😈 [ kyleavery_, Kyle Avery ]
Last week I ported TinyNuke HVNC to a Cobalt Strike BOF: https://t.co/SyPPK4cLd4
🔗 https://github.com/WKL-Sec/HiddenDesktop
🐥 [ tweet ]
Last week I ported TinyNuke HVNC to a Cobalt Strike BOF: https://t.co/SyPPK4cLd4
🔗 https://github.com/WKL-Sec/HiddenDesktop
🐥 [ tweet ]
😈 [ ZeroMemoryEx, V2 ]
Tired by EDRs and AVs continuously flagging your executables? This program terminates protected anti-malware processes by exploiting the GMER driver
https://t.co/JujwWtSW7f
🔗 https://github.com/ZeroMemoryEx/Blackout
🐥 [ tweet ]
Tired by EDRs and AVs continuously flagging your executables? This program terminates protected anti-malware processes by exploiting the GMER driver
https://t.co/JujwWtSW7f
🔗 https://github.com/ZeroMemoryEx/Blackout
🐥 [ tweet ]
😈 [ SEKTOR7net, SEKTOR7 Institute ]
Compromising an endpoint under a nose of Windows Defender ATP, by FO-Sec
#redteam
https://t.co/e6SVTypgw2
🔗 https://www.fo-sec.com/articles/compromising-mdatp-endpoint
🐥 [ tweet ]
Compromising an endpoint under a nose of Windows Defender ATP, by FO-Sec
#redteam
https://t.co/e6SVTypgw2
🔗 https://www.fo-sec.com/articles/compromising-mdatp-endpoint
🐥 [ tweet ]
😈 [ ShitSecure, S3cur3Th1sSh1t ]
Proof of Concept for userland hook evasion - Ruy Lopez is released. The talk at @x33fcon was awesome :-)
https://t.co/3ETaYY7nKp
🔗 https://github.com/S3cur3Th1sSh1t/Ruy-Lopez
🐥 [ tweet ]
Proof of Concept for userland hook evasion - Ruy Lopez is released. The talk at @x33fcon was awesome :-)
https://t.co/3ETaYY7nKp
🔗 https://github.com/S3cur3Th1sSh1t/Ruy-Lopez
🐥 [ tweet ]
🔥3🥱1
😈 [ JusticeRage, Ivan Kwiatkowski ]
Kaspersky released a new blogpost today, documenting an iOS 0day + zero-click exploit used to target cybersecurity researchers. The scope and full victimology are still unknown.
https://t.co/yXC1aDwLCv
🔗 (en) https://securelist.com/operation-triangulation/109842/
🔗 (ru) https://securelist.ru/operation-triangulation/107470/
🔗 https://github.com/KasperskyLab/triangle_check
🐥 [ tweet ]
Kaspersky released a new blogpost today, documenting an iOS 0day + zero-click exploit used to target cybersecurity researchers. The scope and full victimology are still unknown.
https://t.co/yXC1aDwLCv
🔗 (en) https://securelist.com/operation-triangulation/109842/
🔗 (ru) https://securelist.ru/operation-triangulation/107470/
🔗 https://github.com/KasperskyLab/triangle_check
🐥 [ tweet ]
🤔4
😈 [ jaredcatkinson, Jared Atkinson ]
I've finally added the next article in my On Detection series. I discussed Tool Graphs which are new way that we've created to represent a malware sample's functionality. The post demonstrates some of the use cases and explains how the graph is formed.
https://t.co/MLBT1Vkj2A
🔗 https://posts.specterops.io/on-detection-from-tactical-to-functional-1349e51e1a03
🐥 [ tweet ]
I've finally added the next article in my On Detection series. I discussed Tool Graphs which are new way that we've created to represent a malware sample's functionality. The post demonstrates some of the use cases and explains how the graph is formed.
https://t.co/MLBT1Vkj2A
🔗 https://posts.specterops.io/on-detection-from-tactical-to-functional-1349e51e1a03
🐥 [ tweet ]
🤯1
😈 [ icyguider, icyguider ]
I made a tool that will generate an obfuscated DLL to bypass AMSI & ETW without getting blocked by AV. Patch and patchless (hwbp) options available. Could be useful for pentests. Was also good to practice my C. 😬 Enjoy! https://t.co/76L1sZuaPz
🔗 https://github.com/icyguider/LightsOut
🐥 [ tweet ]
I made a tool that will generate an obfuscated DLL to bypass AMSI & ETW without getting blocked by AV. Patch and patchless (hwbp) options available. Could be useful for pentests. Was also good to practice my C. 😬 Enjoy! https://t.co/76L1sZuaPz
🔗 https://github.com/icyguider/LightsOut
🐥 [ tweet ]
🔥4🤔1😢1
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ pfiatde, pfiatde ]
Did you know explorer.exe can directly use WebDAV.
Building an attack chain involving a .zip TLD, Windows Explorer, WebDAV and a jar file.
https://t.co/MnZtTD2ZMd
🔗 https://badoption.eu/blog/2023/06/01/zipjar.html
🐥 [ tweet ]
Did you know explorer.exe can directly use WebDAV.
Building an attack chain involving a .zip TLD, Windows Explorer, WebDAV and a jar file.
https://t.co/MnZtTD2ZMd
🔗 https://badoption.eu/blog/2023/06/01/zipjar.html
🐥 [ tweet ]
🔥7
Когда-то давно я прошел машину Fuse на HackTheBox и решил переписать базовую логику smbpasswd на Python, используя Impacket, а потом создал PR с предложением нового скрипта для examples. На удивление эта идея зашла сообществу, т. к. оказывается, многие страдали от нехватки способов удаленной смены протухших паролей в AD, оперируя с Linux.
Приятно видеть, что твой крошечный вклад в сообщество нашел свою нишу и продолжает развиваться уже без твоей помощи: недавно для
🔗 https://github.com/fortra/impacket/pull/1559
Приятно видеть, что твой крошечный вклад в сообщество нашел свою нишу и продолжает развиваться уже без твоей помощи: недавно для
smbpasswd.py завезли поддержку новых транспортов и методов аутентификации, объединив таким образом несколько других пулл-реквестов в один скрипт changepasswd.py, который теперь реализует 4 из 6 известных протоколов смены пароля в Windows. Грац!🔗 https://github.com/fortra/impacket/pull/1559
🔥18
😈 [ dec0ne, Mor Davidovich ]
Introducing DavRelayUp - A port of #KrbRelayUp with modifications to allow for NTLM relay from WebDAV to LDAP and abuse #RBCD in order achieve #LPE in domain-joined windows workstations where LDAP signing is not enforced.
Demo in second tweet.
https://t.co/mUYoUJin2l
🔗 https://github.com/Dec0ne/DavRelayUp
🐥 [ tweet ]
Introducing DavRelayUp - A port of #KrbRelayUp with modifications to allow for NTLM relay from WebDAV to LDAP and abuse #RBCD in order achieve #LPE in domain-joined windows workstations where LDAP signing is not enforced.
Demo in second tweet.
https://t.co/mUYoUJin2l
🔗 https://github.com/Dec0ne/DavRelayUp
🐥 [ tweet ]
🔥5
Offensive Xwitter
😈 [ dec0ne, Mor Davidovich ] Introducing DavRelayUp - A port of #KrbRelayUp with modifications to allow for NTLM relay from WebDAV to LDAP and abuse #RBCD in order achieve #LPE in domain-joined windows workstations where LDAP signing is not enforced. Demo…
Справедливости ради - мой коллега перешаманил KrbRelayUp в DavRelayUp, когда это еще не было мейнстримом 😐
🔗 https://github.com/BronzeBee/DavRelayUp
🔗 https://github.com/BronzeBee/DavRelayUp
🔥8
😈 [ ZeroMemoryEx, V2 ]
Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes
https://t.co/UGt7cd1DYu
🔗 https://github.com/ZeroMemoryEx/Terminator
🐥 [ tweet ]
Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes
https://t.co/UGt7cd1DYu
🔗 https://github.com/ZeroMemoryEx/Terminator
🐥 [ tweet ]
🔥3
😈 [ SEKTOR7net, SEKTOR7 Institute ]
Sliver comms from a threat hunter's perspective, by Kevin Breen of @immersivelabs
#redteam
https://t.co/apzLfFtYjX
🔗 https://www.immersivelabs.com/blog/detecting-and-decrypting-sliver-c2-a-threat-hunters-guide/
🐥 [ tweet ]
Sliver comms from a threat hunter's perspective, by Kevin Breen of @immersivelabs
#redteam
https://t.co/apzLfFtYjX
🔗 https://www.immersivelabs.com/blog/detecting-and-decrypting-sliver-c2-a-threat-hunters-guide/
🐥 [ tweet ]
😈 [ eversinc33, eversinc33 ]
Dumbest AMSI bypass I know so far, but it works: sideloading a fake amsi.dll to a copied version of powershell which simply return S_OK / AMSI_RESULT_CLEAN for every command. I would have thought that there was some kind of signature check upon loading amsi.dll but apparently not
🐥 [ tweet ]
Dumbest AMSI bypass I know so far, but it works: sideloading a fake amsi.dll to a copied version of powershell which simply return S_OK / AMSI_RESULT_CLEAN for every command. I would have thought that there was some kind of signature check upon loading amsi.dll but apparently not
🐥 [ tweet ]
😁4
😈 [ Octoberfest73, Octoberfest7 ]
Here is my latest, DropSpawn. This is a CS BOF used to spawn additional beacons via a little-known DLL hijacking method that I posted about ~2 months ago. Use as an alternative to process injection and force most any System32 exe to load an arbitrary DLL https://t.co/50GSW4vEJm
🔗 https://github.com/Octoberfest7/DropSpawn_BOF
🐥 [ tweet ]
Here is my latest, DropSpawn. This is a CS BOF used to spawn additional beacons via a little-known DLL hijacking method that I posted about ~2 months ago. Use as an alternative to process injection and force most any System32 exe to load an arbitrary DLL https://t.co/50GSW4vEJm
🔗 https://github.com/Octoberfest7/DropSpawn_BOF
🐥 [ tweet ]
😈 [ ShitSecure, S3cur3Th1sSh1t ]
Last year we did analyse malware from a group targeting malware devs and or offensive security people. Here’s the story, which is also our first technical blog post - more to follow 🙌:
https://t.co/YGMDfP3hLQ
🔗 https://www.r-tec.net/r-tec-blog-when-hackers-hack-the-hackers.html
🐥 [ tweet ]
Last year we did analyse malware from a group targeting malware devs and or offensive security people. Here’s the story, which is also our first technical blog post - more to follow 🙌:
https://t.co/YGMDfP3hLQ
🔗 https://www.r-tec.net/r-tec-blog-when-hackers-hack-the-hackers.html
🐥 [ tweet ]