😈 [ pdiscoveryio, ProjectDiscovery.io ]
Installing all of our open source tools couldn't be easier than with 'pdtm' 🧰
1️⃣ Install pdtm here 👉 https://t.co/p52D5Af83i
2️⃣ Run pdtm
3️⃣ Sit back and watch all of our tools install.
4️⃣ Don't get comfy because it won't take long and there's hacking to do!
#opensource
🔗 https://github.com/projectdiscovery/pdtm
🐥 [ tweet ]
Installing all of our open source tools couldn't be easier than with 'pdtm' 🧰
1️⃣ Install pdtm here 👉 https://t.co/p52D5Af83i
2️⃣ Run pdtm
3️⃣ Sit back and watch all of our tools install.
4️⃣ Don't get comfy because it won't take long and there's hacking to do!
#opensource
🔗 https://github.com/projectdiscovery/pdtm
🐥 [ tweet ]
найс найс найс найсForwarded from Внутрянка
Небольшая теория про токены доступа в Windows
Ardent101
Неприметные токены. Часть 1. Теория
Вступление В ходе тестирования на проникновение нередко удается получить доступ с правами уровня локального администратора к какому-то сетевому объекту, функционирующему под управлением операционной системы семейства Windows.
Следующим этапом, как правило…
Следующим этапом, как правило…
Иногда бывает, что веб-версия 1С не принимает креды в basic-аутх, вследствие чего нельзя в автоматическом режиме (как, например, в 1C-Web-bruter) пробежать всех пользователей на предмет возможности логина с пустым паролем.
Вместо этого на стороне клиента генерится бинарный блоб
Копаться во всякихротебал , поэтому вот вам простой чекер на селениуме ⬇️
🔗 https://gist.github.com/snovvcrash/632ac474abf90216aecf01c212251cca
Вместо этого на стороне клиента генерится бинарный блоб
cred, который JSON-ом шлется на сервер.Копаться во всяких
mod_main_loader.js на 140к+ JS-кода, чтобы понять, как он формируется, я 🔗 https://gist.github.com/snovvcrash/632ac474abf90216aecf01c212251cca
🔥9
😈 [ s4ntiago_p, S4ntiagoP ]
I just published my implementation of call stack spoofing using hardware breakpoints 😁
Works for syscalls and APIs, supports x64, x86 and WoW64.
https://t.co/SwEl9cu1nh
🔗 https://www.coresecurity.com/blog/hardware-call-stack
🐥 [ tweet ]
I just published my implementation of call stack spoofing using hardware breakpoints 😁
Works for syscalls and APIs, supports x64, x86 and WoW64.
https://t.co/SwEl9cu1nh
🔗 https://www.coresecurity.com/blog/hardware-call-stack
🐥 [ tweet ]
🔥1
Offensive Xwitter
😈 [ pdiscoveryio, ProjectDiscovery.io ] Installing all of our open source tools couldn't be easier than with 'pdtm' 🧰 1️⃣ Install pdtm here 👉 https://t.co/p52D5Af83i 2️⃣ Run pdtm 3️⃣ Sit back and watch all of our tools install. 4️⃣ Don't get comfy because…
Мамкиного автоматизатора пост
Теперь можно ставить все тулзы от ProjectDiscovery одним щелчком легко и элегантно!
Я делаю это примерно так в WeaponizeKali.sh ⬇️
Поставить его можно так ⬇️
Теперь можно ставить все тулзы от ProjectDiscovery одним щелчком легко и элегантно!
Я делаю это примерно так в WeaponizeKali.sh ⬇️
mkdir pd && cd pd
eget -qs linux/amd64 "projectdiscovery/pdtm" --to pdtm
./pdtm -ia -ip -bp `pwd`
./nuclei
curl -sSL "https://github.com/DingyShark/nuclei-scan-sort/raw/main/nuclei_sort.py" -o nuclei_sort.py
sed -i '1 i #!/usr/bin/env python3' nuclei_sort.py
chmod +x nuclei_sort.py
Если вдруг кто-то еще не пользует eget, советую срочно начать – эта шутка позволяет забрать нужную версию релиза с GH без необходимости копипастить прямые ссылки на загрузку, самостоятельно распаковывать архивы, навешивать +x, и т. д.Поставить его можно так ⬇️
curl "https://zyedidia.github.io/eget.sh" | sh🔥9
😈 [ an0n_r0, an0n ]
Meterpreter + Metasploit is absolutely awesome. And anyway, it is not even certain that Defender will catch it: add the stageless payload using basic encoding into a template exe (thread exec), disable autoload of stdapi (you can load it later after callback), and that's all. 💥
🐥 [ tweet ][ quote ]
Meterpreter + Metasploit is absolutely awesome. And anyway, it is not even certain that Defender will catch it: add the stageless payload using basic encoding into a template exe (thread exec), disable autoload of stdapi (you can load it later after callback), and that's all. 💥
🐥 [ tweet ][ quote ]
Знаю, что даже есть люди, которые пользуются моей поделкой DivideAndScan для организации сканирования портов, поэтому запилю инфу по небольшому апдейту.
Наконец дошли руки завезти флаг
Наконец дошли руки завезти флаг
-dns для отображения хостнеймов рядом с соответствующими IP-адресами в информационном выводе. Теперь, если предварительно скормить инструменту список исследуемых доменов, БД будет обновлена полями domains, которые можно будет запросить при опросе поверхности сканирования.🔥10
😈 [ boymoderRE, Boymoder RE ]
My analysis of Brute Ratel is now up on my blog.
https://t.co/qxziV96JpO
🔗 https://protectedmo.de/brute.html
🐥 [ tweet ]
My analysis of Brute Ratel is now up on my blog.
https://t.co/qxziV96JpO
🔗 https://protectedmo.de/brute.html
🐥 [ tweet ]
🔥1
😈 [ albinowax, James Kettle ]
Love this auth bypass via JSON Injection found by
@GHSecurityLab, it's such an underrated attack class. Backslash Powered Scanner can detect JSON Injection but it takes dedication to build a real exploit black-box.
https://t.co/52Folk1Cbe
🔗 https://github.blog/2023-03-03-github-security-lab-audited-datahub-heres-what-they-found/#json-injection-ghsl-2022-080
🐥 [ tweet ]
Love this auth bypass via JSON Injection found by
@GHSecurityLab, it's such an underrated attack class. Backslash Powered Scanner can detect JSON Injection but it takes dedication to build a real exploit black-box.
https://t.co/52Folk1Cbe
🔗 https://github.blog/2023-03-03-github-security-lab-audited-datahub-heres-what-they-found/#json-injection-ghsl-2022-080
🐥 [ tweet ]
😈 [ aetsu, 𝕬𝖊𝖙𝖘𝖚 ]
Donut v1.0 "Cruller" - ETW Bypasses, Module Overloading, and Much More https://t.co/wlF0jCZnF0
🔗 https://thewover.github.io/Cruller/
🐥 [ tweet ]
Donut v1.0 "Cruller" - ETW Bypasses, Module Overloading, and Much More https://t.co/wlF0jCZnF0
🔗 https://thewover.github.io/Cruller/
🐥 [ tweet ]
🔥1
CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks
🔗 https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-059a
🔗 https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-059a
😈 [ gregdarwin, Greg Darwin ]
Cobalt Strike 4.8 is now live. This release includes support for direct and indirect system calls, payload guardrails, a token store and more. Check out the blog post for details: https://t.co/7ZVfVMVSaD
🔗 https://www.cobaltstrike.com/blog/cobalt-strike-4-8-system-call-me-maybe/
🐥 [ tweet ]
Cobalt Strike 4.8 is now live. This release includes support for direct and indirect system calls, payload guardrails, a token store and more. Check out the blog post for details: https://t.co/7ZVfVMVSaD
🔗 https://www.cobaltstrike.com/blog/cobalt-strike-4-8-system-call-me-maybe/
🐥 [ tweet ]
😈 [ k1nd0ne, k1nd0ne ]
I am happy to release a new malware analysis tool.
VISION-Process.
A fast and cross platform Procmon visualization application written in Rust & TS.
https://t.co/M3GBy3Udb7
An demo with QBOT :
https://t.co/MruSaVYG2H
Happy Hunting !
@pr0xylife #DFIR
🔗 https://github.com/forensicxlab/VISION-ProcMon
🔗 https://www.forensicxlab.com/posts/vision-procmon/
🐥 [ tweet ]
I am happy to release a new malware analysis tool.
VISION-Process.
A fast and cross platform Procmon visualization application written in Rust & TS.
https://t.co/M3GBy3Udb7
An demo with QBOT :
https://t.co/MruSaVYG2H
Happy Hunting !
@pr0xylife #DFIR
🔗 https://github.com/forensicxlab/VISION-ProcMon
🔗 https://www.forensicxlab.com/posts/vision-procmon/
🐥 [ tweet ]
Forwarded from 1N73LL1G3NC3
This media is not supported in your browser
VIEW IN TELEGRAM
LPE exploit for CVE-2023-21768
(Windows Ancillary Function Driver for WinSock Elevation of Privilege)
Complete exploit works on vulnerable Windows 11 22H2 systems. Write primitive works on all vulnerable systems.
(Windows Ancillary Function Driver for WinSock Elevation of Privilege)
Complete exploit works on vulnerable Windows 11 22H2 systems. Write primitive works on all vulnerable systems.
😈 [ an0n_r0, an0n ]
GadgetToJScript JS payload (last commit in 2021) bypassing Windows Defender AMSI with this super minimal common dumb JS obfuscation in 2023.
Anyhow, long live GadgetToJScript by @med0x2e!
https://t.co/N7YhFf14ex
🔗 https://github.com/med0x2e/GadgetToJScript
🐥 [ tweet ]
GadgetToJScript JS payload (last commit in 2021) bypassing Windows Defender AMSI with this super minimal common dumb JS obfuscation in 2023.
Anyhow, long live GadgetToJScript by @med0x2e!
https://t.co/N7YhFf14ex
🔗 https://github.com/med0x2e/GadgetToJScript
🐥 [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ 0gtweet, Grzegorz Tworek ]
Windows 10 offline admin creation? 😈
Why not?!
Everything happens through built-in offlinelsa and offlinesam DLLs. Official, but not very documented.
Enjoy the source code and the compiled exe, as usual: https://t.co/BNp9kaLnkr
🔗 https://github.com/gtworek/PSBits/tree/master/OfflineSAM/OfflineAddAdmin2
🐥 [ tweet ]
Windows 10 offline admin creation? 😈
Why not?!
Everything happens through built-in offlinelsa and offlinesam DLLs. Official, but not very documented.
Enjoy the source code and the compiled exe, as usual: https://t.co/BNp9kaLnkr
🔗 https://github.com/gtworek/PSBits/tree/master/OfflineSAM/OfflineAddAdmin2
🐥 [ tweet ]