😈 [ gregdarwin, Greg Darwin ]
Cobalt Strike 4.8 is now live. This release includes support for direct and indirect system calls, payload guardrails, a token store and more. Check out the blog post for details: https://t.co/7ZVfVMVSaD
🔗 https://www.cobaltstrike.com/blog/cobalt-strike-4-8-system-call-me-maybe/
🐥 [ tweet ]
Cobalt Strike 4.8 is now live. This release includes support for direct and indirect system calls, payload guardrails, a token store and more. Check out the blog post for details: https://t.co/7ZVfVMVSaD
🔗 https://www.cobaltstrike.com/blog/cobalt-strike-4-8-system-call-me-maybe/
🐥 [ tweet ]
😈 [ k1nd0ne, k1nd0ne ]
I am happy to release a new malware analysis tool.
VISION-Process.
A fast and cross platform Procmon visualization application written in Rust & TS.
https://t.co/M3GBy3Udb7
An demo with QBOT :
https://t.co/MruSaVYG2H
Happy Hunting !
@pr0xylife #DFIR
🔗 https://github.com/forensicxlab/VISION-ProcMon
🔗 https://www.forensicxlab.com/posts/vision-procmon/
🐥 [ tweet ]
I am happy to release a new malware analysis tool.
VISION-Process.
A fast and cross platform Procmon visualization application written in Rust & TS.
https://t.co/M3GBy3Udb7
An demo with QBOT :
https://t.co/MruSaVYG2H
Happy Hunting !
@pr0xylife #DFIR
🔗 https://github.com/forensicxlab/VISION-ProcMon
🔗 https://www.forensicxlab.com/posts/vision-procmon/
🐥 [ tweet ]
Forwarded from 1N73LL1G3NC3
This media is not supported in your browser
VIEW IN TELEGRAM
LPE exploit for CVE-2023-21768
(Windows Ancillary Function Driver for WinSock Elevation of Privilege)
Complete exploit works on vulnerable Windows 11 22H2 systems. Write primitive works on all vulnerable systems.
(Windows Ancillary Function Driver for WinSock Elevation of Privilege)
Complete exploit works on vulnerable Windows 11 22H2 systems. Write primitive works on all vulnerable systems.
😈 [ an0n_r0, an0n ]
GadgetToJScript JS payload (last commit in 2021) bypassing Windows Defender AMSI with this super minimal common dumb JS obfuscation in 2023.
Anyhow, long live GadgetToJScript by @med0x2e!
https://t.co/N7YhFf14ex
🔗 https://github.com/med0x2e/GadgetToJScript
🐥 [ tweet ]
GadgetToJScript JS payload (last commit in 2021) bypassing Windows Defender AMSI with this super minimal common dumb JS obfuscation in 2023.
Anyhow, long live GadgetToJScript by @med0x2e!
https://t.co/N7YhFf14ex
🔗 https://github.com/med0x2e/GadgetToJScript
🐥 [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ 0gtweet, Grzegorz Tworek ]
Windows 10 offline admin creation? 😈
Why not?!
Everything happens through built-in offlinelsa and offlinesam DLLs. Official, but not very documented.
Enjoy the source code and the compiled exe, as usual: https://t.co/BNp9kaLnkr
🔗 https://github.com/gtworek/PSBits/tree/master/OfflineSAM/OfflineAddAdmin2
🐥 [ tweet ]
Windows 10 offline admin creation? 😈
Why not?!
Everything happens through built-in offlinelsa and offlinesam DLLs. Official, but not very documented.
Enjoy the source code and the compiled exe, as usual: https://t.co/BNp9kaLnkr
🔗 https://github.com/gtworek/PSBits/tree/master/OfflineSAM/OfflineAddAdmin2
🐥 [ tweet ]
😈 [ 0xdf_, 0xdf ]
A lnk file that downloads JavaScript from @abuse_ch. This one uses lolbins like certutil for base64 decode, bitsadmin for download, and colorcpl for file copy. Also lots of JavaScript charcode obfuscation.
https://t.co/QP2dbBwiYG
🔗 https://www.youtube.com/watch?v=i-jeW6Ah8qI
🐥 [ tweet ]
A lnk file that downloads JavaScript from @abuse_ch. This one uses lolbins like certutil for base64 decode, bitsadmin for download, and colorcpl for file copy. Also lots of JavaScript charcode obfuscation.
https://t.co/QP2dbBwiYG
🔗 https://www.youtube.com/watch?v=i-jeW6Ah8qI
🐥 [ tweet ]
👹 [ snovvcrash, sn🥶vvcr💥sh ]
Current mood: trying to find a vulnerability denoscription in my old pentest reports… SauronEye rocks @_vivami❕
🐥 [ tweet ]
Current mood: trying to find a vulnerability denoscription in my old pentest reports… SauronEye rocks @_vivami❕
🐥 [ tweet ]
😁3
😈 [ 0xBoku, Bobby Cooke ]
We've just released the first post in the Cobalt Strike reflective loader blog series! 🥷This one took allot of effort and I am excited to share it with you! The better it does, the better i'll make the next ones 😉
https://t.co/ZA2eoIwy5t
🔗 https://securityintelligence.com/posts/defining-cobalt-strike-reflective-loader/
🐥 [ tweet ]
We've just released the first post in the Cobalt Strike reflective loader blog series! 🥷This one took allot of effort and I am excited to share it with you! The better it does, the better i'll make the next ones 😉
https://t.co/ZA2eoIwy5t
🔗 https://securityintelligence.com/posts/defining-cobalt-strike-reflective-loader/
🐥 [ tweet ]
Из рубрики «Вредные советы»
Ничего не нашел на внешке? Самооценка падает от отсутствия прав доменадмина? В скоупе только пять IP-адресов, три из которых отдают 404, а два других — это логинки с 2FA? Решение есть — включена поддержка TLS 1.0 и 1.1!
Включена поддержка TLS 1.0 и 1.1 — это гарантия наполнения твоего отчета страшными для Заказчика словами:
😱 «Стандарт PCI DSS v3.2 требует, чтобы протокол TLS 1.0 был полностью отключен к 30 июня 2018 года!»
😱 «В протоколе TLS 1.1 отсутствует поддержка рекомендуемых наборов шифров: шифры, поддерживающие шифрование до вычисления MAC и режимы шифрования с проверкой подлинности, такие как GCM, не могут использоваться с TLS 1.1! »
😱 «Более новые версии TLS, такие как 1.2 и 1.3, разработаны с учетом этих недостатков и должны использоваться всегда, когда это возможно!»
👍🏻 Включена поддержка TLS 1.0 и 1.1 спасает отчеты пентестеров с августа 2008 г.
👍🏻 Используя включена поддержка TLS 1.0 и 1.1, ты получаешь «а у вас тут еще SSL-сертификат просрочен» и «кхм, пук, вы используете слабые шифрсьюты» бесплатно!
👍🏻 «Включена поддержка TLS 1.0 и 1.1 — и как будто ты не обосрался!»
Ничего не нашел на внешке? Самооценка падает от отсутствия прав доменадмина? В скоупе только пять IP-адресов, три из которых отдают 404, а два других — это логинки с 2FA? Решение есть — включена поддержка TLS 1.0 и 1.1!
Включена поддержка TLS 1.0 и 1.1 — это гарантия наполнения твоего отчета страшными для Заказчика словами:
😱 «Стандарт PCI DSS v3.2 требует, чтобы протокол TLS 1.0 был полностью отключен к 30 июня 2018 года!»
😱 «В протоколе TLS 1.1 отсутствует поддержка рекомендуемых наборов шифров: шифры, поддерживающие шифрование до вычисления MAC и режимы шифрования с проверкой подлинности, такие как GCM, не могут использоваться с TLS 1.1! »
😱 «Более новые версии TLS, такие как 1.2 и 1.3, разработаны с учетом этих недостатков и должны использоваться всегда, когда это возможно!»
👍🏻 Включена поддержка TLS 1.0 и 1.1 спасает отчеты пентестеров с августа 2008 г.
👍🏻 Используя включена поддержка TLS 1.0 и 1.1, ты получаешь «а у вас тут еще SSL-сертификат просрочен» и «кхм, пук, вы используете слабые шифрсьюты» бесплатно!
👍🏻 «Включена поддержка TLS 1.0 и 1.1 — и как будто ты не обосрался!»
~$ nuclei -l domains.txt -t ssl -o nuclei-ssl.out
~$ cat nuclei-ssl.out | grep -e deprecated-tls -e expired-ssl -e mismatched-ssl -e self-signed -e weak-cipher😁33🔥4
😈 [ bohops, bohops ]
#lolbin #lolbas
Yet another signed process dump tool [from .NET Diagnostic Tools] ->
dotnet-dump.exe collect -p <lsass pid>
🐥 [ tweet ]
#lolbin #lolbas
Yet another signed process dump tool [from .NET Diagnostic Tools] ->
dotnet-dump.exe collect -p <lsass pid>
🐥 [ tweet ]
есть прямые ссылки для скачивания ехе под х86 и х64: https://learn.microsoft.com/ru-ru/dotnet/core/diagnostics/dotnet-dump
thx to @Michaelzhm😈 [ exploitph, Charlie Clark ]
My latest research which completely breaks trust transitivity, enjoy :-)
https://t.co/1xUlMXrJbF
🔗 https://exploit.ph/external-trusts-are-evil.html
🐥 [ tweet ]
My latest research which completely breaks trust transitivity, enjoy :-)
https://t.co/1xUlMXrJbF
🔗 https://exploit.ph/external-trusts-are-evil.html
🐥 [ tweet ]
😈 [ TrustedSec, TrustedSec ]
In our newest #blog post, TAC Practice Lead @4ndr3w6S and co-author @exploitph lead us through the examination of #Kerberos ticket times and #checksums to demonstrate their importance and how they can better serve both offensive and defensive operators. https://t.co/kGgsXB0VUO
🔗 https://hubs.la/Q01GMZBS0
🐥 [ tweet ]
In our newest #blog post, TAC Practice Lead @4ndr3w6S and co-author @exploitph lead us through the examination of #Kerberos ticket times and #checksums to demonstrate their importance and how they can better serve both offensive and defensive operators. https://t.co/kGgsXB0VUO
🔗 https://hubs.la/Q01GMZBS0
🐥 [ tweet ]
😈 [ MDSecLabs, MDSec ]
We've just published a quick write up on CVE-2023-23397, which allows a remote adversary to leak NetNTLMv2 hashes: https://t.co/xDxGwJfY2e by @domchell
🔗 https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/
🐥 [ tweet ]
We've just published a quick write up on CVE-2023-23397, which allows a remote adversary to leak NetNTLMv2 hashes: https://t.co/xDxGwJfY2e by @domchell
🔗 https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/
🐥 [ tweet ]
Offensive Xwitter
😈 [ MDSecLabs, MDSec ] We've just published a quick write up on CVE-2023-23397, which allows a remote adversary to leak NetNTLMv2 hashes: https://t.co/xDxGwJfY2e by @domchell 🔗 https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation…
Threadreaderapp
Thread by @domchell on Thread Reader App
@domchell: As auth coercion is blowing up due to #cve-2023-23397, I've put together a quick thread about how we at @MDSecLabs have been leveraging these techniques in our red team engagements for quite some time. It...…
👹 [ snovvcrash, sn🥶vvcr💥sh ]
Have been playing around with Domain Fronting via Fastly and discovered that you actually do not need to confirm the domain name ownership (by adding a CNAME) for the traffic to flow towards your IP. A bug or feature? 🤔
🐥 [ tweet ]
Have been playing around with Domain Fronting via Fastly and discovered that you actually do not need to confirm the domain name ownership (by adding a CNAME) for the traffic to flow towards your IP. A bug or feature? 🤔
🐥 [ tweet ]
игрались тут с @Acrono с домен фронтингом и вот такую фичу интересную нашли🔥4😁2