😈 [ rootsecdev, rootsecdev ]
Enjoyed this medium post. It has some excellent recommendations for studying Active Directory. Chisel stuff is spot on. 👇
“AD FOR OSCP (Active Directory Guide)” by Abhishekgk
https://t.co/QSWTosQvlI
🔗 https://link.medium.com/SSaz6xsdqzb
🐥 [ tweet ]
Enjoyed this medium post. It has some excellent recommendations for studying Active Directory. Chisel stuff is spot on. 👇
“AD FOR OSCP (Active Directory Guide)” by Abhishekgk
https://t.co/QSWTosQvlI
🔗 https://link.medium.com/SSaz6xsdqzb
🐥 [ tweet ]
🔥2
😈 [ mpgn_x64, mpgn ]
The sponsor version of CrackMapExec just receive an update from @MJHallenbeck 🚀
▶️ cme is now using rich logging from @willmcgugan
▶️ a progress bar has been added 🚄🚃🚃
▶️ protocol ssh is now working with a key
▶️ cmedb now store creds found with ssh
@porchetta_ind 🪂
🐥 [ tweet ]
The sponsor version of CrackMapExec just receive an update from @MJHallenbeck 🚀
▶️ cme is now using rich logging from @willmcgugan
▶️ a progress bar has been added 🚄🚃🚃
▶️ protocol ssh is now working with a key
▶️ cmedb now store creds found with ssh
@porchetta_ind 🪂
🐥 [ tweet ]
🔥5
😈 [ kleiton0x7e, Kleiton Kurti ]
Created a blogpost & a PoC for a custom Sleep Mask Kit that obfuscates data within a beacon's stack, prior to custom sleeping, by leveraging CPU cycles.
A great approach against memory investigation.
🗒️Blog: https://t.co/sop7XnF5tc
#cybersecurity #redteam #infosec
🔗 https://whiteknightlabs.com/2023/05/02/masking-the-implant-with-stack-encryption/
🐥 [ tweet ]
Created a blogpost & a PoC for a custom Sleep Mask Kit that obfuscates data within a beacon's stack, prior to custom sleeping, by leveraging CPU cycles.
A great approach against memory investigation.
🗒️Blog: https://t.co/sop7XnF5tc
#cybersecurity #redteam #infosec
🔗 https://whiteknightlabs.com/2023/05/02/masking-the-implant-with-stack-encryption/
🐥 [ tweet ]
🤯3
😈 [ Nettitude_Labs, Nettitude Labs ]
Introducing ETWHash!
ETWHash is a new method and tool by @lefterispan for consuming SMB events from Event Tracing for Windows (ETW) and extracting NetNTLMv2 hashes for cracking offline.
https://t.co/wLmsQf71J8
🔗 https://labs.nettitude.com/blog/etwhash-he-who-listens-shall-receive/
🔗 https://github.com/nettitude/ETWHash
🐥 [ tweet ]
Introducing ETWHash!
ETWHash is a new method and tool by @lefterispan for consuming SMB events from Event Tracing for Windows (ETW) and extracting NetNTLMv2 hashes for cracking offline.
https://t.co/wLmsQf71J8
🔗 https://labs.nettitude.com/blog/etwhash-he-who-listens-shall-receive/
🔗 https://github.com/nettitude/ETWHash
🐥 [ tweet ]
🔥1🤯1
😈 [ vxunderground, vx-underground ]
Amazon recommended Russian ransomware operator essentials
🐥 [ tweet ]
Amazon recommended Russian ransomware operator essentials
🐥 [ tweet ]
😁11🔥1
😈 [ garrfoster, Garrett ]
Sharing a tool I wrote to streamline attacking SCCM. Some features include profiling target servers for admin smb relay attacks, site server takeover, http enrollment, and leveraging the adminservice api.
https://t.co/aiJzWIJNDR
🔗 https://github.com/garrettfoster13/sccmhunter
🐥 [ tweet ]
Sharing a tool I wrote to streamline attacking SCCM. Some features include profiling target servers for admin smb relay attacks, site server takeover, http enrollment, and leveraging the adminservice api.
https://t.co/aiJzWIJNDR
🔗 https://github.com/garrettfoster13/sccmhunter
🐥 [ tweet ]
🔥3
😈 [ PenTestPartners, Pen Test Partners ]
Our @_EthicalChaos_ found a vuln in Kape's CyberGhost VPN affecting ~3m users & reported it to them. It didn't go well. VDPs cannot be exclusively outsourced to bug bounty platforms. Bullied by Bugcrowd: https://t.co/xT4wJXMqMh
🔗 https://www.pentestpartners.com/security-blog/bullied-by-bugcrowd-over-kape-cyberghost-disclosure/
🐥 [ tweet ]
Our @_EthicalChaos_ found a vuln in Kape's CyberGhost VPN affecting ~3m users & reported it to them. It didn't go well. VDPs cannot be exclusively outsourced to bug bounty platforms. Bullied by Bugcrowd: https://t.co/xT4wJXMqMh
🔗 https://www.pentestpartners.com/security-blog/bullied-by-bugcrowd-over-kape-cyberghost-disclosure/
🐥 [ tweet ]
🤔1
😈 [ deadvolvo, I am d3d (dead, мёртв, 死了) ]
@NinjaParanoid They can literally change out Cobalt Strike for BRc4 in my paper, which should add a few more layers of obfuscation from direct detection methods.
https://t.co/8eilbLSKfO
🔗 https://blog.malicious.group/automating-c2-infrastructure-with-terraform-nebula-caddy-and-cobalt-strike/
🐥 [ tweet ]
@NinjaParanoid They can literally change out Cobalt Strike for BRc4 in my paper, which should add a few more layers of obfuscation from direct detection methods.
https://t.co/8eilbLSKfO
🔗 https://blog.malicious.group/automating-c2-infrastructure-with-terraform-nebula-caddy-and-cobalt-strike/
🐥 [ tweet ]
🤯4
😈 [ r_redteamsec, /r/redteamsec ]
Building a Red Team Infrastructure in 2023 https://t.co/NiysJBE3EC #redteamsec
🔗 https://www.reddit.com/r/redteamsec/comments/13bkzrh/building_a_red_team_infrastructure_in_2023/
🐥 [ tweet ]
Building a Red Team Infrastructure in 2023 https://t.co/NiysJBE3EC #redteamsec
🔗 https://www.reddit.com/r/redteamsec/comments/13bkzrh/building_a_red_team_infrastructure_in_2023/
🐥 [ tweet ]
🤔1
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ its_a_feature_, Cody Thomas ]
It's official! Mythic 3.0 is LIVE! Check out the blog post about it here: https://t.co/LJb77jLqQZ. Highlights include: rpfwds, graph groupings, jupyter notebook, custom webhooks, tags, docker updates, and an entirely new back end!
🔗 https://posts.specterops.io/c2-and-the-docker-dance-mythic-3-0s-marvelous-microservice-moves-f6e6e91356e2
🐥 [ tweet ]
It's official! Mythic 3.0 is LIVE! Check out the blog post about it here: https://t.co/LJb77jLqQZ. Highlights include: rpfwds, graph groupings, jupyter notebook, custom webhooks, tags, docker updates, and an entirely new back end!
🔗 https://posts.specterops.io/c2-and-the-docker-dance-mythic-3-0s-marvelous-microservice-moves-f6e6e91356e2
🐥 [ tweet ]
🤯1
😈 [ _RastaMouse, Rasta Mouse ]
I wrote a little BOF that enumerates the protection level of a PP/PPL process.
https://t.co/98PxBX56OF
🔗 https://github.com/rasta-mouse/PPEnum
🐥 [ tweet ]
I wrote a little BOF that enumerates the protection level of a PP/PPL process.
https://t.co/98PxBX56OF
🔗 https://github.com/rasta-mouse/PPEnum
🐥 [ tweet ]
🤯2
😈 [ rootsecdev, rootsecdev ]
“Writing a Sliver C2 Powershell Stager with Shellcode Compression and AES Encryption” by Ycf-Kel
https://t.co/pFI88KOvIX
🔗 https://link.medium.com/MluhuP9NKzb
🐥 [ tweet ]
“Writing a Sliver C2 Powershell Stager with Shellcode Compression and AES Encryption” by Ycf-Kel
https://t.co/pFI88KOvIX
🔗 https://link.medium.com/MluhuP9NKzb
🐥 [ tweet ]
🔥4
😈 [ freefirex2, freefirex ]
Converting PPLFault (original: https://t.co/SjSmi2MYJa) has been one of the more difficult BOF converts, but was still pretty fun to tackle :)
🔗 https://github.com/gabriellandau/PPLFault
🐥 [ tweet ]
к теме про https://news.1rj.ru/str/RalfHackerChannel/1330
Converting PPLFault (original: https://t.co/SjSmi2MYJa) has been one of the more difficult BOF converts, but was still pretty fun to tackle :)
🔗 https://github.com/gabriellandau/PPLFault
🐥 [ tweet ]
к теме про https://news.1rj.ru/str/RalfHackerChannel/1330
🔥3
😈 [ Flangvik, Melvin langvik ]
In yesterday's stream, I began integrating @0xcc00 excellent project yetAnotherObfuscator with the SharpCollection Pipeline. Resulting in a new repo, https://t.co/RmVum0w6yt Usefull for CTF's or basic evasion!
🔗 https://github.com/Flangvik/ObfuscatedSharpCollection
🐥 [ tweet ]
In yesterday's stream, I began integrating @0xcc00 excellent project yetAnotherObfuscator with the SharpCollection Pipeline. Resulting in a new repo, https://t.co/RmVum0w6yt Usefull for CTF's or basic evasion!
🔗 https://github.com/Flangvik/ObfuscatedSharpCollection
🐥 [ tweet ]
😈 [ gregdarwin, Greg Darwin ]
New post on the Cobalt Strike blog by @joehowwolf:
https://t.co/GB13YgAlpP
🔗 https://www.cobaltstrike.com/blog/cobalt-strike-and-yara-can-i-have-your-signature/
🐥 [ tweet ]
New post on the Cobalt Strike blog by @joehowwolf:
https://t.co/GB13YgAlpP
🔗 https://www.cobaltstrike.com/blog/cobalt-strike-and-yara-can-i-have-your-signature/
🐥 [ tweet ]
🔥1
😈 [ _wald0, Andy Robbins ]
My latest blog post: how to turn Domain Admin in a child domain into Enterprise Admin with ADCS ESC5: https://t.co/If8Ek3bRkZ
🔗 https://posts.specterops.io/from-da-to-ea-with-esc5-f9f045aa105c
🐥 [ tweet ]
My latest blog post: how to turn Domain Admin in a child domain into Enterprise Admin with ADCS ESC5: https://t.co/If8Ek3bRkZ
🔗 https://posts.specterops.io/from-da-to-ea-with-esc5-f9f045aa105c
🐥 [ tweet ]
🔥3
😈 [ HackingLZ, Justin Elze ]
Wrote a new blog about building a host based recon methodology and the importance of recon on compromised hosts.
https://t.co/Ra1quelbG2 https://t.co/Ug46ncWHyM
🔗 https://www.trustedsec.com/blog/walking-the-tightrope-maximizing-information-gathering-while-avoiding-detection-for-red-teams/
🐥 [ tweet ]
Wrote a new blog about building a host based recon methodology and the importance of recon on compromised hosts.
https://t.co/Ra1quelbG2 https://t.co/Ug46ncWHyM
🔗 https://www.trustedsec.com/blog/walking-the-tightrope-maximizing-information-gathering-while-avoiding-detection-for-red-teams/
🐥 [ tweet ]
🔥1
😈 [ ShitSecure, S3cur3Th1sSh1t ]
My team mate @m_fielenbach recently created a python noscript to automate the process of discovering and exploiting ESC1 & ESC8 ADCS vulnerabilities: 🙌
https://t.co/YRxh1Np6Ni
So if you want to save some minutes of time in your next projects feel free to test it out. 🔥
🔗 https://github.com/grimlockx/ADCSKiller
🐥 [ tweet ]
My team mate @m_fielenbach recently created a python noscript to automate the process of discovering and exploiting ESC1 & ESC8 ADCS vulnerabilities: 🙌
https://t.co/YRxh1Np6Ni
So if you want to save some minutes of time in your next projects feel free to test it out. 🔥
🔗 https://github.com/grimlockx/ADCSKiller
🐥 [ tweet ]
🔥2🥱1
😈 [ Agarri_FR, Nicolas Grégoire ]
Here’s the slides of the talk I gave yesterday at NorthSec 2023
"Tips and tricks for Burp Suite Pro, ten years later" #nsec23 @NorthSec_io
https://t.co/QUjLUPBV7j
🔗 https://www.agarri.fr/docs/nsec23-burp_tips_n_tricks.pdf
🐥 [ tweet ]
Here’s the slides of the talk I gave yesterday at NorthSec 2023
"Tips and tricks for Burp Suite Pro, ten years later" #nsec23 @NorthSec_io
https://t.co/QUjLUPBV7j
🔗 https://www.agarri.fr/docs/nsec23-burp_tips_n_tricks.pdf
🐥 [ tweet ]
🔥1
Offensive Xwitter
😈 [ Agarri_FR, Nicolas Grégoire ] Here’s the slides of the talk I gave yesterday at NorthSec 2023 "Tips and tricks for Burp Suite Pro, ten years later" #nsec23 @NorthSec_io https://t.co/QUjLUPBV7j 🔗 https://www.agarri.fr/docs/nsec23-burp_tips_n_tricks.pdf…
nsec23-burp_tips_n_tricks.pdf
705.9 KB
🔥4