😈 [ _0pr_, ChaofanXU ]
Read @0xTriboulet 's blog https://t.co/FTGXcJD4e3 is like an addiction. Teaches you how to become a good "shellcode smuggler". And, Sektor7 is a must go too.
🔗 https://steve-s.gitbook.io/0xtriboulet/
🐥 [ tweet ]
Read @0xTriboulet 's blog https://t.co/FTGXcJD4e3 is like an addiction. Teaches you how to become a good "shellcode smuggler". And, Sektor7 is a must go too.
🔗 https://steve-s.gitbook.io/0xtriboulet/
🐥 [ tweet ]
🔥1
😈 [ an0n_r0, an0n ]
Played with Outlook CVE-2023-23397. Made a simple PoC email builder & sender featuring malicious reminder (just a Msg, no need to use a Task or Cal. Ev.).
Critical 0-click account takeover on internal networks even after MS patch, no need to open the message on the victim side.
🐥 [ tweet ]
Played with Outlook CVE-2023-23397. Made a simple PoC email builder & sender featuring malicious reminder (just a Msg, no need to use a Task or Cal. Ev.).
Critical 0-click account takeover on internal networks even after MS patch, no need to open the message on the victim side.
🐥 [ tweet ]
😈 [ mpgn_x64, mpgn ]
I've just tested a new feature developed by @MJHallenbeck and I must say that even myself I was not ready for this ... 🫣
You will soon be able to chain multiple modules on CrackMapExec and gain so much time 🔥💪
Coming in a few days for sponsors on @porchetta_ind 🪂
🐥 [ tweet ]
I've just tested a new feature developed by @MJHallenbeck and I must say that even myself I was not ready for this ... 🫣
You will soon be able to chain multiple modules on CrackMapExec and gain so much time 🔥💪
Coming in a few days for sponsors on @porchetta_ind 🪂
🐥 [ tweet ]
😈 [ pdiscoveryio, ProjectDiscovery.io ]
Introducing AIx, A simple CLI tool for interacting with Large Language Models (LLM) APIs! With AIx, you can easily query OpenAI's LLM APIs to ask about anything and get the answers straight to your CLI.
GitHub Project - https://t.co/XGGgzTPbEo
#AI #LLM #CLI #OpenAI #Opensource
🔗 https://github.com/projectdiscovery/aix
🐥 [ tweet ]
Introducing AIx, A simple CLI tool for interacting with Large Language Models (LLM) APIs! With AIx, you can easily query OpenAI's LLM APIs to ask about anything and get the answers straight to your CLI.
GitHub Project - https://t.co/XGGgzTPbEo
#AI #LLM #CLI #OpenAI #Opensource
🔗 https://github.com/projectdiscovery/aix
🐥 [ tweet ]
Иногда бывают ситуации, когда нет возможности изменить время на рабочей машине с *NIX-ами (например, отключить синхронизацию часов ВМ с хостом в VBox можно только предварительно потушив виртуалку), а помучить Керберос нада здесь и сейчас.
Для таких случаев сподручно пользоваться faketime (ставится через
Для таких случаев сподручно пользоваться faketime (ставится через
apt) – утилитой для изменения времени ОС в контексте одной команды. Сие работает перехватом системных вызовов и подменой истинного значения времени на то, что нужно пользователю для того или иного действия:~$ ntpdate -q $DC
~$ ntpdate -q $DC | awk -F. '{print $1}'
~$ faketime "`ntpdate -q $DC | awk -F. '{print $1}'`" /bin/date
🔥10🤔1
😈 [ DragoQcc, DragoQCC ]
https://t.co/Ebn0PQMyru Today, I am releasing HardHat C2 on GitHub. HardHat is a multiplayer, cross-platform C2 developed in C# for adversary emulation and red teaming. I would like to give some thanks to my coworkers @SpecterOps and to @_RastaMouse for all their help.
🔗 https://github.com/DragoQCC/HardHatC2
🐥 [ tweet ]
https://t.co/Ebn0PQMyru Today, I am releasing HardHat C2 on GitHub. HardHat is a multiplayer, cross-platform C2 developed in C# for adversary emulation and red teaming. I would like to give some thanks to my coworkers @SpecterOps and to @_RastaMouse for all their help.
🔗 https://github.com/DragoQCC/HardHatC2
🐥 [ tweet ]
😈 [ icyguider, icyguider ]
Have you ever wanted to transfer files over DNS A records? No? Well too bad lol, I've updated @domchell's PowerDNS to do that along with some other things. Could be useful for pentests with no standard outbound access... which yes I get quite a bit of. 😭 https://t.co/r8a31fuadM
🔗 https://github.com/icyguider/NewPowerDNS
🐥 [ tweet ]
Have you ever wanted to transfer files over DNS A records? No? Well too bad lol, I've updated @domchell's PowerDNS to do that along with some other things. Could be useful for pentests with no standard outbound access... which yes I get quite a bit of. 😭 https://t.co/r8a31fuadM
🔗 https://github.com/icyguider/NewPowerDNS
🐥 [ tweet ]
😈 [ sensepost, Orange Cyberdefense's SensePost Team ]
The RID500 Admin account doesn't benefit from Protected User Group restrictions. This is a MS WONTFIX & means you can authenticate as Admin using RC4 KRB or perform any KRB delegation attack if you impersonate the RID500 Admin. The latest find by @Defte_
https://t.co/27D3QWnQBD
🔗 https://sensepost.com/blog/2023/protected-users-you-thought-you-were-safe-uh/
🐥 [ tweet ]
The RID500 Admin account doesn't benefit from Protected User Group restrictions. This is a MS WONTFIX & means you can authenticate as Admin using RC4 KRB or perform any KRB delegation attack if you impersonate the RID500 Admin. The latest find by @Defte_
https://t.co/27D3QWnQBD
🔗 https://sensepost.com/blog/2023/protected-users-you-thought-you-were-safe-uh/
🐥 [ tweet ]
😈 [ 0xcc00, Bilal ]
Happy to share my new tool "yetAnotherObfuscator".
A C# obfuscator tool that can bypass Windows Defender antivirus. I made this tool mainly as an excuse to learn more about C# and how obfuscators work.
https://t.co/ZjyyDOyWra
This is an alpha release, so expect some nice bugs.
🔗 https://github.com/0xb11a1/yetAnotherObfuscator
🐥 [ tweet ]
Happy to share my new tool "yetAnotherObfuscator".
A C# obfuscator tool that can bypass Windows Defender antivirus. I made this tool mainly as an excuse to learn more about C# and how obfuscators work.
https://t.co/ZjyyDOyWra
This is an alpha release, so expect some nice bugs.
🔗 https://github.com/0xb11a1/yetAnotherObfuscator
🐥 [ tweet ]
Forwarded from Path Secure (CuriV)
Подъехали записи выступлений с BlackHat22!
Куча разных докладов про внешку, внутрянку, реверс, криптографию.
Из интересного в плейлисте:
- Уязвимости в Matrix;
- Атаки на AFDS
- Атаки на электрокары;
- Атаки на керберос RC4;
- Обход EDR;
- Атаки на смартконтракты;
- Обход WAF:
- Атаки на канальном уровне.
Куча разных докладов про внешку, внутрянку, реверс, криптографию.
Из интересного в плейлисте:
- Уязвимости в Matrix;
- Атаки на AFDS
- Атаки на электрокары;
- Атаки на керберос RC4;
- Обход EDR;
- Атаки на смартконтракты;
- Обход WAF:
- Атаки на канальном уровне.
🔥5
😈 [ elkement, elkement ]
Hi Active Directory / ADCS hackers, I've published something! You can add the new SID extension manually if certificate templates allow for custom names: https://t.co/SndcHH3Kz7
🔗 https://elkement.blog/2023/03/30/lord-of-the-sid-how-to-add-the-objectsid-attribute-to-a-certificate-manually/
🐥 [ tweet ]
Hi Active Directory / ADCS hackers, I've published something! You can add the new SID extension manually if certificate templates allow for custom names: https://t.co/SndcHH3Kz7
🔗 https://elkement.blog/2023/03/30/lord-of-the-sid-how-to-add-the-objectsid-attribute-to-a-certificate-manually/
🐥 [ tweet ]
😈 [ naksyn, Diego Capriotti ]
Triggered by an idea of @Octoberfest73, just discovered that you can alter the dll search path of a process you're about to create.
Just call SetDllDirectoryA before CreateProcessA.
For your sideloading pleasurezz :)
🐥 [ tweet ]
Triggered by an idea of @Octoberfest73, just discovered that you can alter the dll search path of a process you're about to create.
Just call SetDllDirectoryA before CreateProcessA.
For your sideloading pleasurezz :)
🐥 [ tweet ]
Forwarded from APT
🕳 Ngrok: SSH Reverse Tunnel Agent
Did you know that you can run ngrok without even installing ngrok? You can start tunnels via SSH without downloading an ngrok agent by running an SSH reverse tunnel command:
https://ngrok.com/docs/secure-tunnels/tunnels/ssh-reverse-tunnel-agent/
#ngrok #ssh #reverse #tunnel
Did you know that you can run ngrok without even installing ngrok? You can start tunnels via SSH without downloading an ngrok agent by running an SSH reverse tunnel command:
ssh -i ~/.ssh/id_ed25519 -R 80:localhost:80 v2@tunnel.us.ngrok.com http
Source:https://ngrok.com/docs/secure-tunnels/tunnels/ssh-reverse-tunnel-agent/
#ngrok #ssh #reverse #tunnel
🔥3
😈 [ zimnyaatishina, zimnyaa ]
A new article about replacing memfd_create with a custom libfuse FS for in-memory ELF execution: https://t.co/AU5ZPJXHaf
The PoC code also tries to disallow others from reading the executable file.
🔗 https://tishina.in/execution/replacing-memfd-with-fuse
🐥 [ tweet ]
A new article about replacing memfd_create with a custom libfuse FS for in-memory ELF execution: https://t.co/AU5ZPJXHaf
The PoC code also tries to disallow others from reading the executable file.
🔗 https://tishina.in/execution/replacing-memfd-with-fuse
🐥 [ tweet ]
🔥1
😈 [ _RastaMouse, Rasta Mouse ]
I'm starting a blog series on using #SharpC2. The first post is demonstrates using HTTPS with a redirector.
https://t.co/TV3DrRvYqn
🔗 https://rastamouse.me/sharpc2-https-with-redirector/
🐥 [ tweet ]
I'm starting a blog series on using #SharpC2. The first post is demonstrates using HTTPS with a redirector.
https://t.co/TV3DrRvYqn
🔗 https://rastamouse.me/sharpc2-https-with-redirector/
🐥 [ tweet ]
🔥1
😈 [ M_haggis, The Haag™ ]
Introducing the Living Off The Land Drivers (LOLDrivers) project, a crucial resource that consolidates vulnerable and malicious drivers in one place to streamline research and analysis.
🔗 http://loldrivers.io
LOLDrivers enhances awareness of driver-related security risks and empowers organizations to mitigate these risks, improving their overall cybersecurity posture. By fostering collaboration and knowledge sharing within the cybersecurity community, LOLDrivers, along with sister projects like LOLBAS and GTFOBins, paves the way for a safer and more secure digital landscape.
Read our release blog to learn all about the project and how to contribute
🔗 https://haggis-m.medium.com/living-off-the-land-drivers-a5d74d45e77a
🐥 [ tweet ]
Introducing the Living Off The Land Drivers (LOLDrivers) project, a crucial resource that consolidates vulnerable and malicious drivers in one place to streamline research and analysis.
🔗 http://loldrivers.io
LOLDrivers enhances awareness of driver-related security risks and empowers organizations to mitigate these risks, improving their overall cybersecurity posture. By fostering collaboration and knowledge sharing within the cybersecurity community, LOLDrivers, along with sister projects like LOLBAS and GTFOBins, paves the way for a safer and more secure digital landscape.
Read our release blog to learn all about the project and how to contribute
🔗 https://haggis-m.medium.com/living-off-the-land-drivers-a5d74d45e77a
🐥 [ tweet ]
X (formerly Twitter)
The Haag™ (@M_haggis) on X
Threat Researcher | Co-Host of Atomics on a Friday | LOLDrivers & Atomic Red Team Maintainer | I'm Everywhere and Nowhere - BSG.
😈 [ NinjaParanoid, Chetan Nayak (Brute Ratel C4 Author) ]
Found a new windows API for executing shellcode - RtlRunOnceExecuteOnce. Haven't see anyone using this technique yet. Theres a lot more you can do apart from the generic shellcode execution as you can also pass a CONTEXT and parameter, but I will let the creativity of the users to figure it out. (something..something for Dllmain loaderlock 😉)
🔗 https://gist.github.com/paranoidninja/b929963db2e1922adee5d8bf3cac61cf
🐥 [ tweet ]
Found a new windows API for executing shellcode - RtlRunOnceExecuteOnce. Haven't see anyone using this technique yet. Theres a lot more you can do apart from the generic shellcode execution as you can also pass a CONTEXT and parameter, but I will let the creativity of the users to figure it out. (something..something for Dllmain loaderlock 😉)
🔗 https://gist.github.com/paranoidninja/b929963db2e1922adee5d8bf3cac61cf
🐥 [ tweet ]
🔥3