This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ pfiatde, pfiatde ]
Did you know explorer.exe can directly use WebDAV.
Building an attack chain involving a .zip TLD, Windows Explorer, WebDAV and a jar file.
https://t.co/MnZtTD2ZMd
🔗 https://badoption.eu/blog/2023/06/01/zipjar.html
🐥 [ tweet ]
Did you know explorer.exe can directly use WebDAV.
Building an attack chain involving a .zip TLD, Windows Explorer, WebDAV and a jar file.
https://t.co/MnZtTD2ZMd
🔗 https://badoption.eu/blog/2023/06/01/zipjar.html
🐥 [ tweet ]
🔥7
Когда-то давно я прошел машину Fuse на HackTheBox и решил переписать базовую логику smbpasswd на Python, используя Impacket, а потом создал PR с предложением нового скрипта для examples. На удивление эта идея зашла сообществу, т. к. оказывается, многие страдали от нехватки способов удаленной смены протухших паролей в AD, оперируя с Linux.
Приятно видеть, что твой крошечный вклад в сообщество нашел свою нишу и продолжает развиваться уже без твоей помощи: недавно для
🔗 https://github.com/fortra/impacket/pull/1559
Приятно видеть, что твой крошечный вклад в сообщество нашел свою нишу и продолжает развиваться уже без твоей помощи: недавно для
smbpasswd.py завезли поддержку новых транспортов и методов аутентификации, объединив таким образом несколько других пулл-реквестов в один скрипт changepasswd.py, который теперь реализует 4 из 6 известных протоколов смены пароля в Windows. Грац!🔗 https://github.com/fortra/impacket/pull/1559
🔥18
😈 [ dec0ne, Mor Davidovich ]
Introducing DavRelayUp - A port of #KrbRelayUp with modifications to allow for NTLM relay from WebDAV to LDAP and abuse #RBCD in order achieve #LPE in domain-joined windows workstations where LDAP signing is not enforced.
Demo in second tweet.
https://t.co/mUYoUJin2l
🔗 https://github.com/Dec0ne/DavRelayUp
🐥 [ tweet ]
Introducing DavRelayUp - A port of #KrbRelayUp with modifications to allow for NTLM relay from WebDAV to LDAP and abuse #RBCD in order achieve #LPE in domain-joined windows workstations where LDAP signing is not enforced.
Demo in second tweet.
https://t.co/mUYoUJin2l
🔗 https://github.com/Dec0ne/DavRelayUp
🐥 [ tweet ]
🔥5
Offensive Xwitter
😈 [ dec0ne, Mor Davidovich ] Introducing DavRelayUp - A port of #KrbRelayUp with modifications to allow for NTLM relay from WebDAV to LDAP and abuse #RBCD in order achieve #LPE in domain-joined windows workstations where LDAP signing is not enforced. Demo…
Справедливости ради - мой коллега перешаманил KrbRelayUp в DavRelayUp, когда это еще не было мейнстримом 😐
🔗 https://github.com/BronzeBee/DavRelayUp
🔗 https://github.com/BronzeBee/DavRelayUp
🔥8
😈 [ ZeroMemoryEx, V2 ]
Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes
https://t.co/UGt7cd1DYu
🔗 https://github.com/ZeroMemoryEx/Terminator
🐥 [ tweet ]
Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes
https://t.co/UGt7cd1DYu
🔗 https://github.com/ZeroMemoryEx/Terminator
🐥 [ tweet ]
🔥3
😈 [ SEKTOR7net, SEKTOR7 Institute ]
Sliver comms from a threat hunter's perspective, by Kevin Breen of @immersivelabs
#redteam
https://t.co/apzLfFtYjX
🔗 https://www.immersivelabs.com/blog/detecting-and-decrypting-sliver-c2-a-threat-hunters-guide/
🐥 [ tweet ]
Sliver comms from a threat hunter's perspective, by Kevin Breen of @immersivelabs
#redteam
https://t.co/apzLfFtYjX
🔗 https://www.immersivelabs.com/blog/detecting-and-decrypting-sliver-c2-a-threat-hunters-guide/
🐥 [ tweet ]
😈 [ eversinc33, eversinc33 ]
Dumbest AMSI bypass I know so far, but it works: sideloading a fake amsi.dll to a copied version of powershell which simply return S_OK / AMSI_RESULT_CLEAN for every command. I would have thought that there was some kind of signature check upon loading amsi.dll but apparently not
🐥 [ tweet ]
Dumbest AMSI bypass I know so far, but it works: sideloading a fake amsi.dll to a copied version of powershell which simply return S_OK / AMSI_RESULT_CLEAN for every command. I would have thought that there was some kind of signature check upon loading amsi.dll but apparently not
🐥 [ tweet ]
😁4
😈 [ Octoberfest73, Octoberfest7 ]
Here is my latest, DropSpawn. This is a CS BOF used to spawn additional beacons via a little-known DLL hijacking method that I posted about ~2 months ago. Use as an alternative to process injection and force most any System32 exe to load an arbitrary DLL https://t.co/50GSW4vEJm
🔗 https://github.com/Octoberfest7/DropSpawn_BOF
🐥 [ tweet ]
Here is my latest, DropSpawn. This is a CS BOF used to spawn additional beacons via a little-known DLL hijacking method that I posted about ~2 months ago. Use as an alternative to process injection and force most any System32 exe to load an arbitrary DLL https://t.co/50GSW4vEJm
🔗 https://github.com/Octoberfest7/DropSpawn_BOF
🐥 [ tweet ]
😈 [ ShitSecure, S3cur3Th1sSh1t ]
Last year we did analyse malware from a group targeting malware devs and or offensive security people. Here’s the story, which is also our first technical blog post - more to follow 🙌:
https://t.co/YGMDfP3hLQ
🔗 https://www.r-tec.net/r-tec-blog-when-hackers-hack-the-hackers.html
🐥 [ tweet ]
Last year we did analyse malware from a group targeting malware devs and or offensive security people. Here’s the story, which is also our first technical blog post - more to follow 🙌:
https://t.co/YGMDfP3hLQ
🔗 https://www.r-tec.net/r-tec-blog-when-hackers-hack-the-hackers.html
🐥 [ tweet ]
😈 [ _RastaMouse, Rasta Mouse ]
[BLOG]
Bypassing Defender with ThreatCheck & Ghidra
https://t.co/6pgw8NGzq1
🔗 https://offensivedefence.co.uk/posts/threatcheck-ghidra/
🐥 [ tweet ]
[BLOG]
Bypassing Defender with ThreatCheck & Ghidra
https://t.co/6pgw8NGzq1
🔗 https://offensivedefence.co.uk/posts/threatcheck-ghidra/
🐥 [ tweet ]
🔥4
😈 [ zyn3rgy, Nick Powers ]
Need something to spice up your initial access payloads? ClickOnce may not be a new choice for attackers, but follow along with @0xthirteen and I as we break down our research on using this vector to achieve more trustworthy initial code execution.
https://t.co/rOHo9gjk9X
🔗 https://posts.specterops.io/less-smartscreen-more-caffeine-ab-using-clickonce-for-trusted-code-execution-1446ea8051c5
☢️ "ClickOnce + AppDomain Manager Injection (aka signed EXE + DLL sideloading) is the new Initial Access Hotness" (c) @mariuszbit
🐥 [ tweet ]
Need something to spice up your initial access payloads? ClickOnce may not be a new choice for attackers, but follow along with @0xthirteen and I as we break down our research on using this vector to achieve more trustworthy initial code execution.
https://t.co/rOHo9gjk9X
🔗 https://posts.specterops.io/less-smartscreen-more-caffeine-ab-using-clickonce-for-trusted-code-execution-1446ea8051c5
☢️ "ClickOnce + AppDomain Manager Injection (aka signed EXE + DLL sideloading) is the new Initial Access Hotness" (c) @mariuszbit
🐥 [ tweet ]
🔥1
😈 [ d3lb3_, Julien Bedel ]
After January's patch of KeePass trigger abuse technique, I decided to take a deep dive into the software features, ending up with new ways to extract passwords through the the configuration file!
Details and mitigations below, enjoy the read ✌️
https://t.co/nhaad3p6dw
🔗 https://d3lb3.github.io/keepass_triggers_arent_dead
🐥 [ tweet ]
After January's patch of KeePass trigger abuse technique, I decided to take a deep dive into the software features, ending up with new ways to extract passwords through the the configuration file!
Details and mitigations below, enjoy the read ✌️
https://t.co/nhaad3p6dw
🔗 https://d3lb3.github.io/keepass_triggers_arent_dead
🐥 [ tweet ]
🤯4🔥2
😈 [ bohops, bohops ]
[Blog] No Alloc, No Problem: Leveraging Program Entry Points for Process Injection
An analysis of AddressOfEntryPoint and the 'new' ThreadQuerySetWin32StartAddress (ThreadQuery) process injection techniques
https://t.co/K9DuL5he0h
🔗 https://bohops.com/2023/06/09/no-alloc-no-problem-leveraging-program-entry-points-for-process-injection/
🐥 [ tweet ]
[Blog] No Alloc, No Problem: Leveraging Program Entry Points for Process Injection
An analysis of AddressOfEntryPoint and the 'new' ThreadQuerySetWin32StartAddress (ThreadQuery) process injection techniques
https://t.co/K9DuL5he0h
🔗 https://bohops.com/2023/06/09/no-alloc-no-problem-leveraging-program-entry-points-for-process-injection/
🐥 [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ t3l3machus, Panagiotis Chartas ]
A browser Man-In-The-Middle attack in 58 seconds, using #toxssin.
⚙ GitHub -> https://t.co/1IVyfjakJ5
🎥 Full video -> https://t.co/v1Oapbw8uU
Please subscribe -> https://t.co/Gcekp1Gagb
#hacking #hackingtools #xss #pentesting #redteam #t3l3machus https://t.co/zJ2Fv99iOR
🔗 https://github.com/t3l3machus/toxssin
🔗 https://youtu.be/Z9I4UJUBrrY
🔗 https://www.youtube.com/@HaxorTechTones
🐥 [ tweet ]
A browser Man-In-The-Middle attack in 58 seconds, using #toxssin.
⚙ GitHub -> https://t.co/1IVyfjakJ5
🎥 Full video -> https://t.co/v1Oapbw8uU
Please subscribe -> https://t.co/Gcekp1Gagb
#hacking #hackingtools #xss #pentesting #redteam #t3l3machus https://t.co/zJ2Fv99iOR
🔗 https://github.com/t3l3machus/toxssin
🔗 https://youtu.be/Z9I4UJUBrrY
🔗 https://www.youtube.com/@HaxorTechTones
🐥 [ tweet ]
🔥7
😈 [ zimnyaatishina, zimnyaa ]
It's an okay language.
https://t.co/mr46UrK4CL
🔗 https://tishina.in/execution/golang-winmaldev-basics
🐥 [ tweet ]
It's an okay language.
https://t.co/mr46UrK4CL
🔗 https://tishina.in/execution/golang-winmaldev-basics
🐥 [ tweet ]
Offensive Xwitter
😈 [ ZeroMemoryEx, V2 ] Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes https://t.co/UGt7cd1DYu 🔗 https://github.com/ZeroMemoryEx/Terminator 🐥 [ tweet ]
😈 [ merterpreter, mert ]
SharpTerminatator is a C# port of ZeroMemoryEx's art piece called Terminator. It can be used with Cobalt Strike's execute-assembly or as a standalone executable.
All hail goes to him.
and ofcourse spyboy :)
https://t.co/m8KqH4kVAt
🔗 https://github.com/mertdas/SharpTerminator
🐥 [ tweet ]
SharpTerminatator is a C# port of ZeroMemoryEx's art piece called Terminator. It can be used with Cobalt Strike's execute-assembly or as a standalone executable.
All hail goes to him.
and ofcourse spyboy :)
https://t.co/m8KqH4kVAt
🔗 https://github.com/mertdas/SharpTerminator
🐥 [ tweet ]
😈 [ DarkCoderSc, Jean-Pierre LESUEUR ]
🛸👽 Interested in C2 over FTP(S)? Explore my new project, SharpFtpC2, which enables execution of shell commands on remote systems via FTP(S). Currently in beta and lacking encryption, but it's on the way: https://t.co/9Dkf19MhJL
#InfoSec #Malware #Network #Evasion #FTP
🔗 https://github.com/DarkCoderSc/SharpFtpC2
🐥 [ tweet ]
🛸👽 Interested in C2 over FTP(S)? Explore my new project, SharpFtpC2, which enables execution of shell commands on remote systems via FTP(S). Currently in beta and lacking encryption, but it's on the way: https://t.co/9Dkf19MhJL
#InfoSec #Malware #Network #Evasion #FTP
🔗 https://github.com/DarkCoderSc/SharpFtpC2
🐥 [ tweet ]
🔥3
😈 [ 0xdeaddood, leandro ]
📝Want to know more? Check out my new blogpost! Forging tickets in 2023 with Impacket 🎟️.
https://t.co/TYEiUMVNEc
🔗 https://0xdeaddood.rocks/2023/05/11/forging-tickets-in-2023/
🐥 [ tweet ]
📝Want to know more? Check out my new blogpost! Forging tickets in 2023 with Impacket 🎟️.
https://t.co/TYEiUMVNEc
🔗 https://0xdeaddood.rocks/2023/05/11/forging-tickets-in-2023/
🐥 [ tweet ]
👍2
😈 [ mariuszbit, mgeeky | Mariusz Banach ]
Game cheaters don't get along with Red Teamers very well 😭
https://t.co/J4cktI3qDg
🔗 https://www.unknowncheats.me/forum/anti-cheat-bypass/587585-terminator.html
🐥 [ tweet ]
Game cheaters don't get along with Red Teamers very well 😭
https://t.co/J4cktI3qDg
🔗 https://www.unknowncheats.me/forum/anti-cheat-bypass/587585-terminator.html
🐥 [ tweet ]
з. ы. комменты в твиттер треде доставляют не меньше комментов на unknowncheats😁4