Offensive Xwitter – Telegram
Offensive Xwitter
@OffensiveTwitter
19.4K subscribers
908 photos
48 videos
21 files
2.09K links
~$ socat TWITTER-LISTEN:443,fork,reuseaddr TELEGRAM:1.3.3.7:31337

Disclaimer: https://news.1rj.ru/str/OffensiveTwitter/546
Download Telegram
About
Blog
Apps
Platform
Join
Offensive Xwitter
19.4K subscribers
Offensive Xwitter
😈 [ SkelSec @SkelSec ]

Weeeee! My Defcon talk is now on Youtube!

🔗 https://www.youtube.com/watch?v=7oAZK8x_mL0
🔗 https://github.com/skelsec/wsnet
🔗 https://github.com/skelsec/wsnet-dotnet

🐥 [ tweet ]

@skelsec гений, indeed
👍2🔥1
1.8K views
Offensive Xwitter
Offensive Xwitter
😈 [ SkelSec @SkelSec ] Weeeee! My Defcon talk is now on Youtube! 🔗 https://www.youtube.com/watch?v=7oAZK8x_mL0 🔗 https://github.com/skelsec/wsnet 🔗 https://github.com/skelsec/wsnet-dotnet 🐥 [ tweet ] @skelsec гений, indeed
Tamas Jos - Spooky authentication at a distance.pdf
3.6 MB
👍2🔥1
1.74K views
Offensive Xwitter
😈 [ Adam Chester 🏴‍☠️ @_xpn_ ]

My Okta for Red Teamers post is up! We look at how Kerberos SSO works, how to intercept credentials via a fake AD Agent, decrypting AD Agent tokens, adding skeleton key's, and even how to deploy a janky SAML IdP server to auth as any user for good measure.

🔗 https://www.trustedsec.com/blog/okta-for-red-teamers/

🐥 [ tweet ]
🔥2
1.5K views
Offensive Xwitter
Offensive Xwitter
😈 [ Adam Chester 🏴‍☠️ @_xpn_ ] My Okta for Red Teamers post is up! We look at how Kerberos SSO works, how to intercept credentials via a fake AD Agent, decrypting AD Agent tokens, adding skeleton key's, and even how to deploy a janky SAML IdP server to auth…
😈 [ јаmеѕ ███████ @rotarydrone ]

Awesome stuff 🔥 The AD agent hijack here is much stealthier (and cooler) than injecting a DLL.

Here's a nim example for LogonUser hooking, ala PTASpy or @_xpn_'s blog on AADC for red teams. This also works for the AD agent:

🔗 https://gist.githubusercontent.com/rotarydrone/645f77f7e778da75800d1cde4013da2f/raw/a7a12e6e4529f4d09037ee6d908ead89500aa1ad/LogonUserSpy.nim

🐥 [ tweet ][ quote ]
🔥2
1.86K views
Offensive Xwitter
😈 [ Dylan Tran @d_tranman ]

Dug into call stacks spoofing for the past few months and wrote something. Hopefully this is helpful.

🔗 https://dtsec.us/2023-09-15-StackSpoofin/

🐥 [ tweet ]
🔥2
1.92K views
Offensive Xwitter
😈 [ Greg Darwin @gregdarwin ]

Cobalt Strike 4.9 is now live. This release adds UDRL support for post-ex DLLs, the ability to export Beacon without a reflective loader, support for callbacks, a Beacon data store and more. Check out the blog post for details:

🔗 https://www.cobaltstrike.com/blog/cobalt-strike-49-take-me-to-your-loader

🐥 [ tweet ]
🔥2
1.99K views
Offensive Xwitter
Психанул, когда rpcclient в очередной раз сломался о старые протоколы, а сделать резолв имя↔️сид надо было здесь и сейчас:

🔗 https://github.com/fortra/impacket/pull/1618
GitHub
Add lookupname.py example by snovvcrash · Pull Request #1618 · fortra/impacket
A tiny example for hLsarLookupNames3 and hLsarLookupSids2 calls that I use when rpcclient refuses to work 😒
🔥8😁1
2.16K views
Offensive Xwitter
😈 [ Omri Baso @omri_baso ]

Any new novel technique I researched for lateral movement by stealing tokens while abusing the RPC named pipe \\pipe\LSM_API_service

🔗 https://medium.com/p/a23965e8227e

🐥 [ tweet ]
🔥1
1.71K viewsedited  
Offensive Xwitter
😈 [ Rasta Mouse @_RastaMouse ]

Experimenting with a basic stage0 that allows you to roll your own implants and stage them from external C2 frameworks.

🔗 https://youtu.be/wvDm6Ro0g1g

🐥 [ tweet ]
🔥2
1.99K views
Offensive Xwitter
😈 [ MalDev Academy @MalDevAcademy ]

Our EXE loader is now available to everyone on GitHub:

We'll be uploading more repositories on our GitHub in the future.

🔗 https://github.com/Maldev-Academy/MaldevAcademyLdr.1

🐥 [ tweet ]
🔥1
1.97K viewsedited  
Offensive Xwitter
😈 [ Louis Dion-Marcil @ldionmarcil ]

Outlook for Windows can be tricked into displaying a fake domain, but open another one. Add a <base> tag with a fake domain + left-to-right mark (U+200E)
Links in <a> tags will show the fake domain, but open the real domain.
No need to buy .zip! :) Convincing #phishing #redteam

🐥 [ tweet ]
🔥5👍1🥱1
2.12K views
Offensive Xwitter
Хз че это, но все постят https://news.1rj.ru/str/OffensiveTwitter?boost
🥱16👍3
1.93K views
Offensive Xwitter
😈 [ Chris Thompson @_Mayyhem ]

The entire SCCM hierarchy is vulnerable to takeover from any primary site because by design, there is no security boundary between sites in the same hierarchy. Check out my new post to learn more about how this can be abused, mitigated, and detected!

🔗 https://posts.specterops.io/sccm-hierarchy-takeover-41929c61e087

🐥 [ tweet ]
🔥1
1.75K views
Offensive Xwitter
😈 [ Tobias Neitzel @qtc_de ]

Standing on the shoulders of giants like silverf0x and @tiraniddo I created rpv - a @v_language library for analyzing Windows RPC servers - and rpv-web as a browser based frontend. Very similar to #RpcView but also different 😉

🔗 https://github.com/qtc-de/rpv
🔗 https://github.com/qtc-de/rpv-web

🐥 [ tweet ]
👍1🔥1
1.91K views
Offensive Xwitter
😈 [ Rémi GASCOU (Podalirius) @podalirius_ ]

Today I'm releasing #LDAPWordlistHarvester, a new tool for generate a wordlist based on the LDAP, in order to crack passwords of domain accounts. 🥳

The generated wordlist cracked way more passwords than rockyou2021 on my latest client.

🔗 https://github.com/p0dalirius/LDAPWordlistHarvester

🐥 [ tweet ]
🔥4
3.22K views
Offensive Xwitter
Не проксичейнсом едины!

Так-так-так, други. Вангую, вы уже давно искали переносимую альтернативу proxychains[-ng], да которая бы еще и работала не на LD_PRELOAD-хуках, чтобы уметь редиректить пидорский Golang?.. На удивление, такая альтернатива есть – вот чему сегодня научили коллеги:

🔗 https://github.com/hmgle/graftcp

Выше пример с неработавшим ранее (через проксичейнс) go-windapsearch
🔥13👍1
19.7K viewsedited  
Offensive Xwitter
😈 [ Dominic Chell 👻 @domchell ]

Spent some time refreshing my memory on ETW TI tonight. As a red teamer it's really important to get a good understanding of what the defenders/EDRs can see. Using the excellent Havoc as an example, let's have a peak...

🔗 https://threadreaderapp.com/thread/1706772248802291929.html

🐥 [ tweet ]
🔥3
2.06K views
Offensive Xwitter
Offensive Xwitter
Куdos коллегам из Awillix (@justsecurity) и всем причастным за крутую инициативу Pentest Award – было приятно посоревноваться, поддержать такое уникальное начинание, как первая премия для пентестеров, и в аналоговом мире поздороваться с топовым спецами) Как…
Ксакеп порционно публикует райтапы:

🔗 https://xakep.ru/2023/09/21/perimeter-silver/

🔗 https://xakep.ru/2023/09/22/seedr-hack/

🔗 https://xakep.ru/2023/09/27/pentest-award-bypass/ (мама, я в телевизоре)

🔗 https://xakep.ru/2023/09/29/fuck-the-logic/

🔗 https://xakep.ru/2023/10/03/macos-lpe/
🔥13👍1
2.07K viewsedited  
Offensive Xwitter
😈 [ Orange Cyberdefense's SensePost Team @sensepost ]

Traditional methods of blinding EDR's are to remove hooks. In this post @vikingfr investigates a new technique (and tool) for blinding an EDR in kernel land by limiting connections to the EDR driver's filter communication port.

🔗 https://sensepost.com/blog/2023/filter-mute-operation-investigating-edr-internal-communication/
🔗 https://v1k1ngfr.github.io/edrsnowblast/

🐥 [ tweet ]

ультра интересно про препятствие взаимодействия подсистем user mode <-> kernel mode EDR, ослепление последнего без вайпа ядерных колбеков

ссылочки про BYOVD я коллекционирую вот тут:

🔗 https://ppn.snovvcrash.rocks/pentest/infrastructure/ad/av-edr-evasion/byovd
👍6🔥1
4.28K views