👹 [ snovvcrash, sn🥶vvcr💥sh ]
Have been playing around with Domain Fronting via Fastly and discovered that you actually do not need to confirm the domain name ownership (by adding a CNAME) for the traffic to flow towards your IP. A bug or feature? 🤔
🐥 [ tweet ]
Have been playing around with Domain Fronting via Fastly and discovered that you actually do not need to confirm the domain name ownership (by adding a CNAME) for the traffic to flow towards your IP. A bug or feature? 🤔
🐥 [ tweet ]
игрались тут с @Acrono с домен фронтингом и вот такую фичу интересную нашли🔥4😁2
Offensive Xwitter
😈 [ 0xBoku, Bobby Cooke ] We've just released the first post in the Cobalt Strike reflective loader blog series! 🥷This one took allot of effort and I am excited to share it with you! The better it does, the better i'll make the next ones 😉 https://t.co/ZA2eoIwy5t…
😈 [ gregdarwin, Greg Darwin ]
New Cobalt Strike blog post - this one is the first in a series on UDRL development and accompanies a new addition to the Arsenal Kit: The UDRL-VS. We're aiming to lower the barrier to entry for developing UDRLs with this series.
https://t.co/4EfCfuLT9G
🔗 https://www.cobaltstrike.com/blog/revisiting-the-udrl-part-1-simplifying-development/
🐥 [ tweet ]
New Cobalt Strike blog post - this one is the first in a series on UDRL development and accompanies a new addition to the Arsenal Kit: The UDRL-VS. We're aiming to lower the barrier to entry for developing UDRLs with this series.
https://t.co/4EfCfuLT9G
🔗 https://www.cobaltstrike.com/blog/revisiting-the-udrl-part-1-simplifying-development/
🐥 [ tweet ]
продолжаем учиться писать URDL для кобыX (formerly Twitter)
Greg Darwin (@gregdarwin) on X
No longer using Twitter. Gone looking for blue skies.
Offensive Xwitter
😈 [ TrustedSec, TrustedSec ] In our newest #blog post, TAC Practice Lead @4ndr3w6S and co-author @exploitph lead us through the examination of #Kerberos ticket times and #checksums to demonstrate their importance and how they can better serve both offensive…
Не проверял, но похоже на правду ⤵️
🔗 https://github.com/sqrtZeroKnowledge/CVE-2023-23397_EXPLOIT_0DAY
UPD. И еще один PoC на поше ⤵️
🔗 https://github.com/api0cradle/CVE-2023-23397-POC-Powershell
🔗 https://github.com/sqrtZeroKnowledge/CVE-2023-23397_EXPLOIT_0DAY
UPD. И еще один PoC на поше ⤵️
🔗 https://github.com/api0cradle/CVE-2023-23397-POC-Powershell
~$ git clone https://github.com/worawit/MS17-010.git && cd MS17-010
~$ git checkout -b smb_get_file 83b3745
~$ wget https://gist.github.com/snovvcrash/e910523a366844448e3a2b40685969e7/raw/e00b7b04aa5c96b0e5f21eae305448cf3c2fd4fa/zzz_smb_get_file.patch
~$ git apply zzz_smb_get_file.patch
🔥6
Forwarded from Great
Привет, а можешь на гист залить zzz_exploit ?
https://twitter.com/snovvcrash/status/1636406137510666242
https://twitter.com/snovvcrash/status/1636406137510666242
🤔3
😈 [ nodauf, nodauf ]
New PPL Bypass with the poc by @itm4n :
https://t.co/6uHwTaE59y
https://t.co/NQOO2BsxPP
🔗 https://blog.scrt.ch/2023/03/17/bypassing-ppl-in-userland-again/
🔗 https://github.com/itm4n/PPLmedic
🐥 [ tweet ]
New PPL Bypass with the poc by @itm4n :
https://t.co/6uHwTaE59y
https://t.co/NQOO2BsxPP
🔗 https://blog.scrt.ch/2023/03/17/bypassing-ppl-in-userland-again/
🔗 https://github.com/itm4n/PPLmedic
🐥 [ tweet ]
😈 [ ZeroMemoryEx, V2 ]
a kernel mode driver that can replace a process token with the system token for elevating Process privileges, check it out .
https://t.co/XFbHcTc1JX
🔗 https://github.com/ZeroMemoryEx/Tokenizer
🐥 [ tweet ]
a kernel mode driver that can replace a process token with the system token for elevating Process privileges, check it out .
https://t.co/XFbHcTc1JX
🔗 https://github.com/ZeroMemoryEx/Tokenizer
🐥 [ tweet ]
APT
🔥 NimPlant С2 This is a new light-weight, first-stage C2 implant written in Nim, with a supporting Python server and Next.JS web GUI. https://github.com/chvancooten/NimPlant #c2 #nim #python #redteam
😈 [ AnubisOnSec, anubis ]
Ayy, we did the thing. Here's a small blog on how we worked with @chvancooten to help provide some detections before the release of NimPlant 💪
https://t.co/0ToKqp58bj
🔗 https://developer.nvidia.com/blog/detecting-malware-with-purple-team-collaboration/
🐥 [ tweet ]
Ayy, we did the thing. Here's a small blog on how we worked with @chvancooten to help provide some detections before the release of NimPlant 💪
https://t.co/0ToKqp58bj
🔗 https://developer.nvidia.com/blog/detecting-malware-with-purple-team-collaboration/
🐥 [ tweet ]
⚠️ Тут это, говорят, сервера ложатся от дцсинка сикретсдампом (2012R2, 2016, 2019). Когда есть возможность, не реплицируйте вслепую весь нтдс – лсасс не выдерживает.
https://github.com/fortra/impacket/issues/1436#issuecomment-1476996085
https://github.com/fortra/impacket/issues/1436#issuecomment-1476996085
GitHub
Has secretsdump ever crashed a domain controller? · Issue #1436 · fortra/impacket
Configuration impacket version: Latest Python version: 3.10 Target OS: Kali latest Debug Output With Command String I was doing a secretsdump with DA creds as follows: ./secretsdump.py -just-dc-ntl...
😈 [ passthehashbrwn, Josh ]
Here's a short blog on using Frida to write and bypass detections for your TTPs. We can use good ol' userland hooking + JavaScript bindings to avoid writing complex kernel code, which lets us quickly develop test cases and improve our techniques.
https://t.co/IxixfRmG67
🔗 https://passthehashbrowns.github.io/using-frida-for-rapid-detection-testing
🐥 [ tweet ]
Here's a short blog on using Frida to write and bypass detections for your TTPs. We can use good ol' userland hooking + JavaScript bindings to avoid writing complex kernel code, which lets us quickly develop test cases and improve our techniques.
https://t.co/IxixfRmG67
🔗 https://passthehashbrowns.github.io/using-frida-for-rapid-detection-testing
🐥 [ tweet ]
Offensive Xwitter
⚠️ Тут это, говорят, сервера ложатся от дцсинка сикретсдампом (2012R2, 2016, 2019). Когда есть возможность, не реплицируйте вслепую весь нтдс – лсасс не выдерживает. https://github.com/fortra/impacket/issues/1436#issuecomment-1476996085
😈 [ _EthicalChaos_, CCob🏴 ]
@mpgn_x64 @twosevenzero I've just had a look at the WinDbg crash log. LSASS is crashing with 0xC0000005 access violation with an invalid read. Doesn't really matter how impacket has implemented MS-DRSR, this is a CVE. At minimum a DoS but potentially RCE under the right conditions.
🐥 [ tweet ]
@mpgn_x64 @twosevenzero I've just had a look at the WinDbg crash log. LSASS is crashing with 0xC0000005 access violation with an invalid read. Doesn't really matter how impacket has implemented MS-DRSR, this is a CVE. At minimum a DoS but potentially RCE under the right conditions.
🐥 [ tweet ]
хихикX (formerly Twitter)
CCob🏴 (@_EthicalChaos_) on X
Ceri Coburn: Hacker | R̷u̷n̷n̷e̷r̷ DIYer| Vizsla Fanboy and a Little Welsh Bull apparently 🏴
Author of poorly coded tools: https://t.co/P6tT2qQksC
Author of poorly coded tools: https://t.co/P6tT2qQksC
😈 [ _0pr_, ChaofanXU ]
Read @0xTriboulet 's blog https://t.co/FTGXcJD4e3 is like an addiction. Teaches you how to become a good "shellcode smuggler". And, Sektor7 is a must go too.
🔗 https://steve-s.gitbook.io/0xtriboulet/
🐥 [ tweet ]
Read @0xTriboulet 's blog https://t.co/FTGXcJD4e3 is like an addiction. Teaches you how to become a good "shellcode smuggler". And, Sektor7 is a must go too.
🔗 https://steve-s.gitbook.io/0xtriboulet/
🐥 [ tweet ]
🔥1
😈 [ an0n_r0, an0n ]
Played with Outlook CVE-2023-23397. Made a simple PoC email builder & sender featuring malicious reminder (just a Msg, no need to use a Task or Cal. Ev.).
Critical 0-click account takeover on internal networks even after MS patch, no need to open the message on the victim side.
🐥 [ tweet ]
Played with Outlook CVE-2023-23397. Made a simple PoC email builder & sender featuring malicious reminder (just a Msg, no need to use a Task or Cal. Ev.).
Critical 0-click account takeover on internal networks even after MS patch, no need to open the message on the victim side.
🐥 [ tweet ]
😈 [ mpgn_x64, mpgn ]
I've just tested a new feature developed by @MJHallenbeck and I must say that even myself I was not ready for this ... 🫣
You will soon be able to chain multiple modules on CrackMapExec and gain so much time 🔥💪
Coming in a few days for sponsors on @porchetta_ind 🪂
🐥 [ tweet ]
I've just tested a new feature developed by @MJHallenbeck and I must say that even myself I was not ready for this ... 🫣
You will soon be able to chain multiple modules on CrackMapExec and gain so much time 🔥💪
Coming in a few days for sponsors on @porchetta_ind 🪂
🐥 [ tweet ]
😈 [ pdiscoveryio, ProjectDiscovery.io ]
Introducing AIx, A simple CLI tool for interacting with Large Language Models (LLM) APIs! With AIx, you can easily query OpenAI's LLM APIs to ask about anything and get the answers straight to your CLI.
GitHub Project - https://t.co/XGGgzTPbEo
#AI #LLM #CLI #OpenAI #Opensource
🔗 https://github.com/projectdiscovery/aix
🐥 [ tweet ]
Introducing AIx, A simple CLI tool for interacting with Large Language Models (LLM) APIs! With AIx, you can easily query OpenAI's LLM APIs to ask about anything and get the answers straight to your CLI.
GitHub Project - https://t.co/XGGgzTPbEo
#AI #LLM #CLI #OpenAI #Opensource
🔗 https://github.com/projectdiscovery/aix
🐥 [ tweet ]
Иногда бывают ситуации, когда нет возможности изменить время на рабочей машине с *NIX-ами (например, отключить синхронизацию часов ВМ с хостом в VBox можно только предварительно потушив виртуалку), а помучить Керберос нада здесь и сейчас.
Для таких случаев сподручно пользоваться faketime (ставится через
Для таких случаев сподручно пользоваться faketime (ставится через
apt) – утилитой для изменения времени ОС в контексте одной команды. Сие работает перехватом системных вызовов и подменой истинного значения времени на то, что нужно пользователю для того или иного действия:~$ ntpdate -q $DC
~$ ntpdate -q $DC | awk -F. '{print $1}'
~$ faketime "`ntpdate -q $DC | awk -F. '{print $1}'`" /bin/date
🔥10🤔1