😈 [ stephenfewer, Stephen Fewer ]
Last Friday's @metasploit release adds coverage for CVE-2023-34362 in MOVEit Transfer, great work by @tychos_moose, @iagox86, @_CField and team. Nice to see the new fetch payloads in action too🔥Check out the release here:
🔗 https://www.rapid7.com/blog/post/2023/06/23/metasploit-weekly-wrap-up-16/
🐥 [ tweet ]
Last Friday's @metasploit release adds coverage for CVE-2023-34362 in MOVEit Transfer, great work by @tychos_moose, @iagox86, @_CField and team. Nice to see the new fetch payloads in action too🔥Check out the release here:
🔗 https://www.rapid7.com/blog/post/2023/06/23/metasploit-weekly-wrap-up-16/
🐥 [ tweet ]
😁2🔥1
😈 [ mpgn_x64, mpgn ]
3, 2, 1 CrackMapExec 6.0.0 is now public ! 🎉
So much new features and fix that I've made a blogpost for it ▶️
Special thanks to @_zblurx @MJHallenbeck & @al3x_n3ff for their indefectible support & contributions ! 🍻
🔗 https://wiki.porchetta.industries/news/a-new-home
🐥 [ tweet ]
3, 2, 1 CrackMapExec 6.0.0 is now public ! 🎉
So much new features and fix that I've made a blogpost for it ▶️
Special thanks to @_zblurx @MJHallenbeck & @al3x_n3ff for their indefectible support & contributions ! 🍻
🔗 https://wiki.porchetta.industries/news/a-new-home
🐥 [ tweet ]
👍2🔥2
😈 [ kleiton0x7e, Kleiton Kurti ]
Came up with an improved version of WMIExec. By leveraging the Win32_ScheduledJob class, we can remotely create scheduled jobs. This way it's not required anymore to rely on port 139 and 445.
Github:
#CyberSecurity #redteam #infosec #infosecurity
🔗 https://github.com/WKL-Sec/wmiexec/
🐥 [ tweet ]
Came up with an improved version of WMIExec. By leveraging the Win32_ScheduledJob class, we can remotely create scheduled jobs. This way it's not required anymore to rely on port 139 and 445.
Github:
#CyberSecurity #redteam #infosec #infosecurity
🔗 https://github.com/WKL-Sec/wmiexec/
🐥 [ tweet ]
🔥3
😈 [ passthehashbrwn, Josh ]
Just published a new blog post covering how to hide Beacon during BOF execution. If your BOF triggers a memory scan then EDR is likely to find Beacon and kill your process, but we can mask it using a simple technique.
🔗 https://securityintelligence.com/posts/how-to-hide-beacon-during-bof-execution/
🔗 https://github.com/xforcered/bofmask
🐥 [ tweet ]
Just published a new blog post covering how to hide Beacon during BOF execution. If your BOF triggers a memory scan then EDR is likely to find Beacon and kill your process, but we can mask it using a simple technique.
🔗 https://securityintelligence.com/posts/how-to-hide-beacon-during-bof-execution/
🔗 https://github.com/xforcered/bofmask
🐥 [ tweet ]
🔥3
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ an0n_r0, an0n ]
Just recreated this awesome @SpecterOps (@zyn3rgy, @0xthirteen) technique for initial access by #backdooring a random #ClickOnce application with a Cobalt Strike stager. While I became a ClickOnce addict🙃, compiled a short writeup about my journey:
🔗 https://an0n-r0.medium.com/backdooring-clickonce-net-for-initial-access-a-practical-example-1eb6863c0579
🐥 [ tweet ][ quote ]
Just recreated this awesome @SpecterOps (@zyn3rgy, @0xthirteen) technique for initial access by #backdooring a random #ClickOnce application with a Cobalt Strike stager. While I became a ClickOnce addict🙃, compiled a short writeup about my journey:
🔗 https://an0n-r0.medium.com/backdooring-clickonce-net-for-initial-access-a-practical-example-1eb6863c0579
🐥 [ tweet ][ quote ]
👍7
Forwarded from Волосатый бублик
4 новых видео на канале SpecterOps
Security Distilled: Building a First-Principles Approach to Security
https://www.youtube.com/watch?v=zjJaYwqVHxY
A Taste of Kerberos Abuse
https://www.youtube.com/watch?v=9SUXifUp9ZY
The BloodHound 4.3 Release: Get Global Admin More Often
https://www.youtube.com/watch?v=H1q-CBHbmHE
Red + Blue, How Purple Are You? Identifying Gaps in The Spectrum of Security
https://www.youtube.com/watch?v=B_2AfoT2WxU
Security Distilled: Building a First-Principles Approach to Security
https://www.youtube.com/watch?v=zjJaYwqVHxY
A Taste of Kerberos Abuse
https://www.youtube.com/watch?v=9SUXifUp9ZY
The BloodHound 4.3 Release: Get Global Admin More Often
https://www.youtube.com/watch?v=H1q-CBHbmHE
Red + Blue, How Purple Are You? Identifying Gaps in The Spectrum of Security
https://www.youtube.com/watch?v=B_2AfoT2WxU
👍3🔥1
😈 [ ricnar456, Ricardo Narvaja ]
As promised, the research on CVE-2023-28252 is already published with its PoC and the detailed explanation of the reversing that we did with my friend @solidclt.
🔗 https://www.coresecurity.com/core-labs/articles/understanding-cve-2022-37969-windows-clfs-lpe
🔗 https://github.com/fortra/CVE-2023-28252
🐥 [ tweet ]
As promised, the research on CVE-2023-28252 is already published with its PoC and the detailed explanation of the reversing that we did with my friend @solidclt.
🔗 https://www.coresecurity.com/core-labs/articles/understanding-cve-2022-37969-windows-clfs-lpe
🔗 https://github.com/fortra/CVE-2023-28252
🐥 [ tweet ]
🔥6
This media is not supported in your browser
VIEW IN TELEGRAM
Долистал твиттер до рейт лимита, поэтому вместо постов про пенетресты вот
😢8👍3🔥2
😈 [ VirtualAllocEx, Daniel Feichter ]
Although the Hell's Gate POC is a few years old, I was interested in understanding it in more detail.
So I wrote the new blog post "Exploring Hell's Gate" - an in-depth look at Hell's Gate.
🔗 https://redops.at/en/blog/exploring-hells-gate
🐥 [ tweet ]
Although the Hell's Gate POC is a few years old, I was interested in understanding it in more detail.
So I wrote the new blog post "Exploring Hell's Gate" - an in-depth look at Hell's Gate.
🔗 https://redops.at/en/blog/exploring-hells-gate
🐥 [ tweet ]
👍1
😈 [ _RastaMouse, Rasta Mouse ]
[BLOG]
Short post showing how C# Source Generators could be used to build customisable implants.
🔗 https://rastamouse.me/csharp-source-generators/
🐥 [ tweet ]
[BLOG]
Short post showing how C# Source Generators could be used to build customisable implants.
🔗 https://rastamouse.me/csharp-source-generators/
🐥 [ tweet ]
👍1
😈 [ D1rkMtr, D1rkMtr ]
A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes, It utilizes a low-level keyboard input hook, allowing it to record keystrokes in certain contexts (like in mstsc.exe and CredentialUIBroker.exe)
🔗 https://github.com/TheD1rkMtr/TakeMyRDP
🐥 [ tweet ]
A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes, It utilizes a low-level keyboard input hook, allowing it to record keystrokes in certain contexts (like in mstsc.exe and CredentialUIBroker.exe)
🔗 https://github.com/TheD1rkMtr/TakeMyRDP
🐥 [ tweet ]
👍4
😈 [ HackAndDo, Pixis ]
Here we go, new articles are ready on a brand new and exciting topic, smart contracts security! ⛓️
⏩To get things off to a good start, here's the first article, Blockchain 101.
Happy reading!
🔗 https://en.hackndo.com/blockchain/
🐥 [ tweet ]
Here we go, new articles are ready on a brand new and exciting topic, smart contracts security! ⛓️
⏩To get things off to a good start, here's the first article, Blockchain 101.
Happy reading!
🔗 https://en.hackndo.com/blockchain/
🐥 [ tweet ]
не сильно увлекаюсь блокчейнами, но почитать можно раз от увОжаемого автора🔥4👍2
😈 [ sensepost, Orange Cyberdefense's SensePost Team ]
Read how you can JOIN @steampipeio on @pdiscoveryio to get structured output in your reconnaissance / footprinting / bugbounty data in this experimental steampipe plugin by @leonjza!
Code here:
🔗 https://sensepost.com/blog/2023/select-from-projectdiscovery-join-steampipe/
🔗 https://github.com/sensepost/steampipe-plugin-projectdiscovery
🐥 [ tweet ]
Read how you can JOIN @steampipeio on @pdiscoveryio to get structured output in your reconnaissance / footprinting / bugbounty data in this experimental steampipe plugin by @leonjza!
Code here:
🔗 https://sensepost.com/blog/2023/select-from-projectdiscovery-join-steampipe/
🔗 https://github.com/sensepost/steampipe-plugin-projectdiscovery
🐥 [ tweet ]
🔥2👍1
😈 [ Octoberfest73, Octoberfest7 ]
Happy early 4th- TeamsPhisher is out now! Send messages + attachments to external Teams users for the purpose of phishing for access.
This short project was a fun departure from all of the BOF and Post-ex stuff I typically focus on.
#redteam #Malware
🔗 https://github.com/Octoberfest7/TeamsPhisher
🐥 [ tweet ]
Happy early 4th- TeamsPhisher is out now! Send messages + attachments to external Teams users for the purpose of phishing for access.
This short project was a fun departure from all of the BOF and Post-ex stuff I typically focus on.
#redteam #Malware
🔗 https://github.com/Octoberfest7/TeamsPhisher
🐥 [ tweet ]
🔥3😁1
😈 [ SEKTOR7net, SEKTOR7 Institute ]
A guide to building your engagement infrastructure, by André Tschapeller (@hipstertrojan)
#redteam
🔗 https://www.securesystems.de/blog/building-a-red-team-infrastructure-in-2023/
🐥 [ tweet ]
A guide to building your engagement infrastructure, by André Tschapeller (@hipstertrojan)
#redteam
🔗 https://www.securesystems.de/blog/building-a-red-team-infrastructure-in-2023/
🐥 [ tweet ]
🔥1
😈 [ rayanlecat, Rayan Bouyaiche ]
Hello everyone ! This weekend I participated to @_leHACK_ where i could do the CrackMapExec workshop of @mpgn_x64 . I did a little writeup if you're interested
🔗 https://rayanlecat.ghost.io/write-up-workshop-cme-lehack-2023/
🐥 [ tweet ]
Hello everyone ! This weekend I participated to @_leHACK_ where i could do the CrackMapExec workshop of @mpgn_x64 . I did a little writeup if you're interested
🔗 https://rayanlecat.ghost.io/write-up-workshop-cme-lehack-2023/
🐥 [ tweet ]
🔥6
😈 [ eversinc33, eversinc33 ]
I was tired of manually creating wordlists or having to rely on python for pre2k sprays, so did some small adjustments to @dafthack's DomainPasswordSpray to run pre2k password spraying on all computer objects of a domain.
🔗 https://github.com/eversinc33/Invoke-Pre2kSpray
🐥 [ tweet ]
I was tired of manually creating wordlists or having to rely on python for pre2k sprays, so did some small adjustments to @dafthack's DomainPasswordSpray to run pre2k password spraying on all computer objects of a domain.
🔗 https://github.com/eversinc33/Invoke-Pre2kSpray
🐥 [ tweet ]
👍3
😈 [ EricaZelic, typedef struct _MALCOM { ]
Finally has some time to put the LDAP queries tweet in a blog post. Added some brief denoscriptions, how to enumerate nested group membership and members of Protected Users group.
🔗 https://www.politoinc.com/post/ldap-queries-for-offensive-and-defensive-operations
🐥 [ tweet ]
Finally has some time to put the LDAP queries tweet in a blog post. Added some brief denoscriptions, how to enumerate nested group membership and members of Protected Users group.
🔗 https://www.politoinc.com/post/ldap-queries-for-offensive-and-defensive-operations
🐥 [ tweet ]
🔥1
😈 [ cnotin, Clément Notin ]
📄 "How to read Windows serialized certificates"
Sharing a code sample to read binary files in "%APPDATA%\Microsoft\SystemCertificates\My\Certificates", which are serialized certificates, using CryptQueryObject() (and more!)
🔗 https://medium.com/tenable-techblog/code-for-reading-windows-serialized-certificates-8634d3487ec7
🐥 [ tweet ]
📄 "How to read Windows serialized certificates"
Sharing a code sample to read binary files in "%APPDATA%\Microsoft\SystemCertificates\My\Certificates", which are serialized certificates, using CryptQueryObject() (and more!)
🔗 https://medium.com/tenable-techblog/code-for-reading-windows-serialized-certificates-8634d3487ec7
🐥 [ tweet ]
🔥1
😈 [ 0x6d69636b, Michael Schneider ]
My colleague @m8r1us has written an article about hardware keyloggers:
🔗 https://www.scip.ch/en/?labs.20230706
🐥 [ tweet ]
My colleague @m8r1us has written an article about hardware keyloggers:
🔗 https://www.scip.ch/en/?labs.20230706
🐥 [ tweet ]
🔥1