😈 [ Octoberfest73, Octoberfest7 ]
Here is my latest, DropSpawn. This is a CS BOF used to spawn additional beacons via a little-known DLL hijacking method that I posted about ~2 months ago. Use as an alternative to process injection and force most any System32 exe to load an arbitrary DLL https://t.co/50GSW4vEJm
🔗 https://github.com/Octoberfest7/DropSpawn_BOF
🐥 [ tweet ]
Here is my latest, DropSpawn. This is a CS BOF used to spawn additional beacons via a little-known DLL hijacking method that I posted about ~2 months ago. Use as an alternative to process injection and force most any System32 exe to load an arbitrary DLL https://t.co/50GSW4vEJm
🔗 https://github.com/Octoberfest7/DropSpawn_BOF
🐥 [ tweet ]
😈 [ ShitSecure, S3cur3Th1sSh1t ]
Last year we did analyse malware from a group targeting malware devs and or offensive security people. Here’s the story, which is also our first technical blog post - more to follow 🙌:
https://t.co/YGMDfP3hLQ
🔗 https://www.r-tec.net/r-tec-blog-when-hackers-hack-the-hackers.html
🐥 [ tweet ]
Last year we did analyse malware from a group targeting malware devs and or offensive security people. Here’s the story, which is also our first technical blog post - more to follow 🙌:
https://t.co/YGMDfP3hLQ
🔗 https://www.r-tec.net/r-tec-blog-when-hackers-hack-the-hackers.html
🐥 [ tweet ]
😈 [ _RastaMouse, Rasta Mouse ]
[BLOG]
Bypassing Defender with ThreatCheck & Ghidra
https://t.co/6pgw8NGzq1
🔗 https://offensivedefence.co.uk/posts/threatcheck-ghidra/
🐥 [ tweet ]
[BLOG]
Bypassing Defender with ThreatCheck & Ghidra
https://t.co/6pgw8NGzq1
🔗 https://offensivedefence.co.uk/posts/threatcheck-ghidra/
🐥 [ tweet ]
🔥4
😈 [ zyn3rgy, Nick Powers ]
Need something to spice up your initial access payloads? ClickOnce may not be a new choice for attackers, but follow along with @0xthirteen and I as we break down our research on using this vector to achieve more trustworthy initial code execution.
https://t.co/rOHo9gjk9X
🔗 https://posts.specterops.io/less-smartscreen-more-caffeine-ab-using-clickonce-for-trusted-code-execution-1446ea8051c5
☢️ "ClickOnce + AppDomain Manager Injection (aka signed EXE + DLL sideloading) is the new Initial Access Hotness" (c) @mariuszbit
🐥 [ tweet ]
Need something to spice up your initial access payloads? ClickOnce may not be a new choice for attackers, but follow along with @0xthirteen and I as we break down our research on using this vector to achieve more trustworthy initial code execution.
https://t.co/rOHo9gjk9X
🔗 https://posts.specterops.io/less-smartscreen-more-caffeine-ab-using-clickonce-for-trusted-code-execution-1446ea8051c5
☢️ "ClickOnce + AppDomain Manager Injection (aka signed EXE + DLL sideloading) is the new Initial Access Hotness" (c) @mariuszbit
🐥 [ tweet ]
🔥1
😈 [ d3lb3_, Julien Bedel ]
After January's patch of KeePass trigger abuse technique, I decided to take a deep dive into the software features, ending up with new ways to extract passwords through the the configuration file!
Details and mitigations below, enjoy the read ✌️
https://t.co/nhaad3p6dw
🔗 https://d3lb3.github.io/keepass_triggers_arent_dead
🐥 [ tweet ]
After January's patch of KeePass trigger abuse technique, I decided to take a deep dive into the software features, ending up with new ways to extract passwords through the the configuration file!
Details and mitigations below, enjoy the read ✌️
https://t.co/nhaad3p6dw
🔗 https://d3lb3.github.io/keepass_triggers_arent_dead
🐥 [ tweet ]
🤯4🔥2
😈 [ bohops, bohops ]
[Blog] No Alloc, No Problem: Leveraging Program Entry Points for Process Injection
An analysis of AddressOfEntryPoint and the 'new' ThreadQuerySetWin32StartAddress (ThreadQuery) process injection techniques
https://t.co/K9DuL5he0h
🔗 https://bohops.com/2023/06/09/no-alloc-no-problem-leveraging-program-entry-points-for-process-injection/
🐥 [ tweet ]
[Blog] No Alloc, No Problem: Leveraging Program Entry Points for Process Injection
An analysis of AddressOfEntryPoint and the 'new' ThreadQuerySetWin32StartAddress (ThreadQuery) process injection techniques
https://t.co/K9DuL5he0h
🔗 https://bohops.com/2023/06/09/no-alloc-no-problem-leveraging-program-entry-points-for-process-injection/
🐥 [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ t3l3machus, Panagiotis Chartas ]
A browser Man-In-The-Middle attack in 58 seconds, using #toxssin.
⚙ GitHub -> https://t.co/1IVyfjakJ5
🎥 Full video -> https://t.co/v1Oapbw8uU
Please subscribe -> https://t.co/Gcekp1Gagb
#hacking #hackingtools #xss #pentesting #redteam #t3l3machus https://t.co/zJ2Fv99iOR
🔗 https://github.com/t3l3machus/toxssin
🔗 https://youtu.be/Z9I4UJUBrrY
🔗 https://www.youtube.com/@HaxorTechTones
🐥 [ tweet ]
A browser Man-In-The-Middle attack in 58 seconds, using #toxssin.
⚙ GitHub -> https://t.co/1IVyfjakJ5
🎥 Full video -> https://t.co/v1Oapbw8uU
Please subscribe -> https://t.co/Gcekp1Gagb
#hacking #hackingtools #xss #pentesting #redteam #t3l3machus https://t.co/zJ2Fv99iOR
🔗 https://github.com/t3l3machus/toxssin
🔗 https://youtu.be/Z9I4UJUBrrY
🔗 https://www.youtube.com/@HaxorTechTones
🐥 [ tweet ]
🔥7
😈 [ zimnyaatishina, zimnyaa ]
It's an okay language.
https://t.co/mr46UrK4CL
🔗 https://tishina.in/execution/golang-winmaldev-basics
🐥 [ tweet ]
It's an okay language.
https://t.co/mr46UrK4CL
🔗 https://tishina.in/execution/golang-winmaldev-basics
🐥 [ tweet ]
Offensive Xwitter
😈 [ ZeroMemoryEx, V2 ] Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes https://t.co/UGt7cd1DYu 🔗 https://github.com/ZeroMemoryEx/Terminator 🐥 [ tweet ]
😈 [ merterpreter, mert ]
SharpTerminatator is a C# port of ZeroMemoryEx's art piece called Terminator. It can be used with Cobalt Strike's execute-assembly or as a standalone executable.
All hail goes to him.
and ofcourse spyboy :)
https://t.co/m8KqH4kVAt
🔗 https://github.com/mertdas/SharpTerminator
🐥 [ tweet ]
SharpTerminatator is a C# port of ZeroMemoryEx's art piece called Terminator. It can be used with Cobalt Strike's execute-assembly or as a standalone executable.
All hail goes to him.
and ofcourse spyboy :)
https://t.co/m8KqH4kVAt
🔗 https://github.com/mertdas/SharpTerminator
🐥 [ tweet ]
😈 [ DarkCoderSc, Jean-Pierre LESUEUR ]
🛸👽 Interested in C2 over FTP(S)? Explore my new project, SharpFtpC2, which enables execution of shell commands on remote systems via FTP(S). Currently in beta and lacking encryption, but it's on the way: https://t.co/9Dkf19MhJL
#InfoSec #Malware #Network #Evasion #FTP
🔗 https://github.com/DarkCoderSc/SharpFtpC2
🐥 [ tweet ]
🛸👽 Interested in C2 over FTP(S)? Explore my new project, SharpFtpC2, which enables execution of shell commands on remote systems via FTP(S). Currently in beta and lacking encryption, but it's on the way: https://t.co/9Dkf19MhJL
#InfoSec #Malware #Network #Evasion #FTP
🔗 https://github.com/DarkCoderSc/SharpFtpC2
🐥 [ tweet ]
🔥3
😈 [ 0xdeaddood, leandro ]
📝Want to know more? Check out my new blogpost! Forging tickets in 2023 with Impacket 🎟️.
https://t.co/TYEiUMVNEc
🔗 https://0xdeaddood.rocks/2023/05/11/forging-tickets-in-2023/
🐥 [ tweet ]
📝Want to know more? Check out my new blogpost! Forging tickets in 2023 with Impacket 🎟️.
https://t.co/TYEiUMVNEc
🔗 https://0xdeaddood.rocks/2023/05/11/forging-tickets-in-2023/
🐥 [ tweet ]
👍2
😈 [ mariuszbit, mgeeky | Mariusz Banach ]
Game cheaters don't get along with Red Teamers very well 😭
https://t.co/J4cktI3qDg
🔗 https://www.unknowncheats.me/forum/anti-cheat-bypass/587585-terminator.html
🐥 [ tweet ]
Game cheaters don't get along with Red Teamers very well 😭
https://t.co/J4cktI3qDg
🔗 https://www.unknowncheats.me/forum/anti-cheat-bypass/587585-terminator.html
🐥 [ tweet ]
з. ы. комменты в твиттер треде доставляют не меньше комментов на unknowncheats😁4
😈 [ _RastaMouse, Rasta Mouse ]
Dang 600,000...
🐥 [ tweet ]
Dang 600,000...
🐥 [ tweet ]
мы тут такие сесурные, у нас pbkdf2 выставлен в 600к итераций… правда нас ломают через день, но это другое, то-о-очно… убегайте от этих неадекватов на селф-хостед битварден, кстати👍2😁2
😈 [ an0n_r0, an0n ]
poor man's browser pivot through chrome remote debugging.🔥
no need to inject into iexplorer anymore.💪
just came across this awesome solution shared by @NotMedic long ago: https://t.co/oPU8cZnecv
and this is also working with msedge (it shares the same chromium engine)!🎉
🔗 https://gist.github.com/NotMedic/b1ab7809eea94cc05513905b26964663
🐥 [ tweet ]
poor man's browser pivot through chrome remote debugging.🔥
no need to inject into iexplorer anymore.💪
just came across this awesome solution shared by @NotMedic long ago: https://t.co/oPU8cZnecv
and this is also working with msedge (it shares the same chromium engine)!🎉
🔗 https://gist.github.com/NotMedic/b1ab7809eea94cc05513905b26964663
🐥 [ tweet ]
😈 [ ghostlulz1337, ghostlulz ]
If you want to learn more about Internal Pentesting & Red Teaming these are some really good resources
🔗 https://book.hacktricks.xyz/
🔗 https://www.thehacker.recipes/
🔗 https://ppn.snovvcrash.rocks/
🔗 https://cheats.philkeeble.com/
🔗 https://dmcxblue.gitbook.io/
🔗 https://www.vincentyiu.com/
🔗 https://www.ired.team/
🐥 [ tweet ]
If you want to learn more about Internal Pentesting & Red Teaming these are some really good resources
🔗 https://book.hacktricks.xyz/
🔗 https://www.thehacker.recipes/
🔗 https://ppn.snovvcrash.rocks/
🔗 https://cheats.philkeeble.com/
🔗 https://dmcxblue.gitbook.io/
🔗 https://www.vincentyiu.com/
🔗 https://www.ired.team/
🐥 [ tweet ]
🔥9
😈 [ ippsec, ippsec ]
Third part in my Configuring Parrot via Ansible Series is now up. This one configures both Firefox and Burpsuite, and hopefully will serve as a good intro to Jinja2 Templating, which makes customizing noscripts/files a breeze. Check out the video here:
Part 1
🔗 https://youtu.be/2y68gluYTcc
Part 2
🔗 https://youtu.be/VRz_vtPBZzA
Part 3
🔗 https://youtu.be/XDJB0TVKtNk
🐥 [ tweet ]
Third part in my Configuring Parrot via Ansible Series is now up. This one configures both Firefox and Burpsuite, and hopefully will serve as a good intro to Jinja2 Templating, which makes customizing noscripts/files a breeze. Check out the video here:
Part 1
🔗 https://youtu.be/2y68gluYTcc
Part 2
🔗 https://youtu.be/VRz_vtPBZzA
Part 3
🔗 https://youtu.be/XDJB0TVKtNk
🐥 [ tweet ]
🔥3👍1
😈 [ ZephrFish, Andy ]
Great post from @_RayRT on abusing different Active Directory object controls and how to detect them https://t.co/CFQvEuA0Rv #RedTeam #blueteam #purpleteam #cti
🔗 http://labs.lares.com/securing-active-directory-via-acls/
🐥 [ tweet ]
Great post from @_RayRT on abusing different Active Directory object controls and how to detect them https://t.co/CFQvEuA0Rv #RedTeam #blueteam #purpleteam #cti
🔗 http://labs.lares.com/securing-active-directory-via-acls/
🐥 [ tweet ]
👍6
😈 [ an0n_r0, an0n ]
Mini-HOWTO about setting up Full Disk Encryption with unattended auto-unlock using TPM2 w/ Secure Boot on Kali.
Useful for rogue devices (auto-connecting to C2), headless pentest boxes, etc. storing confidential information but lacking physical security.
https://t.co/vOXnlpZcm6
🔗 https://gist.github.com/tothi/c7fdaaca3d61b7e3298863ada358fc1e
🐥 [ tweet ]
Mini-HOWTO about setting up Full Disk Encryption with unattended auto-unlock using TPM2 w/ Secure Boot on Kali.
Useful for rogue devices (auto-connecting to C2), headless pentest boxes, etc. storing confidential information but lacking physical security.
https://t.co/vOXnlpZcm6
🔗 https://gist.github.com/tothi/c7fdaaca3d61b7e3298863ada358fc1e
🐥 [ tweet ]
🔥2