Куdos коллегам из Awillix (@justsecurity) и всем причастным за крутую инициативу Pentest Award – было приятно посоревноваться, поддержать такое уникальное начинание, как первая премия для пентестеров, и в аналоговом мире поздороваться с топовым спецами) Как договорились, материалы номинаций будут собраны в отдельный номер для ][, поэтому сейчас без спойлеров. Как говорится, stay tuned, самому не терпится попалить работы других выступавших 🟢 🟢
#pentestaward
#pentestaward
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥32
Forwarded from 𝖝𝖓𝖝 𝖘𝖔𝖋𝖙𝖜𝖆𝖗𝖊 𝖋𝖔𝖚𝖓𝖉𝖆𝖙𝖎𝖔𝖓
Буквально недавно OWASP выкатили релиз Security Top 10 для API. Измения не сильно большие, нарисовала картиночку для наглядности 😈
Подробности в доках https://owasp.org/API-Security/editions/2023/en/0x00-notice/
🥰 всем пис 🥰
Подробности в доках https://owasp.org/API-Security/editions/2023/en/0x00-notice/
Please open Telegram to view this post
VIEW IN TELEGRAM
👍6🔥1
😈 [ _atsika, Atsika ]
I've just started a blog on #maldev and #redteaming. Nothing fancy yet, just me trying to see if I've understood correctly.
The first post is about a custom version of GetModuleHandle and GetProcAddress in #go.
Check it out:
🔗 https://blog.atsika.ninja/posts/custom_getmodulehandle_getprocaddress/
🐥 [ tweet ]
I've just started a blog on #maldev and #redteaming. Nothing fancy yet, just me trying to see if I've understood correctly.
The first post is about a custom version of GetModuleHandle and GetProcAddress in #go.
Check it out:
🔗 https://blog.atsika.ninja/posts/custom_getmodulehandle_getprocaddress/
🐥 [ tweet ]
🔥2
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ bishopfox, Bishop Fox ]
We just published a detailed analysis of #CVE-2023-3519, which we previously wrote about. Today, we’re going even further into how this #RCE vulnerability can be exploited.
Our team created a #python noscript for generating shellcode given the fixup address and callback URL by calling nasm from Python. The final #exploit with addresses for VPX version 13.1-48.47 is available on our #GitHub.
🔗 bfx.social/3YjMxpz
#infosec #Citrix
🐥 [ tweet ]
We just published a detailed analysis of #CVE-2023-3519, which we previously wrote about. Today, we’re going even further into how this #RCE vulnerability can be exploited.
Our team created a #python noscript for generating shellcode given the fixup address and callback URL by calling nasm from Python. The final #exploit with addresses for VPX version 13.1-48.47 is available on our #GitHub.
🔗 bfx.social/3YjMxpz
#infosec #Citrix
🐥 [ tweet ]
🔥4
Offensive Xwitter
😈 [ bishopfox, Bishop Fox ] We just published a detailed analysis of #CVE-2023-3519, which we previously wrote about. Today, we’re going even further into how this #RCE vulnerability can be exploited. Our team created a #python noscript for generating shellcode…
😈 [ noperator, noperator ]
We're following others by publishing our exploit (and shellcode generator) for the critical-severity CVE-2023-3519, preauth RCE in Citrix ADC Gateway. If you haven't patched yet—do. 🩹
🔗 https://github.com/BishopFox/CVE-2023-3519
🐥 [ tweet ][ quote ]
We're following others by publishing our exploit (and shellcode generator) for the critical-severity CVE-2023-3519, preauth RCE in Citrix ADC Gateway. If you haven't patched yet—do. 🩹
🔗 https://github.com/BishopFox/CVE-2023-3519
🐥 [ tweet ][ quote ]
🔥2
👹 [ snovvcrash, sn🥶vvcr💥sh ]
FYI, #masscan users. The original masscan does NOT include the ‘TCP options’ field with MSS value which is required for some hosts to reply to the packet. The fork by @IvreRocks features the
For me that’s the masscan version of choice from now on:
🔗 https://github.com/ivre/masscan
🐥 [ tweet ]
FYI, #masscan users. The original masscan does NOT include the ‘TCP options’ field with MSS value which is required for some hosts to reply to the packet. The fork by @IvreRocks features the
--tcpmss switch that includes the mentioned field for your better scope coverage.For me that’s the masscan version of choice from now on:
🔗 https://github.com/ivre/masscan
🐥 [ tweet ]
🔥10🥱2🤔1
😈 [ _wald0, Andy Robbins ]
I am proud to announce the release of BloodHound CE!
Blog:
🔗 https://posts.specterops.io/bloodhound-community-edition-a-new-era-d64689806e90
Webinar:
🔗 https://ghst.ly/3Om0jDo
🐥 [ tweet ]
I am proud to announce the release of BloodHound CE!
Blog:
🔗 https://posts.specterops.io/bloodhound-community-edition-a-new-era-d64689806e90
Webinar:
🔗 https://ghst.ly/3Om0jDo
🐥 [ tweet ]
👍3
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ _wald0, Andy Robbins ]
Have Docker? Run BloodHound CE with one command:
🐥 [ tweet ]
Have Docker? Run BloodHound CE with one command:
curl -L https://github.com/SpecterOps/BloodHound/raw/main/examples/docker-compose/docker-compose.yml | docker compose -f - up🐥 [ tweet ]
🔥9
😈 [ DiLomSec1, Diegolomellini ]
As promised, here is a blogpost on SharpSCCMs new AdminService/CMPivot capabilities. The creator of SharpSCCM, @_Mayyhem and I will be at the SpecterOps booth tomorrow @ 11am and ARSENAL @ 11:30am Thursday presenting SCCM takeover and post-ex techniques
🔗 https://medium.com/@dlomellini/lateral-movement-without-lateral-movement-brought-to-you-by-configmgr-9b79b04634c7
🐥 [ tweet ]
As promised, here is a blogpost on SharpSCCMs new AdminService/CMPivot capabilities. The creator of SharpSCCM, @_Mayyhem and I will be at the SpecterOps booth tomorrow @ 11am and ARSENAL @ 11:30am Thursday presenting SCCM takeover and post-ex techniques
🔗 https://medium.com/@dlomellini/lateral-movement-without-lateral-movement-brought-to-you-by-configmgr-9b79b04634c7
🐥 [ tweet ]
👍1🔥1
😈 [ exploitph, Charlie Clark ]
my latest post on abusing DES using Kerberos, I've not updated my RoastInTheMiddle tool yet but I'll be doing that shortly, enjoy:
🔗 https://exploit.ph/des-is-useful.html
🐥 [ tweet ]
my latest post on abusing DES using Kerberos, I've not updated my RoastInTheMiddle tool yet but I'll be doing that shortly, enjoy:
🔗 https://exploit.ph/des-is-useful.html
🐥 [ tweet ]
👍5
😈 [ ShitSecure, S3cur3Th1sSh1t ]
Wrote something on how to bypass Google Safe Browsing for Phishing campaigns🧐
🔗 https://www.r-tec.net/r-tec-blog-evade-signature-based-phishing-detections.html
🐥 [ tweet ]
Wrote something on how to bypass Google Safe Browsing for Phishing campaigns🧐
🔗 https://www.r-tec.net/r-tec-blog-evade-signature-based-phishing-detections.html
🐥 [ tweet ]
👍1🔥1
😈 [ _RastaMouse, Rasta Mouse ]
[BLOG]
Short post on using the Process Inject Kit in Cobalt Strike, which I feel is quite under-utilized based on the projects I've seen online.
🔗 https://offensivedefence.co.uk/posts/cs-process-inject-kit/
🐥 [ tweet ]
[BLOG]
Short post on using the Process Inject Kit in Cobalt Strike, which I feel is quite under-utilized based on the projects I've seen online.
🔗 https://offensivedefence.co.uk/posts/cs-process-inject-kit/
🐥 [ tweet ]
🔥1
😈 [ joehowwolf, William Burgess ]
New Cobalt Strike blog by @HenriNurmi - Simplifying BOF Development: Debug, Test, and Save Your B(e)acon
All in VS BOF template available in latest Arsenal kit release!
🔗 https://www.cobaltstrike.com/blog/simplifying-bof-development
🐥 [ tweet ]
New Cobalt Strike blog by @HenriNurmi - Simplifying BOF Development: Debug, Test, and Save Your B(e)acon
All in VS BOF template available in latest Arsenal kit release!
🔗 https://www.cobaltstrike.com/blog/simplifying-bof-development
🐥 [ tweet ]
🔥1
😈 [ garrfoster, Garrett ]
SCCM Site takeover by abusing the AdminService API. In this blog, I walkthrough the discovery process and demonstrate site takeover via credential relaying.
🔗 https://medium.com/specter-ops-posts/site-takeover-via-sccms-adminservice-api-d932e22b2bf
🐥 [ tweet ]
SCCM Site takeover by abusing the AdminService API. In this blog, I walkthrough the discovery process and demonstrate site takeover via credential relaying.
🔗 https://medium.com/specter-ops-posts/site-takeover-via-sccms-adminservice-api-d932e22b2bf
🐥 [ tweet ]
🔥5
😈 [ 0xTriboulet, Steve S. ]
Use C, and some inline assembly, to create a self-extracting shellcode executable!
This solution was inspired by @hasherezade's C to Shellcode method, and was the basis for my solution to @MalDevAcademy's shellcode challenge.
Check it out!
🔗 https://steve-s.gitbook.io/0xtriboulet/just-malicious/from-c-with-inline-assembly-to-shellcode
🐥 [ tweet ]
Use C, and some inline assembly, to create a self-extracting shellcode executable!
This solution was inspired by @hasherezade's C to Shellcode method, and was the basis for my solution to @MalDevAcademy's shellcode challenge.
Check it out!
🔗 https://steve-s.gitbook.io/0xtriboulet/just-malicious/from-c-with-inline-assembly-to-shellcode
🐥 [ tweet ]
🔥1
😈 [ harmj0y, Will Schroeder - ✈ HACKER SUMMER CAMP ]
@tifkin_ , @0xdab0 , and I are very proud to announce that the alpha release of Nemesis is now public! The code is at and we have a post explaining details at 1/3
🔗 https://github.com/SpecterOps/Nemesis
🔗 https://posts.specterops.io/hacking-with-your-nemesis-7861f75fcab4
🐥 [ tweet ]
@tifkin_ , @0xdab0 , and I are very proud to announce that the alpha release of Nemesis is now public! The code is at and we have a post explaining details at 1/3
🔗 https://github.com/SpecterOps/Nemesis
🔗 https://posts.specterops.io/hacking-with-your-nemesis-7861f75fcab4
🐥 [ tweet ]
🔥1
😈 [ _xpn_, Adam Chester ]
Second blog post to finish out the week. Expanding on a previous tweet to look at how LAPS 2.0 crypto works, how the PowerShell Get-LAPSADPassword cmdlet works, and provided a quick BOF to do pull and decrypt msLAPS-EncryptedPassword
🔗 https://blog.xpnsec.com/lapsv2-internals/
🐥 [ tweet ]
Second blog post to finish out the week. Expanding on a previous tweet to look at how LAPS 2.0 crypto works, how the PowerShell Get-LAPSADPassword cmdlet works, and provided a quick BOF to do pull and decrypt msLAPS-EncryptedPassword
🔗 https://blog.xpnsec.com/lapsv2-internals/
🐥 [ tweet ]
👍2