😈 [ vxunderground, vx-underground ]
The classic Russian "Hacker" magazine had some of the coolest artwork in the 90s
🐥 [ tweet ]
The classic Russian "Hacker" magazine had some of the coolest artwork in the 90s
🐥 [ tweet ]
true🔥10👍1
😈 [ ShitSecure, S3cur3Th1sSh1t ]
After holding the talks at @x33fcon
and @WEareTROOPERS
done, I also finally managed to write down my latest research about userland hook evasion:
🔗 https://s3cur3th1ssh1t.github.io/Cat_Mouse_or_Chess/
🐥 [ tweet ]
After holding the talks at @x33fcon
and @WEareTROOPERS
done, I also finally managed to write down my latest research about userland hook evasion:
🔗 https://s3cur3th1ssh1t.github.io/Cat_Mouse_or_Chess/
🐥 [ tweet ]
🔥3
😈 [ Gi7w0rm, Gi7w0rm ]
Just released a new #blogpost, where I analyze the initial stages of a #vbs / #powershell based #GuLoader / #CloudEye infection.
Shoutout to @malware_traffic for being the first to find this sample (which I noticed after analyzing it myself ^^).
1/2
🔗 https://gi7w0rm.medium.com/cloudeye-from-lnk-to-shellcode-4b5f1d6d877
🐥 [ tweet ]
Just released a new #blogpost, where I analyze the initial stages of a #vbs / #powershell based #GuLoader / #CloudEye infection.
Shoutout to @malware_traffic for being the first to find this sample (which I noticed after analyzing it myself ^^).
1/2
🔗 https://gi7w0rm.medium.com/cloudeye-from-lnk-to-shellcode-4b5f1d6d877
🐥 [ tweet ]
🔥2
😈 [ washi_dev, Washi ]
I spent my Saturday on a dumb project answering the following question:
What is the smallest #dotnet Hello World binary?
Turns out, this rabbit hole is deeper than you may expect, so I wrote a blog post about it:
👉
#reversing #obfuscation #asmresolver
🔗 https://blog.washi.dev/posts/tinysharp/
🐥 [ tweet ]
I spent my Saturday on a dumb project answering the following question:
What is the smallest #dotnet Hello World binary?
Turns out, this rabbit hole is deeper than you may expect, so I wrote a blog post about it:
👉
#reversing #obfuscation #asmresolver
🔗 https://blog.washi.dev/posts/tinysharp/
🐥 [ tweet ]
🔥5
Offensive Xwitter
😈 [ ZeroMemoryEx, V2 ] Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes https://t.co/UGt7cd1DYu 🔗 https://github.com/ZeroMemoryEx/Terminator 🐥 [ tweet ]
😈 [ jsecurity101, Jonny Johnson ]
Do you remember the #blackout driver vulnerability discovered by @ZeroMemoryEx?
Well today I am releasing a blog going over my process of reversing the #blackout driver for which I found you can suspend any thread you want from medium IL.
Blog:
🔗 https://www.binarydefense.com/resources/blog/threadsleeper-suspending-threads-via-gmer64-driver/
🐥 [ tweet ]
Do you remember the #blackout driver vulnerability discovered by @ZeroMemoryEx?
Well today I am releasing a blog going over my process of reversing the #blackout driver for which I found you can suspend any thread you want from medium IL.
Blog:
🔗 https://www.binarydefense.com/resources/blog/threadsleeper-suspending-threads-via-gmer64-driver/
🐥 [ tweet ]
🔥4
Forwarded from RedTeam brazzers (sn🥶vvcr💥sh)
В выпуске «За кулисами Red Team» @Riocool упоминает, что на пентестах помимо скриншотов десктопа бывает сподручно делать снимки с веб-камеры на контролируемой рабочей станции, чтобы убедиться, находится ли юзверь в данный момент за ПеКа, либо же, к примеру, отлучился на свой закономерный обеденный перерыв. Раньше я не прибегал к подобному трюку, однако подсознательно часто испытывал потребность в такого рода проверках, ведь ворваться в GUI-сеанс определенного пользователя временами бывает просто необходимо.
Поискав готовые решения в сети, стало очевидно, что «из коробки» капчурить вебку умеет только дедушка meterpreter, а встраивать поделки на плюсах в свои проекты для выполнения из памяти не всегда удобно. Еще немного погуглив, наткнулся на этот интересный пост на Медиуме, где в параграфе Webcam Capture упоминается некий скрипт
🗒 DirectX.Capture Class Library
В свободное время было решено переписать
👨💻 https://github.com/snovvcrash/SharpDXWebcam
⚠️ Помним, что инструмент предназначен исключительно для образовательных целей и кейсов этичного тестирования на проникновение в рамках контракта, а блэчить плохо!
Всем остальным – happy (ethical) hacking!
Поискав готовые решения в сети, стало очевидно, что «из коробки» капчурить вебку умеет только дедушка meterpreter, а встраивать поделки на плюсах в свои проекты для выполнения из памяти не всегда удобно. Еще немного погуглив, наткнулся на этот интересный пост на Медиуме, где в параграфе Webcam Capture упоминается некий скрипт
MiniEye.ps1 от @xorrior, который якобы уже умеет делать все, что нам нужно (ссылка на скрипт из статьи отдает 404, инструмент переехал в корень репозитория – Get-DXWebcamVideo.ps1). Подход основан на использовании .NET-библиотеки DirectShowNET и обвязки для нее DirectX.Capture, блог автора которой на CodeProject также рекомендую к прочтению:В свободное время было решено переписать
Get-DXWebcamVideo.ps1 на фреймворк, чтобы не возиться лишний раз с запуском повершелла. Смержив зависимости с помощью dnMerge, можно получить standalone-сборку, готовую для выполнения из вашего любимого агента C2:Всем остальным – happy (ethical) hacking!
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥12👍4🥱1
😈 [ mariuszbit, mgeeky | Mariusz Banach ]
🔥 Wow, this looks really neat! x64 binary obfuscator, written for uni project.
Can't wait to take it for a spin:
🔗 https://github.com/weak1337/Alcatraz
🐥 [ tweet ]
🔥 Wow, this looks really neat! x64 binary obfuscator, written for uni project.
Can't wait to take it for a spin:
🔗 https://github.com/weak1337/Alcatraz
🐥 [ tweet ]
🔥2
😈 [ D1rkMtr, D1rkMtr ]
My first publicly released blog, covering in-depth:
- Indirect Dynamic Syscall, API Hashing explained using c & windbg.
Blog link:
🔗 https://lnkd.in/eBgkxR3n
Project link:
🔗 https://lnkd.in/eYZPjYPi
🐥 [ tweet ]
My first publicly released blog, covering in-depth:
- Indirect Dynamic Syscall, API Hashing explained using c & windbg.
Blog link:
🔗 https://lnkd.in/eBgkxR3n
Project link:
🔗 https://lnkd.in/eYZPjYPi
🐥 [ tweet ]
👍2🔥1
😈 [ 0xdea, raptor@infosec.exchange ]
A Deep Dive into Penetration Testing of #macOS Applications (Part 1)
🔗 https://www.cyberark.com/resources/threat-research-blog/a-deep-dive-into-penetration-testing-of-macos-applications-part-1
🐥 [ tweet ]
A Deep Dive into Penetration Testing of #macOS Applications (Part 1)
🔗 https://www.cyberark.com/resources/threat-research-blog/a-deep-dive-into-penetration-testing-of-macos-applications-part-1
🐥 [ tweet ]
🔥3👍2
😈 [ r1cksec, r1cksec ]
New cheatsheets pushed 🕵️♂️
🔗 https://github.com/r1cksec/cheatsheets
Including:
A well written blog post on how to read and parse LSASS memory dumps with PowerShell 🔍
#infosec #cybersecurity #pentesting #redteam #lsass #windows
🔗 https://powerseb.github.io/posts/LSASS-parsing-without-a-cat
🐥 [ tweet ]
New cheatsheets pushed 🕵️♂️
🔗 https://github.com/r1cksec/cheatsheets
Including:
A well written blog post on how to read and parse LSASS memory dumps with PowerShell 🔍
#infosec #cybersecurity #pentesting #redteam #lsass #windows
🔗 https://powerseb.github.io/posts/LSASS-parsing-without-a-cat
🐥 [ tweet ]
👍4
😈 [ non_curat_lex, Lex (Claire) ]
The project I've been working on lately is finally public:
Hope you'll learn about industrial protocols you've never heard of before!
🔗 https://github.com/Orange-Cyberdefense/awesome-industrial-protocols
🐥 [ tweet ]
The project I've been working on lately is finally public:
Hope you'll learn about industrial protocols you've never heard of before!
🔗 https://github.com/Orange-Cyberdefense/awesome-industrial-protocols
🐥 [ tweet ]
🔥1
😈 [ SBousseaden, Samir ]
interesting recent UAC bypass method
🔗 https://www.zcgonvh.com/post/Advanced_Windows_Task_Scheduler_Playbook-Part.2_from_COM_to_UAC_bypass_and_get_SYSTEM_dirtectly.html
🐥 [ tweet ]
interesting recent UAC bypass method
🔗 https://www.zcgonvh.com/post/Advanced_Windows_Task_Scheduler_Playbook-Part.2_from_COM_to_UAC_bypass_and_get_SYSTEM_dirtectly.html
🐥 [ tweet ]
🔥2
😈 [ AliceCliment, Alice Climent-Pommeret ]
Finally done!
My latest article introduce the basics of Windows kernel drivers/internals and how to find and exploit process killer drivers using LOLDrivers 🤓
I hope you'll enjoy it!
🔗 https://alice.climent-pommeret.red/posts/process-killer-driver/
🐥 [ tweet ]
Finally done!
My latest article introduce the basics of Windows kernel drivers/internals and how to find and exploit process killer drivers using LOLDrivers 🤓
I hope you'll enjoy it!
🔗 https://alice.climent-pommeret.red/posts/process-killer-driver/
🐥 [ tweet ]
🔥3
😈 [ 0gtweet, Grzegorz Tworek ]
Kerberos tickets dumping in pure PowerShell 😍
I simply love such approach.
So much more beautiful than loading pre-compiled binary blob. And so much harder to detect...
🔗 https://www.linkedin.com/posts/mzhmo_hi-friends-you-can-now-dump-kerberos-tickets-activity-7087136960804212737-u5m3
🔗 https://github.com/MzHmO/PowershellKerberos
🐥 [ tweet ]
я вижу тут одного гангстера @Michaelzhm 😎
Kerberos tickets dumping in pure PowerShell 😍
I simply love such approach.
So much more beautiful than loading pre-compiled binary blob. And so much harder to detect...
🔗 https://www.linkedin.com/posts/mzhmo_hi-friends-you-can-now-dump-kerberos-tickets-activity-7087136960804212737-u5m3
🔗 https://github.com/MzHmO/PowershellKerberos
🐥 [ tweet ]
я вижу тут одного гангстера @Michaelzhm 😎
👍4🔥4😁1
😈 [ OtterHacker, OtterHacker ]
Hey ! I published a large part of my notes, and I hope you will find something new to learn in it. It goes from simple #OSCP notes to #Malware development (#COFFLoader, #ModuleStomping, #ReflectiveDLLInjection...).
🔗 https://otterhacker.github.io
🐥 [ tweet ]
Hey ! I published a large part of my notes, and I hope you will find something new to learn in it. It goes from simple #OSCP notes to #Malware development (#COFFLoader, #ModuleStomping, #ReflectiveDLLInjection...).
🔗 https://otterhacker.github.io
🐥 [ tweet ]
👍10
😈 [ HackingDave, Dave Kennedy ]
Most folks don’t know that @kevinmitnick remained highly technical even up until the end. I worked with him on a number of pentests through the years and we always helped one another.
I’ve never seen someone so driven and persistent. Kevin loved hacking - to an obsession. He didn’t care if he lost money on an engagement - if he didn’t get in he would spend however long it took to own every aspect of the organization. To this day I’ve never met someone like him on how focused and persistent he was on engagements for his clients.
When he didn’t know something or a new technique came out - he would spend hours or days learning it and trying it out. We worked together on putting multiple things both public and private together for engagements or just curiosity.
He did extremely well in life after all his hardships and he told me the only reason he kept his consulting company open was because he loved hacking so much and that’s all he wanted to do. Didn’t care about the money or credibility- his mind worked in such unique ways.
People who say Mitnick wasn’t technical really had no idea what they were talking about or didn’t know him. He was an incredible hacker until his final days. I mean shit, before he went into ICU, he asked me for some of my password cracking dumps we have because he just got a massive GPU rig and was going to give me access.
We would sit there for hours at times screen sharing and working obstacles together. He recognized where he was weak knowledge wise and brought in friends to help and I was always willing to help. He taught me a lot - not just on social engineering of what people think of him - Kev was a legit hacker and I learned a lot of things from him.
We shared zero days, custom payloads, new research and techniques. Was always a blast and his excited laugh when he would finally get to his objectives and the rush of all of the hard work and culmination he had gone through.
Kev was legit, not that this needed to be said - but seeing him first hand, one of the best mentalities and persistence I’ve ever witnessed. He was elite.
🐥 [ tweet ]
Most folks don’t know that @kevinmitnick remained highly technical even up until the end. I worked with him on a number of pentests through the years and we always helped one another.
I’ve never seen someone so driven and persistent. Kevin loved hacking - to an obsession. He didn’t care if he lost money on an engagement - if he didn’t get in he would spend however long it took to own every aspect of the organization. To this day I’ve never met someone like him on how focused and persistent he was on engagements for his clients.
When he didn’t know something or a new technique came out - he would spend hours or days learning it and trying it out. We worked together on putting multiple things both public and private together for engagements or just curiosity.
He did extremely well in life after all his hardships and he told me the only reason he kept his consulting company open was because he loved hacking so much and that’s all he wanted to do. Didn’t care about the money or credibility- his mind worked in such unique ways.
People who say Mitnick wasn’t technical really had no idea what they were talking about or didn’t know him. He was an incredible hacker until his final days. I mean shit, before he went into ICU, he asked me for some of my password cracking dumps we have because he just got a massive GPU rig and was going to give me access.
We would sit there for hours at times screen sharing and working obstacles together. He recognized where he was weak knowledge wise and brought in friends to help and I was always willing to help. He taught me a lot - not just on social engineering of what people think of him - Kev was a legit hacker and I learned a lot of things from him.
We shared zero days, custom payloads, new research and techniques. Was always a blast and his excited laugh when he would finally get to his objectives and the rush of all of the hard work and culmination he had gone through.
Kev was legit, not that this needed to be said - but seeing him first hand, one of the best mentalities and persistence I’ve ever witnessed. He was elite.
🐥 [ tweet ]
😢5👍3🔥3
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ dec0ne, Mor Davidovich ]
Watched @ustayready webcast yesterday and decided to try implement the technique myself.
Got it working and as a POC plant DLL in Teams folder to be sideloaded for persistence / code exec. Very cool initial access technique. Amazing work @ustayready
Blog:
🔗 https://shorsec.io/blog/malrdp-implementing-rouge-rdp-manually/
🐥 [ tweet ]
Watched @ustayready webcast yesterday and decided to try implement the technique myself.
Got it working and as a POC plant DLL in Teams folder to be sideloaded for persistence / code exec. Very cool initial access technique. Amazing work @ustayready
Blog:
🔗 https://shorsec.io/blog/malrdp-implementing-rouge-rdp-manually/
🐥 [ tweet ]
🔥3
😈 [ securekomodo, Bryan Smith ]
Here is my python-based scanner to find #Citrix RCE. Leverages several fingerprinting techniques to accurately identify a remote Citrix servers version and detect if vulnerable to CVE-2023-3467. This is not an exploit PoC. Happy #bugbounty hunting :)
🔗 https://github.com/securekomodo/citrixInspector/
🐥 [ tweet ]
Here is my python-based scanner to find #Citrix RCE. Leverages several fingerprinting techniques to accurately identify a remote Citrix servers version and detect if vulnerable to CVE-2023-3467. This is not an exploit PoC. Happy #bugbounty hunting :)
🔗 https://github.com/securekomodo/citrixInspector/
🐥 [ tweet ]
👍4