😈 [ AnubisOnSec, anubis ]

Ayy, we did the thing. Here's a small blog on how we worked with @chvancooten to help provide some detections before the release of NimPlant 💪

https://t.co/0ToKqp58bj

🔗 https://developer.nvidia.com/blog/detecting-malware-with-purple-team-collaboration/

🐥 [ tweet ]

⚠️ Тут это, говорят, сервера ложатся от дцсинка сикретсдампом (2012R2, 2016, 2019). Когда есть возможность, не реплицируйте вслепую весь нтдс – лсасс не выдерживает.

https://github.com/fortra/impacket/issues/1436#issuecomment-1476996085

😈 [ passthehashbrwn, Josh ]

Here's a short blog on using Frida to write and bypass detections for your TTPs. We can use good ol' userland hooking + JavaScript bindings to avoid writing complex kernel code, which lets us quickly develop test cases and improve our techniques.

https://t.co/IxixfRmG67

🔗 https://passthehashbrowns.github.io/using-frida-for-rapid-detection-testing

🐥 [ tweet ]

😈 [ _EthicalChaos_, CCob🏴󠁧󠁢󠁷󠁬󠁳󠁿 ]

@mpgn_x64 @twosevenzero I've just had a look at the WinDbg crash log. LSASS is crashing with 0xC0000005 access violation with an invalid read. Doesn't really matter how impacket has implemented MS-DRSR, this is a CVE. At minimum a DoS but potentially RCE under the right conditions.

🐥 [ tweet ]

хихик

😈 [ _0pr_, ChaofanXU ]

Read @0xTriboulet 's blog https://t.co/FTGXcJD4e3 is like an addiction. Teaches you how to become a good "shellcode smuggler". And, Sektor7 is a must go too.

🔗 https://steve-s.gitbook.io/0xtriboulet/

🐥 [ tweet ]

😈 [ an0n_r0, an0n ]

Played with Outlook CVE-2023-23397. Made a simple PoC email builder & sender featuring malicious reminder (just a Msg, no need to use a Task or Cal. Ev.).

Critical 0-click account takeover on internal networks even after MS patch, no need to open the message on the victim side.

🐥 [ tweet ]

😈 [ mpgn_x64, mpgn ]

I've just tested a new feature developed by @MJHallenbeck and I must say that even myself I was not ready for this ... 🫣

You will soon be able to chain multiple modules on CrackMapExec and gain so much time 🔥💪

Coming in a few days for sponsors on @porchetta_ind 🪂

🐥 [ tweet ]

😈 [ pdiscoveryio, ProjectDiscovery.io ]

Introducing AIx, A simple CLI tool for interacting with Large Language Models (LLM) APIs! With AIx, you can easily query OpenAI's LLM APIs to ask about anything and get the answers straight to your CLI.

GitHub Project - https://t.co/XGGgzTPbEo

#AI #LLM #CLI #OpenAI #Opensource

🔗 https://github.com/projectdiscovery/aix

🐥 [ tweet ]

Иногда бывают ситуации, когда нет возможности изменить время на рабочей машине с *NIX-ами (например, отключить синхронизацию часов ВМ с хостом в VBox можно только предварительно потушив виртуалку), а помучить Керберос нада здесь и сейчас.

Для таких случаев сподручно пользоваться faketime (ставится через apt) – утилитой для изменения времени ОС в контексте одной команды. Сие работает перехватом системных вызовов и подменой истинного значения времени на то, что нужно пользователю для того или иного действия:

~$ ntpdate -q $DC
~$ ntpdate -q $DC | awk -F. '{print $1}'
~$ faketime "`ntpdate -q $DC | awk -F. '{print $1}'`" /bin/date

😈 [ DragoQcc, DragoQCC ]

https://t.co/Ebn0PQMyru Today, I am releasing HardHat C2 on GitHub. HardHat is a multiplayer, cross-platform C2 developed in C# for adversary emulation and red teaming. I would like to give some thanks to my coworkers @SpecterOps and to @_RastaMouse for all their help.

🔗 https://github.com/DragoQCC/HardHatC2

🐥 [ tweet ]

😈 [ icyguider, icyguider ]

Have you ever wanted to transfer files over DNS A records? No? Well too bad lol, I've updated @domchell's PowerDNS to do that along with some other things. Could be useful for pentests with no standard outbound access... which yes I get quite a bit of. 😭 https://t.co/r8a31fuadM

🔗 https://github.com/icyguider/NewPowerDNS

🐥 [ tweet ]

😈 [ sensepost, Orange Cyberdefense's SensePost Team ]

The RID500 Admin account doesn't benefit from Protected User Group restrictions. This is a MS WONTFIX & means you can authenticate as Admin using RC4 KRB or perform any KRB delegation attack if you impersonate the RID500 Admin. The latest find by @Defte_

https://t.co/27D3QWnQBD

🔗 https://sensepost.com/blog/2023/protected-users-you-thought-you-were-safe-uh/

🐥 [ tweet ]

😈 [ 0xcc00, Bilal ]

Happy to share my new tool "yetAnotherObfuscator".
A C# obfuscator tool that can bypass Windows Defender antivirus. I made this tool mainly as an excuse to learn more about C# and how obfuscators work.
https://t.co/ZjyyDOyWra
This is an alpha release, so expect some nice bugs.

🔗 https://github.com/0xb11a1/yetAnotherObfuscator

🐥 [ tweet ]

Подъехали записи выступлений с BlackHat22!

Куча разных докладов про внешку, внутрянку, реверс, криптографию.

Из интересного в плейлисте:
- Уязвимости в Matrix;
- Атаки на AFDS
- Атаки на электрокары;
- Атаки на керберос RC4;
- Обход EDR;
- Атаки на смартконтракты;
- Обход WAF:
- Атаки на канальном уровне.

😈 [ elkement, elkement ]

Hi Active Directory / ADCS hackers, I've published something! You can add the new SID extension manually if certificate templates allow for custom names: https://t.co/SndcHH3Kz7

🔗 https://elkement.blog/2023/03/30/lord-of-the-sid-how-to-add-the-objectsid-attribute-to-a-certificate-manually/

🐥 [ tweet ]

😈 [ naksyn, Diego Capriotti ]

Triggered by an idea of @Octoberfest73, just discovered that you can alter the dll search path of a process you're about to create.
Just call SetDllDirectoryA before CreateProcessA.
For your sideloading pleasurezz :)

🐥 [ tweet ]

🕳 Ngrok: SSH Reverse Tunnel Agent

Did you know that you can run ngrok without even installing ngrok? You can start tunnels via SSH without downloading an ngrok agent by running an SSH reverse tunnel command:

ssh -i ~/.ssh/id_ed25519 -R 80:localhost:80 v2@tunnel.us.ngrok.com http

Source:
https://ngrok.com/docs/secure-tunnels/tunnels/ssh-reverse-tunnel-agent/

#ngrok #ssh #reverse #tunnel