😈 [ naksyn, Diego Capriotti ]
Just pushed an update to Pyramid.
check it out here: https://t.co/8gj8rCY8yE
Small thread on added features👇
🔗 https://github.com/naksyn/Pyramid
Cradle and server have been updated so that delivered files and part of the URL can now be encrypted/decrypted with chacha or xor. Pass is hardcoded in cradle and server.
Useful to avoid network signatures triggered upon downloading of some python dependencies (i.e. bh, Lazagne)
In modules config section you can now specify the extraction directory of some dependencies that require loading pyds (i.e. Cryptodome).
Useful to load pyds from a network share or a folder where you have write permissions to keep the main Python folder clean.
Pyramid Server configuration can now be automatically copied on modules and cradle files based on the passed command line parameters.
This reduces error probability during setup and saves you some time.
🐥 [ tweet ]
Just pushed an update to Pyramid.
check it out here: https://t.co/8gj8rCY8yE
Small thread on added features👇
🔗 https://github.com/naksyn/Pyramid
Cradle and server have been updated so that delivered files and part of the URL can now be encrypted/decrypted with chacha or xor. Pass is hardcoded in cradle and server.
Useful to avoid network signatures triggered upon downloading of some python dependencies (i.e. bh, Lazagne)
In modules config section you can now specify the extraction directory of some dependencies that require loading pyds (i.e. Cryptodome).
Useful to load pyds from a network share or a folder where you have write permissions to keep the main Python folder clean.
Pyramid Server configuration can now be automatically copied on modules and cradle files based on the passed command line parameters.
This reduces error probability during setup and saves you some time.
🐥 [ tweet ]
Интересно, просто и понятно про Windows API, LSA, SSP/AP через призму оффенсив-кодинга на C++ от ][ и @Michaelzhm:
🔗 Свин API. Изучаем возможности WinAPI для пентестера
🔗 Поставщик небезопасности. Как Windows раскрывает пароль пользователя
🔗 КодингДолой Mimikatz! Инжектим тикеты своими руками
🔗 Свин API. Изучаем возможности WinAPI для пентестера
🔗 Поставщик небезопасности. Как Windows раскрывает пароль пользователя
🔗 КодингДолой Mimikatz! Инжектим тикеты своими руками
🔥4
😈 [ _Kudaes_, Kurosh Dabbagh ]
I've found that fibers may be something to look at when it comes to execute local in-memory code. This is a simple PoC of how you can leverage fibers to execute in-memory code without spawning threads and hiding suspicious thread stacks among others.
https://t.co/kjIPOunGun
🔗 https://github.com/Kudaes/Fiber
🐥 [ tweet ]
I've found that fibers may be something to look at when it comes to execute local in-memory code. This is a simple PoC of how you can leverage fibers to execute in-memory code without spawning threads and hiding suspicious thread stacks among others.
https://t.co/kjIPOunGun
🔗 https://github.com/Kudaes/Fiber
🐥 [ tweet ]
😈 [ Oddvarmoe, Oddvar Moe ]
Some really great sites you should bookmark
🔗 https://www.loldrivers.io/
🔗 https://gtfobins.github.io/
🔗 https://lolbas-project.github.io/
🔗 https://lots-project.com/
🔗 https://filesec.io/
🔗 https://malapi.io/
🐥 [ tweet ]
Some really great sites you should bookmark
🔗 https://www.loldrivers.io/
🔗 https://gtfobins.github.io/
🔗 https://lolbas-project.github.io/
🔗 https://lots-project.com/
🔗 https://filesec.io/
🔗 https://malapi.io/
🐥 [ tweet ]
🔥3
😈 [ Hadess_security, HADESS ]
64 Methods for Execute Mimikatz
https://t.co/wKw1AseHly
#mimikatz
🔗 https://redteamrecipe.com/64-Methods-For-Execute-Mimikatz/
🐥 [ tweet ]
64 Methods for Execute Mimikatz
https://t.co/wKw1AseHly
#mimikatz
🔗 https://redteamrecipe.com/64-Methods-For-Execute-Mimikatz/
🐥 [ tweet ]
очень мило🔥3
Forwarded from Ralf Hacker Channel (Ralf Hacker)
В семействе картошек пополнение - GodPotato. Windows LPE:
* Windows Server 2012 - Windows Server 2022 ;
* Windows8 - Windows 11
https://github.com/BeichenDream/GodPotato
#git #soft #lpe
* Windows Server 2012 - Windows Server 2022 ;
* Windows8 - Windows 11
https://github.com/BeichenDream/GodPotato
#git #soft #lpe
GitHub
GitHub - BeichenDream/GodPotato
Contribute to BeichenDream/GodPotato development by creating an account on GitHub.
Лайфхак от моего хорошего друга, гуру админства этих ваших окон @DrunkF0x: закончилась лицуха на шиндовс серваке evaluation-версии (в лабе, например)? Пишем в консоли от админа, и пробный период продляется на 180 дней:
Повторять можно 6-7 раз 🤫
Cmd > slmgr /rearm
Cmd > shutdown -r -t 0
Повторять можно 6-7 раз 🤫
🔥12🥱4
😈 [ SteveSyfuhs, Steve Syfuhs ]
For posterity https://t.co/2ozUzduPfu
🔗 https://syfuhs.net/improvements-in-windows-kerberos-architecture
🐥 [ tweet ]
For posterity https://t.co/2ozUzduPfu
🔗 https://syfuhs.net/improvements-in-windows-kerberos-architecture
🐥 [ tweet ]
😈 [ _RastaMouse, Rasta Mouse ]
I pushed my D/Invoke changes (tagged v1.0.5) and wrote a short summary:
https://t.co/NZCRHZEHHL
🔗 https://offensivedefence.co.uk/posts/dinvoke-105/
🐥 [ tweet ]
I pushed my D/Invoke changes (tagged v1.0.5) and wrote a short summary:
https://t.co/NZCRHZEHHL
🔗 https://offensivedefence.co.uk/posts/dinvoke-105/
🐥 [ tweet ]
😈 [ VirtualAllocEx, Daniel Feichter ]
With my new blog post "Direct Syscalls: A journey from high to low" I try to explain what a syscall is, what a direct syscall is, why an attacker (red team) uses it, etc.
I also try to explain how to build and understand your own shellcode dropper step by step, starting with high level APIs and ending with direct syscalls (low level APIs).
🔗 https://redops.at/en/blog/direct-syscalls-a-journey-from-high-to-low
The code samples to play with in your own LAB are also available in my github repository.
🔗 https://github.com/VirtualAlllocEx/Direct-Syscalls-A-journey-from-high-to-low
🐥 [ tweet ]
With my new blog post "Direct Syscalls: A journey from high to low" I try to explain what a syscall is, what a direct syscall is, why an attacker (red team) uses it, etc.
I also try to explain how to build and understand your own shellcode dropper step by step, starting with high level APIs and ending with direct syscalls (low level APIs).
🔗 https://redops.at/en/blog/direct-syscalls-a-journey-from-high-to-low
The code samples to play with in your own LAB are also available in my github repository.
🔗 https://github.com/VirtualAlllocEx/Direct-Syscalls-A-journey-from-high-to-low
🐥 [ tweet ]
😈 [ _xpn_, Adam Chester ]
Quick POC this evening looking at how LAPS (v2) passwords are stored and decrypted on Active Directory (tl;dr, msLAPS-EncryptedPassword attr and NCryptStreamUpdate for crypto) https://t.co/QaZdleEvNc
🔗 https://gist.github.com/xpn/23dc5b6c260a7571763ca8ca745c32f4
🐥 [ tweet ]
Quick POC this evening looking at how LAPS (v2) passwords are stored and decrypted on Active Directory (tl;dr, msLAPS-EncryptedPassword attr and NCryptStreamUpdate for crypto) https://t.co/QaZdleEvNc
🔗 https://gist.github.com/xpn/23dc5b6c260a7571763ca8ca745c32f4
🐥 [ tweet ]
🔥1
😈 [ _wald0, Andy Robbins ]
I am proud to announce the release of #BloodHound 4.3!
Release blog post: https://t.co/9LESMBrimP
Limited edition T-shirt: https://t.co/V4PvatsuuQ
Get BloodHound 4.3 NOW at https://t.co/LOlhrNILYB
🔗 https://medium.com/p/5795cbf535b2
🔗 https://www.customink.com/fundraising/specterops-mdafr?pc=TXN-170516&utm_content=image&utm_source=fr_org_drafted_txn&utm_medium=email&utm_campaign=fr_org_saved_draft%252520%252528Ybrnqj%252529&_kx=QwWrrqFdZDAQYb89RSPMBmD81LpOl1n1CrorybjBR6s%25253D.SKGNUp&side=front&type=1&zoom=false
🔗 https://bit.ly/GetBloodHound
🐥 [ tweet ]
I am proud to announce the release of #BloodHound 4.3!
Release blog post: https://t.co/9LESMBrimP
Limited edition T-shirt: https://t.co/V4PvatsuuQ
Get BloodHound 4.3 NOW at https://t.co/LOlhrNILYB
🔗 https://medium.com/p/5795cbf535b2
🔗 https://www.customink.com/fundraising/specterops-mdafr?pc=TXN-170516&utm_content=image&utm_source=fr_org_drafted_txn&utm_medium=email&utm_campaign=fr_org_saved_draft%252520%252528Ybrnqj%252529&_kx=QwWrrqFdZDAQYb89RSPMBmD81LpOl1n1CrorybjBR6s%25253D.SKGNUp&side=front&type=1&zoom=false
🔗 https://bit.ly/GetBloodHound
🐥 [ tweet ]
😈 [ Synacktiv, Synacktiv ]
Beside LSASS, are you sure to loot every available secrets on your compromised Windows host? In our latest blogpost, @l4x4 summarizes the techniques and tools to ensure you do not miss any: https://t.co/Z81G732psQ
🔗 https://www.synacktiv.com/publications/windows-secrets-extraction-a-summary
🐥 [ tweet ]
Beside LSASS, are you sure to loot every available secrets on your compromised Windows host? In our latest blogpost, @l4x4 summarizes the techniques and tools to ensure you do not miss any: https://t.co/Z81G732psQ
🔗 https://www.synacktiv.com/publications/windows-secrets-extraction-a-summary
🐥 [ tweet ]
😈 [ M4yFly, Mayfly ]
Complete guide to deploy GOAD on Proxmox is ready 🥳
- part 1: Proxmox + pfsense
- part 2: template with packer
- part 3: providing with terraform
- part 4: provisioning with ansible
- part 5: add openvpn access
https://t.co/Rpawi6FFl8
=> https://t.co/hjbwXJqzsS
🔗 https://github.com/Orange-Cyberdefense/GOAD
🔗 https://mayfly277.github.io/categories/proxmox/
🐥 [ tweet ]
Complete guide to deploy GOAD on Proxmox is ready 🥳
- part 1: Proxmox + pfsense
- part 2: template with packer
- part 3: providing with terraform
- part 4: provisioning with ansible
- part 5: add openvpn access
https://t.co/Rpawi6FFl8
=> https://t.co/hjbwXJqzsS
🔗 https://github.com/Orange-Cyberdefense/GOAD
🔗 https://mayfly277.github.io/categories/proxmox/
🐥 [ tweet ]
😈 [ sensepost, Orange Cyberdefense's SensePost Team ]
"Attack of the clones", or, read how Reino suppressed snitchware on a "suspense"-full red team by abusing a suspended Bitlocker state: https://t.co/GDcs38Vcta
🔗 https://sensepost.com/blog/2023/from-bitlocker-suspended-to-virtual-machine/
🐥 [ tweet ]
"Attack of the clones", or, read how Reino suppressed snitchware on a "suspense"-full red team by abusing a suspended Bitlocker state: https://t.co/GDcs38Vcta
🔗 https://sensepost.com/blog/2023/from-bitlocker-suspended-to-virtual-machine/
🐥 [ tweet ]
интересное чтиво🔥1
😈 [ Tyl0us, Matt Eidelberg ]
ScareCrow 5.0 is out now, a massive rewrite of the framework with huge new features, IoC's removed & new evasion techniques added. If you are curious take a look at the changelog. Check it out: https://t.co/VIQVnKd2tJ #netsec #redteam #EDR #evasion
🔗 https://github.com/optiv/ScareCrow
🐥 [ tweet ]
ScareCrow 5.0 is out now, a massive rewrite of the framework with huge new features, IoC's removed & new evasion techniques added. If you are curious take a look at the changelog. Check it out: https://t.co/VIQVnKd2tJ #netsec #redteam #EDR #evasion
🔗 https://github.com/optiv/ScareCrow
🐥 [ tweet ]