😈 [ an0n_r0, an0n ]
found Mimikatz
🐥 [ tweet ]
found Mimikatz
dpapi::chrome (for decrypting chrome/msedge secrets) fails with No Alg/Key handle error now. seems to be the encrypted_key parser from the Local State file is broken. no worries, it is possible to feed it with the encrypted_key directly, here is what I mean.🐥 [ tweet ]
🔥6
😈 [ nickvourd, NCV ]
Hello World! This Supernova Beta version... This tool was designed by @nickvourd, @Papadope9 and @IAMCOMPROMISED... Soon the official release...
🔗 https://github.com/nickvourd/Supernova
🐥 [ tweet ]
Hello World! This Supernova Beta version... This tool was designed by @nickvourd, @Papadope9 and @IAMCOMPROMISED... Soon the official release...
🔗 https://github.com/nickvourd/Supernova
🐥 [ tweet ]
🔥3🥱1
😈 [ MDSecLabs, MDSec ]
In our latest post, @breakfix details how we were able to publish a malicious VSCode extension to the marketplace and leverage it for initial access during a red team
🔗 https://www.mdsec.co.uk/2023/08/leveraging-vscode-extensions-for-initial-access/
🔗 https://vimeo.com/853281700?share=copy
🐥 [ tweet ]
In our latest post, @breakfix details how we were able to publish a malicious VSCode extension to the marketplace and leverage it for initial access during a red team
🔗 https://www.mdsec.co.uk/2023/08/leveraging-vscode-extensions-for-initial-access/
🔗 https://vimeo.com/853281700?share=copy
🐥 [ tweet ]
👍8
Media is too big
VIEW IN TELEGRAM
😈 [ fortunato lodari @flodari ]
Are you tired of failing to create DNS Entry for DavRelay?
LPE with:
no AV/EDR detection, only SIEM (if) checks on LDAP changes
#redteam #LPE #DAVRelay #FUD
🐥 [ tweet ]
+ демо на кобе:
🔗 https://threadreaderapp.com/thread/1697922181684936753.html
Are you tired of failing to create DNS Entry for DavRelay?
LPE with:
ssh -R +
addcomputer.py +
Proxychains +
Proxylite +
PetitPotam +
rbcd_relayno AV/EDR detection, only SIEM (if) checks on LDAP changes
#redteam #LPE #DAVRelay #FUD
🐥 [ tweet ]
+ демо на кобе:
🔗 https://threadreaderapp.com/thread/1697922181684936753.html
🔥10
😈 [ theluemmel, LuemmelSec ]
Lsass Dump against Defender for Endpoint - check
Thanks @tastypepperoni
🔗 https://github.com/tastypepperoni/PPLBlade
🐥 [ tweet ]
Lsass Dump against Defender for Endpoint - check
Thanks @tastypepperoni
🔗 https://github.com/tastypepperoni/PPLBlade
🐥 [ tweet ]
🔥2👍1
😈 [ Synacktiv, Synacktiv ]
During a recent Active Directory intrusion test, @croco_byte was led to devise a new versatile attack vector targeting Group Policy Objects, allowing their exploitation through NTLM relaying.
🔗 https://www.synacktiv.com/publications/gpoddity-exploiting-active-directory-gpos-through-ntlm-relaying-and-more
🐥 [ tweet ]
During a recent Active Directory intrusion test, @croco_byte was led to devise a new versatile attack vector targeting Group Policy Objects, allowing their exploitation through NTLM relaying.
🔗 https://www.synacktiv.com/publications/gpoddity-exploiting-active-directory-gpos-through-ntlm-relaying-and-more
🐥 [ tweet ]
🔥2
😈 [ Tw1sm, Matt Creel ]
Been playing with SQLRecon by @sanjivkawa to learn more about attacking SQL server - awesome tool in an area I haven’t scrutinized enough on tests for creds/lateral movement
Created a Python port, PySQLRecon, while labbing out the attack scenarios
🔗 https://github.com/Tw1sm/PySQLRecon
🐥 [ tweet ]
Been playing with SQLRecon by @sanjivkawa to learn more about attacking SQL server - awesome tool in an area I haven’t scrutinized enough on tests for creds/lateral movement
Created a Python port, PySQLRecon, while labbing out the attack scenarios
🔗 https://github.com/Tw1sm/PySQLRecon
🐥 [ tweet ]
🔥4
😈 [ Idov31, Ido Veltzman ]
Part 5 of Lord Of The Ring0 is out!
On this part, I explained how APC and thread injection made from the kernel to a user mode process, IRP & SSDT hook, why they don't work anymore (and their alternatives)
#infosec #CyberSecurity
🔗 https://idov31.github.io/2023/07/19/lord-of-the-ring0-p5.html
🐥 [ tweet ]
Part 5 of Lord Of The Ring0 is out!
On this part, I explained how APC and thread injection made from the kernel to a user mode process, IRP & SSDT hook, why they don't work anymore (and their alternatives)
#infosec #CyberSecurity
🔗 https://idov31.github.io/2023/07/19/lord-of-the-ring0-p5.html
🐥 [ tweet ]
🔥1
😈 [ Rasta Mouse @_RastaMouse ]
[BLOG]
Ok, I've written about my experience of battling with both managed and unmanaged memory allocations to try and improve @FuzzySec's Melkor POC.
🔗 https://rastamouse.me/building-a-slightly-better-melkor/
🐥 [ tweet ][ quote ]
[BLOG]
Ok, I've written about my experience of battling with both managed and unmanaged memory allocations to try and improve @FuzzySec's Melkor POC.
🔗 https://rastamouse.me/building-a-slightly-better-melkor/
🐥 [ tweet ][ quote ]
🔥2
😈 [ Kostas @Kostastsale ]
New blog: Understanding Red to Be Better at Blue: Navigating New CrackMapExec Updates
✅Keeping up with the red team
✅Breaking down CME’s new key features
✅From code to behavioural hunting & detections
✅Illustrations with examples
🔗 https://buff.ly/47Xm6KF
🐥 [ tweet ]
New blog: Understanding Red to Be Better at Blue: Navigating New CrackMapExec Updates
✅Keeping up with the red team
✅Breaking down CME’s new key features
✅From code to behavioural hunting & detections
✅Illustrations with examples
🔗 https://buff.ly/47Xm6KF
🐥 [ tweet ]
👍3
Offensive Xwitter
😂😂😂
😈 [ Wietze @Wietze ]
Were you aware standard VSCode can be turned into a fully-functioning RAT with a single command?
✅Popular/MS-signed exe
✅Uses MS network infra
✅VSCode is always noisy, abuse may not stand out
🔥Open/edit/delete files, run arbitrary commands
Solid find:
🔗 https://badoption.eu/blog/2023/01/31/code_c2.html
🐥 [ tweet ]
Were you aware standard VSCode can be turned into a fully-functioning RAT with a single command?
✅Popular/MS-signed exe
✅Uses MS network infra
✅VSCode is always noisy, abuse may not stand out
🔥Open/edit/delete files, run arbitrary commands
Solid find:
🔗 https://badoption.eu/blog/2023/01/31/code_c2.html
🐥 [ tweet ]
🔥5
😈 [ Clandestine @akaclandestine ]
𝘼𝙑/𝙀𝘿𝙍 𝙀𝙫𝙖𝙨𝙞𝙤𝙣 | 𝙈𝙖𝙡𝙬𝙖𝙧𝙚 𝘿𝙚𝙫𝙚𝙡𝙤𝙥𝙢𝙚𝙣𝙩 👾
🔗 Part 1 - https://medium.com/@0xHossam/av-edr-evasion-malware-development-933e50f47af5
🔗 Part 2 - https://medium.com/@0xHossam/av-edr-evasion-malware-development-p2-7a947f7db354
🔗 Part 3 - https://medium.com/@0xHossam/unhooking-memory-object-hiding-3229b75618f7
🔗 Part 4 - https://medium.com/@0xHossam/av-edr-evasion-malware-development-p-4-162662bb630e
🐥 [ tweet ]
𝘼𝙑/𝙀𝘿𝙍 𝙀𝙫𝙖𝙨𝙞𝙤𝙣 | 𝙈𝙖𝙡𝙬𝙖𝙧𝙚 𝘿𝙚𝙫𝙚𝙡𝙤𝙥𝙢𝙚𝙣𝙩 👾
🔗 Part 1 - https://medium.com/@0xHossam/av-edr-evasion-malware-development-933e50f47af5
🔗 Part 2 - https://medium.com/@0xHossam/av-edr-evasion-malware-development-p2-7a947f7db354
🔗 Part 3 - https://medium.com/@0xHossam/unhooking-memory-object-hiding-3229b75618f7
🔗 Part 4 - https://medium.com/@0xHossam/av-edr-evasion-malware-development-p-4-162662bb630e
🐥 [ tweet ]
🔥7
😈 [ Greg Darwin @gregdarwin ]
A new Cobalt Strike blog post just dropped. This is the second in the series on UDRL development, and covers obfuscation and masking. It is accompanied by some major updates to the UDRL-VS kit.
🔗 https://www.cobaltstrike.com/blog/revisiting-the-udrl-part-2-obfuscation-masking
🐥 [ tweet ]
A new Cobalt Strike blog post just dropped. This is the second in the series on UDRL development, and covers obfuscation and masking. It is accompanied by some major updates to the UDRL-VS kit.
🔗 https://www.cobaltstrike.com/blog/revisiting-the-udrl-part-2-obfuscation-masking
🐥 [ tweet ]
👍3
😈 [ Andrew Oliveau @AndrewOliveau ]
💥BOOM!💥 Another privilege escalation blog, this time showcasing how to convert arbitrary file deletions 🗑️ to SYSTEM command prompt🌈 CVE-2023-27470. Learn about TOCTOU, pseudo-symlinks, MSI rollback exploits, and, of course, how to protect yourselves!
🔗 https://www.mandiant.com/resources/blog/arbitrary-file-deletion-vulnerabilities
🐥 [ tweet ]
💥BOOM!💥 Another privilege escalation blog, this time showcasing how to convert arbitrary file deletions 🗑️ to SYSTEM command prompt🌈 CVE-2023-27470. Learn about TOCTOU, pseudo-symlinks, MSI rollback exploits, and, of course, how to protect yourselves!
🔗 https://www.mandiant.com/resources/blog/arbitrary-file-deletion-vulnerabilities
🐥 [ tweet ]
🔥4
😈 [ ShorSec Cyber Security @ShorSecLtd ]
🔥New Blog Post Alert!
The next chapter in our "The Path to DA" series is now live: "(Relaying) To The Internet And Back".
This entry, by @dec0ne, explores yet another route to DA, focusing on the intricacies of ADIDNS Abuse, LDAP relay, RBCD, and more.
🔗 https://shorsec.io/blog/the-path-to-da-part-2-relaying-to-the-internet-and-back/
🐥 [ tweet ]
🔥New Blog Post Alert!
The next chapter in our "The Path to DA" series is now live: "(Relaying) To The Internet And Back".
This entry, by @dec0ne, explores yet another route to DA, focusing on the intricacies of ADIDNS Abuse, LDAP relay, RBCD, and more.
🔗 https://shorsec.io/blog/the-path-to-da-part-2-relaying-to-the-internet-and-back/
🐥 [ tweet ]
👍2🔥1
😈 [ Vincent Yiu @vysecurity ]
DevTunnels, blue are going to begin searching for DevTunnels.ms. Get ready ahead of time and use domains like:
🐥 [ tweet ]
DevTunnels, blue are going to begin searching for DevTunnels.ms. Get ready ahead of time and use domains like:
global.rel.tunnels.api.visualstudio.com
tunnels-prod-rel-tm.trafficmanager.net
*.app.github.dev
🔗 https://www.syonsecurity.com/post/devtunnels-for-c2🐥 [ tweet ]
🔥2