-authentications-episode-1-mssql/
🐥 [ tweet ]
📝 New blog post! Let's talk about NTLM authentication coercion methods using Impacket.
Somedays ago, we updated mssqlclient[.]py with many new commands. Among them, the xp_dirtree option was added. MSSQL and xp_dirtree, you know the rest 😉.
https://t.co/hbfSi3YTRC
🔗 https://0xdeaddood.rocks/2023/02/28/relaying-everything-coercing-authentications-episode-1-mssql/
🐥 [ tweet ]
😈 [ pdiscoveryio, ProjectDiscovery.io ]
An in-depth guide to subfinder: Beginner to advanced 🚀
What's all this about?
✅ Installation
✅ Navigating subfinder
✅ Output options
✅ Advanced options
Let us know in the comments if we missed anything 👇
https://t.co/ZKZd33KRfH
🔗 https://blog.projectdiscovery.io/do-you-really-know-subfinder-an-in-depth-guide-to-all-features-of-subfinder-beginner-to-advanced/
🐥 [ tweet ]
An in-depth guide to subfinder: Beginner to advanced 🚀
What's all this about?
✅ Installation
✅ Navigating subfinder
✅ Output options
✅ Advanced options
Let us know in the comments if we missed anything 👇
https://t.co/ZKZd33KRfH
🔗 https://blog.projectdiscovery.io/do-you-really-know-subfinder-an-in-depth-guide-to-all-features-of-subfinder-beginner-to-advanced/
🐥 [ tweet ]
😈 [ CrowdStrike, CrowdStrike ]
🚨 The 2023 Global Threat Report is now live.
Discover the latest activities of the world’s most dangerous adversaries and CrowdStrike’s recommendations for protecting your business against modern attacks.
Access the report: https://t.co/Wa7tkn56NZ
🔗 https://crwdstr.ke/60123vKer
🐥 [ tweet ]
🚨 The 2023 Global Threat Report is now live.
Discover the latest activities of the world’s most dangerous adversaries and CrowdStrike’s recommendations for protecting your business against modern attacks.
Access the report: https://t.co/Wa7tkn56NZ
🔗 https://crwdstr.ke/60123vKer
🐥 [ tweet ]
Offensive Xwitter
😈 [ CrowdStrike, CrowdStrike ] 🚨 The 2023 Global Threat Report is now live. Discover the latest activities of the world’s most dangerous adversaries and CrowdStrike’s recommendations for protecting your business against modern attacks. Access the report:…
CrowdStrike Global Threat Report 2023.pdf
11.8 MB
🔥2
😈 [ ShitSecure, S3cur3Th1sSh1t ]
Just added an Offensive Hooking example to the OffensiveNim repo:
https://t.co/5i294uVf1b
🔗 https://github.com/byt3bl33d3r/OffensiveNim/pull/57
🐥 [ tweet ]
Just added an Offensive Hooking example to the OffensiveNim repo:
https://t.co/5i294uVf1b
🔗 https://github.com/byt3bl33d3r/OffensiveNim/pull/57
🐥 [ tweet ]
😈 [ Nettitude_Labs, Nettitude Labs ]
Introducing Aladdin, a new tool by @lefterispan for red teamers to generate payloads bypassing misconfigured WDAC and AppLocker.
https://t.co/doyRU7GYad
🔗 https://labs.nettitude.com/blog/introducing-aladdin/
🐥 [ tweet ]
Introducing Aladdin, a new tool by @lefterispan for red teamers to generate payloads bypassing misconfigured WDAC and AppLocker.
https://t.co/doyRU7GYad
🔗 https://labs.nettitude.com/blog/introducing-aladdin/
🐥 [ tweet ]
😈 [ 0x0SojalSec, Md Ismail Šojal ]
just scan for subdomain without downloding the tools:
🐥 [ tweet ]
just scan for subdomain without downloding the tools:
curl -s -L https://github.com/cihanmehmet/sub.sh/raw/master/sub.sh | bash -s webscantest.com#infosec #bugbounty #cybersec
🐥 [ tweet ]
😈 [ pdiscoveryio, ProjectDiscovery.io ]
Installing all of our open source tools couldn't be easier than with 'pdtm' 🧰
1️⃣ Install pdtm here 👉 https://t.co/p52D5Af83i
2️⃣ Run pdtm
3️⃣ Sit back and watch all of our tools install.
4️⃣ Don't get comfy because it won't take long and there's hacking to do!
#opensource
🔗 https://github.com/projectdiscovery/pdtm
🐥 [ tweet ]
Installing all of our open source tools couldn't be easier than with 'pdtm' 🧰
1️⃣ Install pdtm here 👉 https://t.co/p52D5Af83i
2️⃣ Run pdtm
3️⃣ Sit back and watch all of our tools install.
4️⃣ Don't get comfy because it won't take long and there's hacking to do!
#opensource
🔗 https://github.com/projectdiscovery/pdtm
🐥 [ tweet ]
найс найс найс найсForwarded from Внутрянка
Небольшая теория про токены доступа в Windows
Ardent101
Неприметные токены. Часть 1. Теория
Вступление В ходе тестирования на проникновение нередко удается получить доступ с правами уровня локального администратора к какому-то сетевому объекту, функционирующему под управлением операционной системы семейства Windows.
Следующим этапом, как правило…
Следующим этапом, как правило…
Иногда бывает, что веб-версия 1С не принимает креды в basic-аутх, вследствие чего нельзя в автоматическом режиме (как, например, в 1C-Web-bruter) пробежать всех пользователей на предмет возможности логина с пустым паролем.
Вместо этого на стороне клиента генерится бинарный блоб
Копаться во всякихротебал , поэтому вот вам простой чекер на селениуме ⬇️
🔗 https://gist.github.com/snovvcrash/632ac474abf90216aecf01c212251cca
Вместо этого на стороне клиента генерится бинарный блоб
cred, который JSON-ом шлется на сервер.Копаться во всяких
mod_main_loader.js на 140к+ JS-кода, чтобы понять, как он формируется, я 🔗 https://gist.github.com/snovvcrash/632ac474abf90216aecf01c212251cca
🔥9
😈 [ s4ntiago_p, S4ntiagoP ]
I just published my implementation of call stack spoofing using hardware breakpoints 😁
Works for syscalls and APIs, supports x64, x86 and WoW64.
https://t.co/SwEl9cu1nh
🔗 https://www.coresecurity.com/blog/hardware-call-stack
🐥 [ tweet ]
I just published my implementation of call stack spoofing using hardware breakpoints 😁
Works for syscalls and APIs, supports x64, x86 and WoW64.
https://t.co/SwEl9cu1nh
🔗 https://www.coresecurity.com/blog/hardware-call-stack
🐥 [ tweet ]
🔥1
Offensive Xwitter
😈 [ pdiscoveryio, ProjectDiscovery.io ] Installing all of our open source tools couldn't be easier than with 'pdtm' 🧰 1️⃣ Install pdtm here 👉 https://t.co/p52D5Af83i 2️⃣ Run pdtm 3️⃣ Sit back and watch all of our tools install. 4️⃣ Don't get comfy because…
Мамкиного автоматизатора пост
Теперь можно ставить все тулзы от ProjectDiscovery одним щелчком легко и элегантно!
Я делаю это примерно так в WeaponizeKali.sh ⬇️
Поставить его можно так ⬇️
Теперь можно ставить все тулзы от ProjectDiscovery одним щелчком легко и элегантно!
Я делаю это примерно так в WeaponizeKali.sh ⬇️
mkdir pd && cd pd
eget -qs linux/amd64 "projectdiscovery/pdtm" --to pdtm
./pdtm -ia -ip -bp `pwd`
./nuclei
curl -sSL "https://github.com/DingyShark/nuclei-scan-sort/raw/main/nuclei_sort.py" -o nuclei_sort.py
sed -i '1 i #!/usr/bin/env python3' nuclei_sort.py
chmod +x nuclei_sort.py
Если вдруг кто-то еще не пользует eget, советую срочно начать – эта шутка позволяет забрать нужную версию релиза с GH без необходимости копипастить прямые ссылки на загрузку, самостоятельно распаковывать архивы, навешивать +x, и т. д.Поставить его можно так ⬇️
curl "https://zyedidia.github.io/eget.sh" | sh🔥9
😈 [ an0n_r0, an0n ]
Meterpreter + Metasploit is absolutely awesome. And anyway, it is not even certain that Defender will catch it: add the stageless payload using basic encoding into a template exe (thread exec), disable autoload of stdapi (you can load it later after callback), and that's all. 💥
🐥 [ tweet ][ quote ]
Meterpreter + Metasploit is absolutely awesome. And anyway, it is not even certain that Defender will catch it: add the stageless payload using basic encoding into a template exe (thread exec), disable autoload of stdapi (you can load it later after callback), and that's all. 💥
🐥 [ tweet ][ quote ]
Знаю, что даже есть люди, которые пользуются моей поделкой DivideAndScan для организации сканирования портов, поэтому запилю инфу по небольшому апдейту.
Наконец дошли руки завезти флаг
Наконец дошли руки завезти флаг
-dns для отображения хостнеймов рядом с соответствующими IP-адресами в информационном выводе. Теперь, если предварительно скормить инструменту список исследуемых доменов, БД будет обновлена полями domains, которые можно будет запросить при опросе поверхности сканирования.🔥10
😈 [ boymoderRE, Boymoder RE ]
My analysis of Brute Ratel is now up on my blog.
https://t.co/qxziV96JpO
🔗 https://protectedmo.de/brute.html
🐥 [ tweet ]
My analysis of Brute Ratel is now up on my blog.
https://t.co/qxziV96JpO
🔗 https://protectedmo.de/brute.html
🐥 [ tweet ]
🔥1
😈 [ albinowax, James Kettle ]
Love this auth bypass via JSON Injection found by
@GHSecurityLab, it's such an underrated attack class. Backslash Powered Scanner can detect JSON Injection but it takes dedication to build a real exploit black-box.
https://t.co/52Folk1Cbe
🔗 https://github.blog/2023-03-03-github-security-lab-audited-datahub-heres-what-they-found/#json-injection-ghsl-2022-080
🐥 [ tweet ]
Love this auth bypass via JSON Injection found by
@GHSecurityLab, it's such an underrated attack class. Backslash Powered Scanner can detect JSON Injection but it takes dedication to build a real exploit black-box.
https://t.co/52Folk1Cbe
🔗 https://github.blog/2023-03-03-github-security-lab-audited-datahub-heres-what-they-found/#json-injection-ghsl-2022-080
🐥 [ tweet ]
😈 [ aetsu, 𝕬𝖊𝖙𝖘𝖚 ]
Donut v1.0 "Cruller" - ETW Bypasses, Module Overloading, and Much More https://t.co/wlF0jCZnF0
🔗 https://thewover.github.io/Cruller/
🐥 [ tweet ]
Donut v1.0 "Cruller" - ETW Bypasses, Module Overloading, and Much More https://t.co/wlF0jCZnF0
🔗 https://thewover.github.io/Cruller/
🐥 [ tweet ]
🔥1
CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks
🔗 https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-059a
🔗 https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-059a
😈 [ gregdarwin, Greg Darwin ]
Cobalt Strike 4.8 is now live. This release includes support for direct and indirect system calls, payload guardrails, a token store and more. Check out the blog post for details: https://t.co/7ZVfVMVSaD
🔗 https://www.cobaltstrike.com/blog/cobalt-strike-4-8-system-call-me-maybe/
🐥 [ tweet ]
Cobalt Strike 4.8 is now live. This release includes support for direct and indirect system calls, payload guardrails, a token store and more. Check out the blog post for details: https://t.co/7ZVfVMVSaD
🔗 https://www.cobaltstrike.com/blog/cobalt-strike-4-8-system-call-me-maybe/
🐥 [ tweet ]