😈 [ HackingDave, Dave Kennedy ]
Most folks don’t know that @kevinmitnick remained highly technical even up until the end. I worked with him on a number of pentests through the years and we always helped one another.
I’ve never seen someone so driven and persistent. Kevin loved hacking - to an obsession. He didn’t care if he lost money on an engagement - if he didn’t get in he would spend however long it took to own every aspect of the organization. To this day I’ve never met someone like him on how focused and persistent he was on engagements for his clients.
When he didn’t know something or a new technique came out - he would spend hours or days learning it and trying it out. We worked together on putting multiple things both public and private together for engagements or just curiosity.
He did extremely well in life after all his hardships and he told me the only reason he kept his consulting company open was because he loved hacking so much and that’s all he wanted to do. Didn’t care about the money or credibility- his mind worked in such unique ways.
People who say Mitnick wasn’t technical really had no idea what they were talking about or didn’t know him. He was an incredible hacker until his final days. I mean shit, before he went into ICU, he asked me for some of my password cracking dumps we have because he just got a massive GPU rig and was going to give me access.
We would sit there for hours at times screen sharing and working obstacles together. He recognized where he was weak knowledge wise and brought in friends to help and I was always willing to help. He taught me a lot - not just on social engineering of what people think of him - Kev was a legit hacker and I learned a lot of things from him.
We shared zero days, custom payloads, new research and techniques. Was always a blast and his excited laugh when he would finally get to his objectives and the rush of all of the hard work and culmination he had gone through.
Kev was legit, not that this needed to be said - but seeing him first hand, one of the best mentalities and persistence I’ve ever witnessed. He was elite.
🐥 [ tweet ]
Most folks don’t know that @kevinmitnick remained highly technical even up until the end. I worked with him on a number of pentests through the years and we always helped one another.
I’ve never seen someone so driven and persistent. Kevin loved hacking - to an obsession. He didn’t care if he lost money on an engagement - if he didn’t get in he would spend however long it took to own every aspect of the organization. To this day I’ve never met someone like him on how focused and persistent he was on engagements for his clients.
When he didn’t know something or a new technique came out - he would spend hours or days learning it and trying it out. We worked together on putting multiple things both public and private together for engagements or just curiosity.
He did extremely well in life after all his hardships and he told me the only reason he kept his consulting company open was because he loved hacking so much and that’s all he wanted to do. Didn’t care about the money or credibility- his mind worked in such unique ways.
People who say Mitnick wasn’t technical really had no idea what they were talking about or didn’t know him. He was an incredible hacker until his final days. I mean shit, before he went into ICU, he asked me for some of my password cracking dumps we have because he just got a massive GPU rig and was going to give me access.
We would sit there for hours at times screen sharing and working obstacles together. He recognized where he was weak knowledge wise and brought in friends to help and I was always willing to help. He taught me a lot - not just on social engineering of what people think of him - Kev was a legit hacker and I learned a lot of things from him.
We shared zero days, custom payloads, new research and techniques. Was always a blast and his excited laugh when he would finally get to his objectives and the rush of all of the hard work and culmination he had gone through.
Kev was legit, not that this needed to be said - but seeing him first hand, one of the best mentalities and persistence I’ve ever witnessed. He was elite.
🐥 [ tweet ]
😢5👍3🔥3
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ dec0ne, Mor Davidovich ]
Watched @ustayready webcast yesterday and decided to try implement the technique myself.
Got it working and as a POC plant DLL in Teams folder to be sideloaded for persistence / code exec. Very cool initial access technique. Amazing work @ustayready
Blog:
🔗 https://shorsec.io/blog/malrdp-implementing-rouge-rdp-manually/
🐥 [ tweet ]
Watched @ustayready webcast yesterday and decided to try implement the technique myself.
Got it working and as a POC plant DLL in Teams folder to be sideloaded for persistence / code exec. Very cool initial access technique. Amazing work @ustayready
Blog:
🔗 https://shorsec.io/blog/malrdp-implementing-rouge-rdp-manually/
🐥 [ tweet ]
🔥3
😈 [ securekomodo, Bryan Smith ]
Here is my python-based scanner to find #Citrix RCE. Leverages several fingerprinting techniques to accurately identify a remote Citrix servers version and detect if vulnerable to CVE-2023-3467. This is not an exploit PoC. Happy #bugbounty hunting :)
🔗 https://github.com/securekomodo/citrixInspector/
🐥 [ tweet ]
Here is my python-based scanner to find #Citrix RCE. Leverages several fingerprinting techniques to accurately identify a remote Citrix servers version and detect if vulnerable to CVE-2023-3467. This is not an exploit PoC. Happy #bugbounty hunting :)
🔗 https://github.com/securekomodo/citrixInspector/
🐥 [ tweet ]
👍4
😈 [ _xpn_, Adam Chester ]
If you're used to spraying to find Pre2K computer account creds, I've added a new noscript to pull the TGS for a computer account and check it offline.. might help to work around password spraying detection.
🔗 https://github.com/xpn/RandomTSScripts
🐥 [ tweet ]
If you're used to spraying to find Pre2K computer account creds, I've added a new noscript to pull the TGS for a computer account and check it offline.. might help to work around password spraying detection.
🔗 https://github.com/xpn/RandomTSScripts
🐥 [ tweet ]
🔥2
👍8🤯2🔥1🥱1
😈 [ kyleavery_, Kyle Avery ]
New DLL hijacking opportunities, triggered using DCOM for lateral movement:
🔗 https://github.com/WKL-Sec/dcomhijack
🐥 [ tweet ]
New DLL hijacking opportunities, triggered using DCOM for lateral movement:
🔗 https://github.com/WKL-Sec/dcomhijack
🐥 [ tweet ]
👍2
😈 [ exploitph, Charlie Clark ]
I drafted slides for an extended talk on forged tickets which was apparently not good enough for a con this year so @4ndr3w6S and I have decided to publish the slides (around 99% done) and I'll leave the rest up to the imagination of the reader, enjoy:
🔗 https://github.com/0xe7/Talks/blob/main/Andrew_Charlie_Ive_Got_A_Forged_Twinkle_In_My_Eye.pdf
🐥 [ tweet ]
I drafted slides for an extended talk on forged tickets which was apparently not good enough for a con this year so @4ndr3w6S and I have decided to publish the slides (around 99% done) and I'll leave the rest up to the imagination of the reader, enjoy:
🔗 https://github.com/0xe7/Talks/blob/main/Andrew_Charlie_Ive_Got_A_Forged_Twinkle_In_My_Eye.pdf
🐥 [ tweet ]
👍4
😈 [ D1rkMtr, D1rkMtr ]
Blog on Advanced module stomping and Heap/Stack Encryption is now out, it bypass PE-Sieve and Moneta while sleeping
Blog:
🔗 https://labs.cognisys.group/posts/Advanced-Module-Stomping-and-Heap-Stack-Encryption/
Github Project:
🔗 https://github.com/CognisysGroup/SweetDreams
🐥 [ tweet ]
Blog on Advanced module stomping and Heap/Stack Encryption is now out, it bypass PE-Sieve and Moneta while sleeping
Blog:
🔗 https://labs.cognisys.group/posts/Advanced-Module-Stomping-and-Heap-Stack-Encryption/
Github Project:
🔗 https://github.com/CognisysGroup/SweetDreams
🐥 [ tweet ]
🔥3
😈 [ hasherezade, hasherezade ]
If you ever need to convert an EXE into a DLL: // #exe_to_dll
🔗 https://github.com/hasherezade/exe_to_dll
🐥 [ tweet ]
If you ever need to convert an EXE into a DLL: // #exe_to_dll
🔗 https://github.com/hasherezade/exe_to_dll
🐥 [ tweet ]
🤯5🔥2
😈 [ harmj0y, Will Schroeder ]
I know I haven't blogged for a bit, but I promise @tifkin_, @0xdab0, and I have been working on something cool! This is the first blog in a series on the problem set we've been tackling, leading up to what we've built to address it - "On (Structured) Data"
🔗 https://posts.specterops.io/on-structured-data-707b7d9876c6
🐥 [ tweet ]
I know I haven't blogged for a bit, but I promise @tifkin_, @0xdab0, and I have been working on something cool! This is the first blog in a series on the problem set we've been tackling, leading up to what we've built to address it - "On (Structured) Data"
🔗 https://posts.specterops.io/on-structured-data-707b7d9876c6
🐥 [ tweet ]
👍1
😈 [ snowscan, Snowscan ]
You can use the Windows Search Protocol to coerce authentication from hosts running the Windows Search Service (Win10/11 only by default) as a regular domain user. Haven't been able to do WebDAV with it though so usefulness is limited. PoC:
🔗 https://github.com/slemire/WSPCoerce
🐥 [ tweet ]
You can use the Windows Search Protocol to coerce authentication from hosts running the Windows Search Service (Win10/11 only by default) as a regular domain user. Haven't been able to do WebDAV with it though so usefulness is limited. PoC:
🔗 https://github.com/slemire/WSPCoerce
🐥 [ tweet ]
👍1
😈 [ 0xdea, raptor@infosec.exchange ]
Everything you never knew about #NAT and wish you hadn't asked
// by @ekr____
🔗 https://educatedguesswork.org/posts/nat-part-1/
🔗 https://educatedguesswork.org/posts/nat-part-2/
🔗 https://educatedguesswork.org/posts/nat-part-3/
🔗 https://educatedguesswork.org/posts/nat-part-4/
🐥 [ tweet ]
Everything you never knew about #NAT and wish you hadn't asked
// by @ekr____
🔗 https://educatedguesswork.org/posts/nat-part-1/
🔗 https://educatedguesswork.org/posts/nat-part-2/
🔗 https://educatedguesswork.org/posts/nat-part-3/
🔗 https://educatedguesswork.org/posts/nat-part-4/
🐥 [ tweet ]
🔥3
😈 [ 0xTriboulet, Steve S. ]
Check out my guest write-up on the MaliciousGroup blog.
If you're interested in C, inline assembly, and return address spoofing, this is the writeup you're looking for.
@deadvolvo
🔗 https://blog.malicious.group/inline-assembly/
🐥 [ tweet ]
Check out my guest write-up on the MaliciousGroup blog.
If you're interested in C, inline assembly, and return address spoofing, this is the writeup you're looking for.
@deadvolvo
🔗 https://blog.malicious.group/inline-assembly/
🐥 [ tweet ]
🔥1
😈 [ fin3ss3g0d, fin3ss3g0d ]
Check out my multi-threaded version of secretsdump[.]py!
🔗 https://github.com/fin3ss3g0d/secretsdump.py
🐥 [ tweet ]
Check out my multi-threaded version of secretsdump[.]py!
🔗 https://github.com/fin3ss3g0d/secretsdump.py
🐥 [ tweet ]
🔥1
😈 [ dec0ne, Mor Davidovich ]
First blog post in our upcoming series - "Path to DA" where Shlomi and I will be sharing our experiences, stories, strategies and techniques for achieving Domain Admin privileges on engagements.
Mine is up next, stay tuned!
🔗 https://shorsec.io/blog/the-path-to-da-part-1-sysadmins-love-generic-passwords/
🐥 [ tweet ][ quote ]
First blog post in our upcoming series - "Path to DA" where Shlomi and I will be sharing our experiences, stories, strategies and techniques for achieving Domain Admin privileges on engagements.
Mine is up next, stay tuned!
🔗 https://shorsec.io/blog/the-path-to-da-part-1-sysadmins-love-generic-passwords/
🐥 [ tweet ][ quote ]
🔥3🤯1
😈 [ D1rkMtr, D1rkMtr ]
Inspired by @_EthicalChaos_'s talk on Threadless Process injection, created another approach using C:
🔗 https://github.com/TheD1rkMtr/D1rkInject
🐥 [ tweet ]
Inspired by @_EthicalChaos_'s talk on Threadless Process injection, created another approach using C:
🔗 https://github.com/TheD1rkMtr/D1rkInject
🐥 [ tweet ]
X (formerly Twitter)
Saad AHLA (@d1rkmtr) on X
Security researcher @AlteredSecurity
🔥1
😈 [ the_bit_diddler, sinusoid ]
If you're not containerizing your neo4j database for Bloodhound, you're doing it wrong.
Instantly transferrable and redeployable for colleagues.
#RedTeamTips
🐥 [ tweet ]
If you're not containerizing your neo4j database for Bloodhound, you're doing it wrong.
docker run -itd -p 7687:7687 -p 7474:7474 --env NEO4J_AUTH=neo4j/YOURPASSWORD -v $(pwd)/neo4j:/data neo4j:4.4-communityInstantly transferrable and redeployable for colleagues.
#RedTeamTips
🐥 [ tweet ]
🔥3
Куdos коллегам из Awillix (@justsecurity) и всем причастным за крутую инициативу Pentest Award – было приятно посоревноваться, поддержать такое уникальное начинание, как первая премия для пентестеров, и в аналоговом мире поздороваться с топовым спецами) Как договорились, материалы номинаций будут собраны в отдельный номер для ][, поэтому сейчас без спойлеров. Как говорится, stay tuned, самому не терпится попалить работы других выступавших 🟢 🟢
#pentestaward
#pentestaward
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥32
Forwarded from 𝖝𝖓𝖝 𝖘𝖔𝖋𝖙𝖜𝖆𝖗𝖊 𝖋𝖔𝖚𝖓𝖉𝖆𝖙𝖎𝖔𝖓
Буквально недавно OWASP выкатили релиз Security Top 10 для API. Измения не сильно большие, нарисовала картиночку для наглядности 😈
Подробности в доках https://owasp.org/API-Security/editions/2023/en/0x00-notice/
🥰 всем пис 🥰
Подробности в доках https://owasp.org/API-Security/editions/2023/en/0x00-notice/
Please open Telegram to view this post
VIEW IN TELEGRAM
👍6🔥1
😈 [ _atsika, Atsika ]
I've just started a blog on #maldev and #redteaming. Nothing fancy yet, just me trying to see if I've understood correctly.
The first post is about a custom version of GetModuleHandle and GetProcAddress in #go.
Check it out:
🔗 https://blog.atsika.ninja/posts/custom_getmodulehandle_getprocaddress/
🐥 [ tweet ]
I've just started a blog on #maldev and #redteaming. Nothing fancy yet, just me trying to see if I've understood correctly.
The first post is about a custom version of GetModuleHandle and GetProcAddress in #go.
Check it out:
🔗 https://blog.atsika.ninja/posts/custom_getmodulehandle_getprocaddress/
🐥 [ tweet ]
🔥2