😈 [ 0xdea, raptor@infosec.exchange ]
A Deep Dive into Penetration Testing of #macOS Applications (Part 1)
🔗 https://www.cyberark.com/resources/threat-research-blog/a-deep-dive-into-penetration-testing-of-macos-applications-part-1
🐥 [ tweet ]
A Deep Dive into Penetration Testing of #macOS Applications (Part 1)
🔗 https://www.cyberark.com/resources/threat-research-blog/a-deep-dive-into-penetration-testing-of-macos-applications-part-1
🐥 [ tweet ]
🔥3👍2
😈 [ r1cksec, r1cksec ]
New cheatsheets pushed 🕵️♂️
🔗 https://github.com/r1cksec/cheatsheets
Including:
A well written blog post on how to read and parse LSASS memory dumps with PowerShell 🔍
#infosec #cybersecurity #pentesting #redteam #lsass #windows
🔗 https://powerseb.github.io/posts/LSASS-parsing-without-a-cat
🐥 [ tweet ]
New cheatsheets pushed 🕵️♂️
🔗 https://github.com/r1cksec/cheatsheets
Including:
A well written blog post on how to read and parse LSASS memory dumps with PowerShell 🔍
#infosec #cybersecurity #pentesting #redteam #lsass #windows
🔗 https://powerseb.github.io/posts/LSASS-parsing-without-a-cat
🐥 [ tweet ]
👍4
😈 [ non_curat_lex, Lex (Claire) ]
The project I've been working on lately is finally public:
Hope you'll learn about industrial protocols you've never heard of before!
🔗 https://github.com/Orange-Cyberdefense/awesome-industrial-protocols
🐥 [ tweet ]
The project I've been working on lately is finally public:
Hope you'll learn about industrial protocols you've never heard of before!
🔗 https://github.com/Orange-Cyberdefense/awesome-industrial-protocols
🐥 [ tweet ]
🔥1
😈 [ SBousseaden, Samir ]
interesting recent UAC bypass method
🔗 https://www.zcgonvh.com/post/Advanced_Windows_Task_Scheduler_Playbook-Part.2_from_COM_to_UAC_bypass_and_get_SYSTEM_dirtectly.html
🐥 [ tweet ]
interesting recent UAC bypass method
🔗 https://www.zcgonvh.com/post/Advanced_Windows_Task_Scheduler_Playbook-Part.2_from_COM_to_UAC_bypass_and_get_SYSTEM_dirtectly.html
🐥 [ tweet ]
🔥2
😈 [ AliceCliment, Alice Climent-Pommeret ]
Finally done!
My latest article introduce the basics of Windows kernel drivers/internals and how to find and exploit process killer drivers using LOLDrivers 🤓
I hope you'll enjoy it!
🔗 https://alice.climent-pommeret.red/posts/process-killer-driver/
🐥 [ tweet ]
Finally done!
My latest article introduce the basics of Windows kernel drivers/internals and how to find and exploit process killer drivers using LOLDrivers 🤓
I hope you'll enjoy it!
🔗 https://alice.climent-pommeret.red/posts/process-killer-driver/
🐥 [ tweet ]
🔥3
😈 [ 0gtweet, Grzegorz Tworek ]
Kerberos tickets dumping in pure PowerShell 😍
I simply love such approach.
So much more beautiful than loading pre-compiled binary blob. And so much harder to detect...
🔗 https://www.linkedin.com/posts/mzhmo_hi-friends-you-can-now-dump-kerberos-tickets-activity-7087136960804212737-u5m3
🔗 https://github.com/MzHmO/PowershellKerberos
🐥 [ tweet ]
я вижу тут одного гангстера @Michaelzhm 😎
Kerberos tickets dumping in pure PowerShell 😍
I simply love such approach.
So much more beautiful than loading pre-compiled binary blob. And so much harder to detect...
🔗 https://www.linkedin.com/posts/mzhmo_hi-friends-you-can-now-dump-kerberos-tickets-activity-7087136960804212737-u5m3
🔗 https://github.com/MzHmO/PowershellKerberos
🐥 [ tweet ]
я вижу тут одного гангстера @Michaelzhm 😎
👍4🔥4😁1
😈 [ OtterHacker, OtterHacker ]
Hey ! I published a large part of my notes, and I hope you will find something new to learn in it. It goes from simple #OSCP notes to #Malware development (#COFFLoader, #ModuleStomping, #ReflectiveDLLInjection...).
🔗 https://otterhacker.github.io
🐥 [ tweet ]
Hey ! I published a large part of my notes, and I hope you will find something new to learn in it. It goes from simple #OSCP notes to #Malware development (#COFFLoader, #ModuleStomping, #ReflectiveDLLInjection...).
🔗 https://otterhacker.github.io
🐥 [ tweet ]
👍10
😈 [ HackingDave, Dave Kennedy ]
Most folks don’t know that @kevinmitnick remained highly technical even up until the end. I worked with him on a number of pentests through the years and we always helped one another.
I’ve never seen someone so driven and persistent. Kevin loved hacking - to an obsession. He didn’t care if he lost money on an engagement - if he didn’t get in he would spend however long it took to own every aspect of the organization. To this day I’ve never met someone like him on how focused and persistent he was on engagements for his clients.
When he didn’t know something or a new technique came out - he would spend hours or days learning it and trying it out. We worked together on putting multiple things both public and private together for engagements or just curiosity.
He did extremely well in life after all his hardships and he told me the only reason he kept his consulting company open was because he loved hacking so much and that’s all he wanted to do. Didn’t care about the money or credibility- his mind worked in such unique ways.
People who say Mitnick wasn’t technical really had no idea what they were talking about or didn’t know him. He was an incredible hacker until his final days. I mean shit, before he went into ICU, he asked me for some of my password cracking dumps we have because he just got a massive GPU rig and was going to give me access.
We would sit there for hours at times screen sharing and working obstacles together. He recognized where he was weak knowledge wise and brought in friends to help and I was always willing to help. He taught me a lot - not just on social engineering of what people think of him - Kev was a legit hacker and I learned a lot of things from him.
We shared zero days, custom payloads, new research and techniques. Was always a blast and his excited laugh when he would finally get to his objectives and the rush of all of the hard work and culmination he had gone through.
Kev was legit, not that this needed to be said - but seeing him first hand, one of the best mentalities and persistence I’ve ever witnessed. He was elite.
🐥 [ tweet ]
Most folks don’t know that @kevinmitnick remained highly technical even up until the end. I worked with him on a number of pentests through the years and we always helped one another.
I’ve never seen someone so driven and persistent. Kevin loved hacking - to an obsession. He didn’t care if he lost money on an engagement - if he didn’t get in he would spend however long it took to own every aspect of the organization. To this day I’ve never met someone like him on how focused and persistent he was on engagements for his clients.
When he didn’t know something or a new technique came out - he would spend hours or days learning it and trying it out. We worked together on putting multiple things both public and private together for engagements or just curiosity.
He did extremely well in life after all his hardships and he told me the only reason he kept his consulting company open was because he loved hacking so much and that’s all he wanted to do. Didn’t care about the money or credibility- his mind worked in such unique ways.
People who say Mitnick wasn’t technical really had no idea what they were talking about or didn’t know him. He was an incredible hacker until his final days. I mean shit, before he went into ICU, he asked me for some of my password cracking dumps we have because he just got a massive GPU rig and was going to give me access.
We would sit there for hours at times screen sharing and working obstacles together. He recognized where he was weak knowledge wise and brought in friends to help and I was always willing to help. He taught me a lot - not just on social engineering of what people think of him - Kev was a legit hacker and I learned a lot of things from him.
We shared zero days, custom payloads, new research and techniques. Was always a blast and his excited laugh when he would finally get to his objectives and the rush of all of the hard work and culmination he had gone through.
Kev was legit, not that this needed to be said - but seeing him first hand, one of the best mentalities and persistence I’ve ever witnessed. He was elite.
🐥 [ tweet ]
😢5👍3🔥3
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ dec0ne, Mor Davidovich ]
Watched @ustayready webcast yesterday and decided to try implement the technique myself.
Got it working and as a POC plant DLL in Teams folder to be sideloaded for persistence / code exec. Very cool initial access technique. Amazing work @ustayready
Blog:
🔗 https://shorsec.io/blog/malrdp-implementing-rouge-rdp-manually/
🐥 [ tweet ]
Watched @ustayready webcast yesterday and decided to try implement the technique myself.
Got it working and as a POC plant DLL in Teams folder to be sideloaded for persistence / code exec. Very cool initial access technique. Amazing work @ustayready
Blog:
🔗 https://shorsec.io/blog/malrdp-implementing-rouge-rdp-manually/
🐥 [ tweet ]
🔥3
😈 [ securekomodo, Bryan Smith ]
Here is my python-based scanner to find #Citrix RCE. Leverages several fingerprinting techniques to accurately identify a remote Citrix servers version and detect if vulnerable to CVE-2023-3467. This is not an exploit PoC. Happy #bugbounty hunting :)
🔗 https://github.com/securekomodo/citrixInspector/
🐥 [ tweet ]
Here is my python-based scanner to find #Citrix RCE. Leverages several fingerprinting techniques to accurately identify a remote Citrix servers version and detect if vulnerable to CVE-2023-3467. This is not an exploit PoC. Happy #bugbounty hunting :)
🔗 https://github.com/securekomodo/citrixInspector/
🐥 [ tweet ]
👍4
😈 [ _xpn_, Adam Chester ]
If you're used to spraying to find Pre2K computer account creds, I've added a new noscript to pull the TGS for a computer account and check it offline.. might help to work around password spraying detection.
🔗 https://github.com/xpn/RandomTSScripts
🐥 [ tweet ]
If you're used to spraying to find Pre2K computer account creds, I've added a new noscript to pull the TGS for a computer account and check it offline.. might help to work around password spraying detection.
🔗 https://github.com/xpn/RandomTSScripts
🐥 [ tweet ]
🔥2
👍8🤯2🔥1🥱1
😈 [ kyleavery_, Kyle Avery ]
New DLL hijacking opportunities, triggered using DCOM for lateral movement:
🔗 https://github.com/WKL-Sec/dcomhijack
🐥 [ tweet ]
New DLL hijacking opportunities, triggered using DCOM for lateral movement:
🔗 https://github.com/WKL-Sec/dcomhijack
🐥 [ tweet ]
👍2
😈 [ exploitph, Charlie Clark ]
I drafted slides for an extended talk on forged tickets which was apparently not good enough for a con this year so @4ndr3w6S and I have decided to publish the slides (around 99% done) and I'll leave the rest up to the imagination of the reader, enjoy:
🔗 https://github.com/0xe7/Talks/blob/main/Andrew_Charlie_Ive_Got_A_Forged_Twinkle_In_My_Eye.pdf
🐥 [ tweet ]
I drafted slides for an extended talk on forged tickets which was apparently not good enough for a con this year so @4ndr3w6S and I have decided to publish the slides (around 99% done) and I'll leave the rest up to the imagination of the reader, enjoy:
🔗 https://github.com/0xe7/Talks/blob/main/Andrew_Charlie_Ive_Got_A_Forged_Twinkle_In_My_Eye.pdf
🐥 [ tweet ]
👍4
😈 [ D1rkMtr, D1rkMtr ]
Blog on Advanced module stomping and Heap/Stack Encryption is now out, it bypass PE-Sieve and Moneta while sleeping
Blog:
🔗 https://labs.cognisys.group/posts/Advanced-Module-Stomping-and-Heap-Stack-Encryption/
Github Project:
🔗 https://github.com/CognisysGroup/SweetDreams
🐥 [ tweet ]
Blog on Advanced module stomping and Heap/Stack Encryption is now out, it bypass PE-Sieve and Moneta while sleeping
Blog:
🔗 https://labs.cognisys.group/posts/Advanced-Module-Stomping-and-Heap-Stack-Encryption/
Github Project:
🔗 https://github.com/CognisysGroup/SweetDreams
🐥 [ tweet ]
🔥3
😈 [ hasherezade, hasherezade ]
If you ever need to convert an EXE into a DLL: // #exe_to_dll
🔗 https://github.com/hasherezade/exe_to_dll
🐥 [ tweet ]
If you ever need to convert an EXE into a DLL: // #exe_to_dll
🔗 https://github.com/hasherezade/exe_to_dll
🐥 [ tweet ]
🤯5🔥2
😈 [ harmj0y, Will Schroeder ]
I know I haven't blogged for a bit, but I promise @tifkin_, @0xdab0, and I have been working on something cool! This is the first blog in a series on the problem set we've been tackling, leading up to what we've built to address it - "On (Structured) Data"
🔗 https://posts.specterops.io/on-structured-data-707b7d9876c6
🐥 [ tweet ]
I know I haven't blogged for a bit, but I promise @tifkin_, @0xdab0, and I have been working on something cool! This is the first blog in a series on the problem set we've been tackling, leading up to what we've built to address it - "On (Structured) Data"
🔗 https://posts.specterops.io/on-structured-data-707b7d9876c6
🐥 [ tweet ]
👍1
😈 [ snowscan, Snowscan ]
You can use the Windows Search Protocol to coerce authentication from hosts running the Windows Search Service (Win10/11 only by default) as a regular domain user. Haven't been able to do WebDAV with it though so usefulness is limited. PoC:
🔗 https://github.com/slemire/WSPCoerce
🐥 [ tweet ]
You can use the Windows Search Protocol to coerce authentication from hosts running the Windows Search Service (Win10/11 only by default) as a regular domain user. Haven't been able to do WebDAV with it though so usefulness is limited. PoC:
🔗 https://github.com/slemire/WSPCoerce
🐥 [ tweet ]
👍1
😈 [ 0xdea, raptor@infosec.exchange ]
Everything you never knew about #NAT and wish you hadn't asked
// by @ekr____
🔗 https://educatedguesswork.org/posts/nat-part-1/
🔗 https://educatedguesswork.org/posts/nat-part-2/
🔗 https://educatedguesswork.org/posts/nat-part-3/
🔗 https://educatedguesswork.org/posts/nat-part-4/
🐥 [ tweet ]
Everything you never knew about #NAT and wish you hadn't asked
// by @ekr____
🔗 https://educatedguesswork.org/posts/nat-part-1/
🔗 https://educatedguesswork.org/posts/nat-part-2/
🔗 https://educatedguesswork.org/posts/nat-part-3/
🔗 https://educatedguesswork.org/posts/nat-part-4/
🐥 [ tweet ]
🔥3
😈 [ 0xTriboulet, Steve S. ]
Check out my guest write-up on the MaliciousGroup blog.
If you're interested in C, inline assembly, and return address spoofing, this is the writeup you're looking for.
@deadvolvo
🔗 https://blog.malicious.group/inline-assembly/
🐥 [ tweet ]
Check out my guest write-up on the MaliciousGroup blog.
If you're interested in C, inline assembly, and return address spoofing, this is the writeup you're looking for.
@deadvolvo
🔗 https://blog.malicious.group/inline-assembly/
🐥 [ tweet ]
🔥1
😈 [ fin3ss3g0d, fin3ss3g0d ]
Check out my multi-threaded version of secretsdump[.]py!
🔗 https://github.com/fin3ss3g0d/secretsdump.py
🐥 [ tweet ]
Check out my multi-threaded version of secretsdump[.]py!
🔗 https://github.com/fin3ss3g0d/secretsdump.py
🐥 [ tweet ]
🔥1