Offensive Xwitter – Telegram
Offensive Xwitter
@OffensiveTwitter
19.4K subscribers
908 photos
48 videos
21 files
2.09K links
~$ socat TWITTER-LISTEN:443,fork,reuseaddr TELEGRAM:1.3.3.7:31337

Disclaimer: https://news.1rj.ru/str/OffensiveTwitter/546
Download Telegram
About
Blog
Apps
Platform
Join
Offensive Xwitter
19.4K subscribers
Offensive Xwitter
Offensive Xwitter
😈 [ HackingLZ, Justin Elze ] The endorsement you want for red team tools 💪 🐥 [ tweet ] ну лолкек же а
Ластецкий, больше не буду
😁2
1.13K views
Offensive Xwitter
😈 [ SEKTOR7net, SEKTOR7 Institute ]

RPC enters Beacon Object Files, by Christopher Paschen of @TrustedSec

#redteam

https://t.co/cCt5k1D2Ch

🔗 https://www.trustedsec.com/blog/using-rpc-in-bofs/

🐥 [ tweet ]
🔥2
998 views
Offensive Xwitter
О дампе реестра с помощью SecretsDump и Co.

Долгое время я не знал, что, оказывается, secretsdump[.]py не только читает и расшифровывает ветки SAM и SECURITY прямиком из удаленного реестра, но также и экспортирует их на диск в файлы %SYSTEMROOT%\Temp\*.tmp для извлечения отдельных значений, которые не получается достать "на горячую" (скриншот 1). Приостановив выполнение скрипта, их можно скачать и убедиться в этом самостоятельно (скриншот 2).

В случаях, когда нужно спарсить LSA прямиком с Windows-хоста, я любил пользоваться SharpSecDump (который тоже сохраняет ветки на диск в файлы %SYSTEMROOT%\*.log) с флагом -target=127.0.0.1, однако после того, как умные люди (@bugch3ck) заметили, что права доступа на экспортированные ветки позволяют низкопривилегированным пользакам их прочитать, стал относиться к ее использованию более аккуратно. Это происходит из-за наследования прав на создаваемые файлы в директории C:\Windows\ (скриншоты 3, 4).

После прочтения недавнего поста от @Synacktiv я узнал о крутой тулзе SharpSecretsdump, которая (по беглому просмотру) не дампает хивы в файлы и, соответственно, оставляет меньше IOC-ов от своего использования. Рекомендую обновить арсенал всем заинтересованным 😉
🔥9
2.01K viewsedited  
Offensive Xwitter
Offensive Xwitter
О дампе реестра с помощью SecretsDump и Co. Долгое время я не знал, что, оказывается, secretsdump[.]py не только читает и расшифровывает ветки SAM и SECURITY прямиком из удаленного реестра, но также и экспортирует их на диск в файлы %SYSTEMROOT%\Temp\*.tmp…
1.85K views
Offensive Xwitter
😈 [ lowercase_drm, drm ]

I created a PR that adds TLS Channel Binding compatibility to ldap3 library when used with NTLM authentication: https://t.co/sb3QB7sd1c

🔗 https://github.com/cannatag/ldap3/pull/1087

🐥 [ tweet ]

наконец-то, боже
1.24K views
Offensive Xwitter
😈 [ M4yFly, Mayfly ]

Goad pwning part13, let's have fun with file coerce (lnk,url), webclient, impersonate and the old one rdphijack.

https://t.co/we7MA67sfX

🔗 https://mayfly277.github.io/posts/GOADv2-pwning-part13/

🐥 [ tweet ]
1.12K views
Offensive Xwitter
😈 [ BoreanJordan, Jordan Borean ]

Just merged in some RPC/DCE changes to pyspnego https://t.co/lDdBqUetLa. I also created a new blob post around some of the details of RPC encryption used by Microsoft that will hopefully be useful for other people implementing their own client https://t.co/clj7oi6eAL

🔗 https://github.com/jborean93/pyspnego/pull/63
🔗 https://wp.me/p9gmIx-ax

🐥 [ tweet ]
1.01K views
Offensive Xwitter
😈 [ 0gtweet, Grzegorz Tworek ]

A keylogger/sniffer for the on-screen-keyboard? Sure, ETW is happy to help here with {4F768BE8-9C69-4BBC-87FC-95291D3F9D0C}😁
Enjoy the C source code, and the compiled exe, as usual - https://t.co/FT73HaxM1c

🔗 https://github.com/gtworek/PSBits/tree/master/ETW

🐥 [ tweet ]
🔥1
1.14K views
Offensive Xwitter
Forwarded from PT SWARM
Microsoft Exchange Powershell Remoting Deserialization leading to RCE (CVE-2023-21707)

👤 by testanull

While analyzing CVE-2022-41082, also known as Proxy Not Shell, researcher discovered CVE-2023-21707 vulnerability which he has detailed in this blog.
The vulnerability allows a privileged user to trigger RCE during a deserialization of untrusted data.

📝 Contents:
● Introduction
● The new variant
● Payload delivery
● Demo
● References

https://starlabs.sg/blog/2023/04-microsoft-exchange-powershell-remoting-deserialization-leading-to-rce-cve-2023-21707/
761 views
Offensive Xwitter
😈 [ s4ntiago_p, S4ntiagoP ]

🔥 Big update!
Nanodump now supports the PPLMedic exploit!
meaning you can dump LSASS on an up-to-date system with PPL enabled 😃

https://t.co/Ki22xU5P4a

🔗 https://github.com/fortra/nanodump

🐥 [ tweet ]
1.74K views
Offensive Xwitter
😈 [ rootsecdev, rootsecdev ]

Enjoyed this medium post. It has some excellent recommendations for studying Active Directory. Chisel stuff is spot on. 👇

“AD FOR OSCP (Active Directory Guide)” by Abhishekgk
https://t.co/QSWTosQvlI

🔗 https://link.medium.com/SSaz6xsdqzb

🐥 [ tweet ]
🔥2
1.45K views
Offensive Xwitter
😈 [ mpgn_x64, mpgn ]

The sponsor version of CrackMapExec just receive an update from @MJHallenbeck 🚀

▶️ cme is now using rich logging from @willmcgugan
▶️ a progress bar has been added 🚄🚃🚃
▶️ protocol ssh is now working with a key
▶️ cmedb now store creds found with ssh

@porchetta_ind 🪂

🐥 [ tweet ]
🔥5
3.57K views
Offensive Xwitter
😈 [ kleiton0x7e, Kleiton Kurti ]

Created a blogpost & a PoC for a custom Sleep Mask Kit that obfuscates data within a beacon's stack, prior to custom sleeping, by leveraging CPU cycles.
A great approach against memory investigation.

🗒️Blog: https://t.co/sop7XnF5tc

#cybersecurity #redteam #infosec

🔗 https://whiteknightlabs.com/2023/05/02/masking-the-implant-with-stack-encryption/

🐥 [ tweet ]
🤯3
1.19K views
Offensive Xwitter
😈 [ Nettitude_Labs, Nettitude Labs ]

Introducing ETWHash!

ETWHash is a new method and tool by @lefterispan for consuming SMB events from Event Tracing for Windows (ETW) and extracting NetNTLMv2 hashes for cracking offline.

https://t.co/wLmsQf71J8

🔗 https://labs.nettitude.com/blog/etwhash-he-who-listens-shall-receive/
🔗 https://github.com/nettitude/ETWHash

🐥 [ tweet ]
🔥1🤯1
1.28K viewsedited  
Offensive Xwitter
😈 [ vxunderground, vx-underground ]

Amazon recommended Russian ransomware operator essentials

🐥 [ tweet ]
😁11🔥1
1.31K views
Offensive Xwitter
😈 [ garrfoster, Garrett ]

Sharing a tool I wrote to streamline attacking SCCM. Some features include profiling target servers for admin smb relay attacks, site server takeover, http enrollment, and leveraging the adminservice api.

https://t.co/aiJzWIJNDR

🔗 https://github.com/garrettfoster13/sccmhunter

🐥 [ tweet ]
🔥3
1.31K views
Offensive Xwitter
😈 [ PenTestPartners, Pen Test Partners ]

Our @_EthicalChaos_ found a vuln in Kape's CyberGhost VPN affecting ~3m users & reported it to them. It didn't go well. VDPs cannot be exclusively outsourced to bug bounty platforms. Bullied by Bugcrowd: https://t.co/xT4wJXMqMh

🔗 https://www.pentestpartners.com/security-blog/bullied-by-bugcrowd-over-kape-cyberghost-disclosure/

🐥 [ tweet ]
🤔1
1.32K views
Offensive Xwitter
ISCRA Internal Pentest Intro.pdf
2.2 MB
По мотивам ISCRA | InfoSec Club "Ra" – Введение в специальность: Internal Pentest
🔥8🥱2
1.88K views