Offensive Xwitter – Telegram
Offensive Xwitter
@OffensiveTwitter
19.4K subscribers
908 photos
48 videos
21 files
2.09K links
~$ socat TWITTER-LISTEN:443,fork,reuseaddr TELEGRAM:1.3.3.7:31337

Disclaimer: https://news.1rj.ru/str/OffensiveTwitter/546
Download Telegram
About
Blog
Apps
Platform
Join
Offensive Xwitter
19.4K subscribers
Offensive Xwitter
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ 0gtweet, Grzegorz Tworek ]

Netsh.exe relies on extensions taken from Registry, which means it may be used as a persistence.
And what, if you go one step further, extending netsh with a DLL allowing you to do whatever you want? Kinda #LOLBin 😎
Enjoy the C code and DLL, as usual: https://t.co/xfm1Mxaf4F

🔗 https://github.com/gtworek/PSBits/tree/master/NetShRun

🐥 [ tweet ]
👍4
1.38K views
Offensive Xwitter
Немного кодгольфа для парсинга вывода pypykatz 🤪

pypykatz lsa minidump lsass.dmp 2>/dev/null | python3 <(wget -qO- https://gist.github.com/snovvcrash/d77a3ea5401498da95e1fab840122bea/raw/554b5621eed33be158c1583a17d50448964cefa8/pypyparse.py)


🔗 https://gist.github.com/snovvcrash/d77a3ea5401498da95e1fab840122bea
👍4😁3🥱1
1.32K views
Offensive Xwitter
😈 [ HakaiOffsec, Hakai Offsec ]

After some hard work, coffee has been released! Our newest Rust COFF Loader!
If you want to check it out:
Don’t forget to check our blog post for more details:

🔗 https://github.com/hakaioffsec/coffee
🔗 https://labs.hakaioffsec.com/coffee-a-coff-loader-made-in-rust/

🐥 [ tweet ]
👍1
1.29K views
Offensive Xwitter
Forwarded from RedTeam brazzers (Миша)
Кража KeyTab.

Во время тестирования на проникновение часто встречаются системы Linux с настроенным Keytab. Keytab хранит пары принципала кербероса и его зашифрованных ключей. С помощью этих зашифрованных ключей можно получить TGT. В результате чего появляется возможность запросить TGT на имя принципала без ввода пароля. Kerberos на Linux уже далеко не редкость - гетерогенные сети становятся все более популярными по ряду причин. Например, может быть такой сценарий, что на Linux бекапится содержимое какой-либо шары, при этом получить доступ к этой шаре могут только пользователи домена. В таком случае пишется простенький скрипт на баш, в котором реализуется логика по запросу TGT тикета на основе KeyTab, а затем копирования файлов с шары. Причем для периодичности запуска скрипт добавляется в crontab.

Нам, как атакующим, конечно же, интересен процесс запроса TGT билета на основе KeyTab. Для этого можно использовать команду kinit со следующим синтаксисом:
kinit –kt <keytab> <принципал>

Например, если файл /tmp/admin.keytab служит для аутентификации пользователя admin@OFFICE.LOCAL , то делаем вот так:
kinit -kt /tmp/admin.keytab admin@OFFICE.LOCAL

Остается лишь одна проблема - обнаружение самих KeyTab файлов. Конечно, можно ручками через find искать эти файлы, потом также муторно проверять разрешения на них, что не есть хорошо. Поэтому я накалякал следующий командлет, который автоматически найдет все .keytab файлы , а затем подсветит интересные разными цветами:
1. Зеленым подсвечиваются те файлы, которые принадлежат текущему пользователю.
2. Желтым подсвечиваются те файлы, которые принадлежат пользователю, отличному от текущего, при этом текущий пользователь не имеет достаточных прав (чтение/запись) на этот самый KeyTab.
3. Наконец, красным подсвечиваются файлы, которые принадлежат пользователю, отличному от текущего, при этом текущий пользователь имеет достаточные права на этот самый KeyTab.

find / -iname '*.keytab' -type f -exec ls -l {} \; 2>/dev/null | awk -v user="$(whoami)" 'BEGIN { FS = OFS = " "; red = "\033[31m"; yellow = "\033[33m"; green = "\033[32m"; reset = "\033[0m" } { if ($3 == user && $9 ~ /.keytab$/) { printf green } else if ($3 != user && $9 ~ /.keytab$/ && $1 ~ /^-.w.r../) { printf red } else if ($3 != user && $9 ~ /.keytab$/ && ($1 !~ /^.w.r../ || $1 !~ /^-.w../)) { printf yellow } print $0; printf reset }'
🔥5👍1
980 views
Offensive Xwitter
😈 [ stephenfewer, Stephen Fewer ]

Last Friday's @metasploit release adds coverage for CVE-2023-34362 in MOVEit Transfer, great work by @tychos_moose, @iagox86, @_CField and team. Nice to see the new fetch payloads in action too🔥Check out the release here:

🔗 https://www.rapid7.com/blog/post/2023/06/23/metasploit-weekly-wrap-up-16/

🐥 [ tweet ]
😁2🔥1
1.39K views
Offensive Xwitter
😈 [ mpgn_x64, mpgn ]

3, 2, 1 CrackMapExec 6.0.0 is now public ! 🎉

So much new features and fix that I've made a blogpost for it ▶️


Special thanks to @_zblurx @MJHallenbeck & @al3x_n3ff for their indefectible support & contributions ! 🍻

🔗 https://wiki.porchetta.industries/news/a-new-home

🐥 [ tweet ]
👍2🔥2
3.18K views
Offensive Xwitter
😈 [ _zblurx, Thomas Seigneuret ]

Want to bypass Windows Defender when dumping LSASS ? Just dump into .log files😅

🐥 [ tweet ]
🔥4😁2👍1😢1
1.64K views
Offensive Xwitter
😈 [ kleiton0x7e, Kleiton Kurti ]

Came up with an improved version of WMIExec. By leveraging the Win32_ScheduledJob class, we can remotely create scheduled jobs. This way it's not required anymore to rely on port 139 and 445.

Github:

#CyberSecurity #redteam #infosec #infosecurity

🔗 https://github.com/WKL-Sec/wmiexec/

🐥 [ tweet ]
🔥3
1.37K views
Offensive Xwitter
😈 [ passthehashbrwn, Josh ]

Just published a new blog post covering how to hide Beacon during BOF execution. If your BOF triggers a memory scan then EDR is likely to find Beacon and kill your process, but we can mask it using a simple technique.

🔗 https://securityintelligence.com/posts/how-to-hide-beacon-during-bof-execution/
🔗 https://github.com/xforcered/bofmask

🐥 [ tweet ]
🔥3
1.36K viewsedited  
Offensive Xwitter
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ an0n_r0, an0n ]

Just recreated this awesome @SpecterOps (@zyn3rgy, @0xthirteen) technique for initial access by #backdooring a random #ClickOnce application with a Cobalt Strike stager. While I became a ClickOnce addict🙃, compiled a short writeup about my journey:

🔗 https://an0n-r0.medium.com/backdooring-clickonce-net-for-initial-access-a-practical-example-1eb6863c0579

🐥 [ tweet ][ quote ]
👍7
1.54K views
Offensive Xwitter
Forwarded from Волосатый бублик
4 новых видео на канале SpecterOps

Security Distilled: Building a First-Principles Approach to Security
https://www.youtube.com/watch?v=zjJaYwqVHxY

A Taste of Kerberos Abuse
https://www.youtube.com/watch?v=9SUXifUp9ZY

The BloodHound 4.3 Release: Get Global Admin More Often
https://www.youtube.com/watch?v=H1q-CBHbmHE

Red + Blue, How Purple Are You? Identifying Gaps in The Spectrum of Security
https://www.youtube.com/watch?v=B_2AfoT2WxU
👍3🔥1
1.16K views
Offensive Xwitter
😈 [ ricnar456, Ricardo Narvaja ]

As promised, the research on CVE-2023-28252 is already published with its PoC and the detailed explanation of the reversing that we did with my friend @solidclt.

🔗 https://www.coresecurity.com/core-labs/articles/understanding-cve-2022-37969-windows-clfs-lpe
🔗 https://github.com/fortra/CVE-2023-28252

🐥 [ tweet ]
🔥6
1.48K viewsedited  
Offensive Xwitter
This media is not supported in your browser
VIEW IN TELEGRAM
Долистал твиттер до рейт лимита, поэтому вместо постов про пенетресты вот
😢8👍3🔥2
1.25K views
Offensive Xwitter
😈 [ VirtualAllocEx, Daniel Feichter ]

Although the Hell's Gate POC is a few years old, I was interested in understanding it in more detail.
So I wrote the new blog post "Exploring Hell's Gate" - an in-depth look at Hell's Gate.

🔗 https://redops.at/en/blog/exploring-hells-gate

🐥 [ tweet ]
👍1
1.29K views
Offensive Xwitter
😈 [ _RastaMouse, Rasta Mouse ]

[BLOG]
Short post showing how C# Source Generators could be used to build customisable implants.

🔗 https://rastamouse.me/csharp-source-generators/

🐥 [ tweet ]
👍1
1.23K views
Offensive Xwitter
😈 [ D1rkMtr, D1rkMtr ]

A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes, It utilizes a low-level keyboard input hook, allowing it to record keystrokes in certain contexts (like in mstsc.exe and CredentialUIBroker.exe)

🔗 https://github.com/TheD1rkMtr/TakeMyRDP

🐥 [ tweet ]
👍4
1.22K views
Offensive Xwitter
😈 [ HackAndDo, Pixis ]

Here we go, new articles are ready on a brand new and exciting topic, smart contracts security! ⛓️

To get things off to a good start, here's the first article, Blockchain 101.
Happy reading!

🔗 https://en.hackndo.com/blockchain/

🐥 [ tweet ]

не сильно увлекаюсь блокчейнами, но почитать можно раз от увОжаемого автора
🔥4👍2
1.17K views
Offensive Xwitter
😈 [ sensepost, Orange Cyberdefense's SensePost Team ]

Read how you can JOIN @steampipeio on @pdiscoveryio to get structured output in your reconnaissance / footprinting / bugbounty data in this experimental steampipe plugin by @leonjza!

Code here:

🔗 https://sensepost.com/blog/2023/select-from-projectdiscovery-join-steampipe/
🔗 https://github.com/sensepost/steampipe-plugin-projectdiscovery

🐥 [ tweet ]
🔥2👍1
1.28K viewsedited  
Offensive Xwitter
😈 [ Octoberfest73, Octoberfest7 ]

Happy early 4th- TeamsPhisher is out now! Send messages + attachments to external Teams users for the purpose of phishing for access.

This short project was a fun departure from all of the BOF and Post-ex stuff I typically focus on.

#redteam #Malware

🔗 https://github.com/Octoberfest7/TeamsPhisher

🐥 [ tweet ]
🔥3😁1
1.24K views
Offensive Xwitter
😈 [ SEKTOR7net, SEKTOR7 Institute ]

A guide to building your engagement infrastructure, by André Tschapeller (@hipstertrojan)

#redteam

🔗 https://www.securesystems.de/blog/building-a-red-team-infrastructure-in-2023/

🐥 [ tweet ]
🔥1
1.36K views
Offensive Xwitter
😈 [ rayanlecat, Rayan Bouyaiche ]

Hello everyone ! This weekend I participated to @_leHACK_ where i could do the CrackMapExec workshop of @mpgn_x64 . I did a little writeup if you're interested

🔗 https://rayanlecat.ghost.io/write-up-workshop-cme-lehack-2023/

🐥 [ tweet ]
🔥6
1.31K views