😈 [ Louis Dion-Marcil @ldionmarcil ]
Outlook for Windows can be tricked into displaying a fake domain, but open another one. Add a <base> tag with a fake domain + left-to-right mark (U+200E)
Links in <a> tags will show the fake domain, but open the real domain.
No need to buy .zip! :) Convincing #phishing #redteam
🐥 [ tweet ]
Outlook for Windows can be tricked into displaying a fake domain, but open another one. Add a <base> tag with a fake domain + left-to-right mark (U+200E)
Links in <a> tags will show the fake domain, but open the real domain.
No need to buy .zip! :) Convincing #phishing #redteam
🐥 [ tweet ]
🔥5👍1🥱1
Хз че это, но все постят https://news.1rj.ru/str/OffensiveTwitter?boost
🥱16👍3
😈 [ Chris Thompson @_Mayyhem ]
The entire SCCM hierarchy is vulnerable to takeover from any primary site because by design, there is no security boundary between sites in the same hierarchy. Check out my new post to learn more about how this can be abused, mitigated, and detected!
🔗 https://posts.specterops.io/sccm-hierarchy-takeover-41929c61e087
🐥 [ tweet ]
The entire SCCM hierarchy is vulnerable to takeover from any primary site because by design, there is no security boundary between sites in the same hierarchy. Check out my new post to learn more about how this can be abused, mitigated, and detected!
🔗 https://posts.specterops.io/sccm-hierarchy-takeover-41929c61e087
🐥 [ tweet ]
🔥1
😈 [ Tobias Neitzel @qtc_de ]
Standing on the shoulders of giants like silverf0x and @tiraniddo I created rpv - a @v_language library for analyzing Windows RPC servers - and rpv-web as a browser based frontend. Very similar to #RpcView but also different 😉
🔗 https://github.com/qtc-de/rpv
🔗 https://github.com/qtc-de/rpv-web
🐥 [ tweet ]
Standing on the shoulders of giants like silverf0x and @tiraniddo I created rpv - a @v_language library for analyzing Windows RPC servers - and rpv-web as a browser based frontend. Very similar to #RpcView but also different 😉
🔗 https://github.com/qtc-de/rpv
🔗 https://github.com/qtc-de/rpv-web
🐥 [ tweet ]
👍1🔥1
😈 [ Rémi GASCOU (Podalirius) @podalirius_ ]
Today I'm releasing #LDAPWordlistHarvester, a new tool for generate a wordlist based on the LDAP, in order to crack passwords of domain accounts. 🥳
The generated wordlist cracked way more passwords than rockyou2021 on my latest client.
🔗 https://github.com/p0dalirius/LDAPWordlistHarvester
🐥 [ tweet ]
Today I'm releasing #LDAPWordlistHarvester, a new tool for generate a wordlist based on the LDAP, in order to crack passwords of domain accounts. 🥳
The generated wordlist cracked way more passwords than rockyou2021 on my latest client.
🔗 https://github.com/p0dalirius/LDAPWordlistHarvester
🐥 [ tweet ]
🔥4
Не проксичейнсом едины!
Так-так-так, други. Вангую, вы уже давно искали переносимую альтернативупидорский Golang?.. На удивление, такая альтернатива есть – вот чему сегодня научили коллеги:
🔗 https://github.com/hmgle/graftcp
Выше пример с неработавшим ранее (через проксичейнс) go-windapsearch ⏫
Так-так-так, други. Вангую, вы уже давно искали переносимую альтернативу
proxychains[-ng], да которая бы еще и работала не на LD_PRELOAD-хуках, чтобы уметь редиректить 🔗 https://github.com/hmgle/graftcp
Выше пример с неработавшим ранее (через проксичейнс) go-windapsearch ⏫
🔥13👍1
😈 [ Dominic Chell 👻 @domchell ]
Spent some time refreshing my memory on ETW TI tonight. As a red teamer it's really important to get a good understanding of what the defenders/EDRs can see. Using the excellent Havoc as an example, let's have a peak...
🔗 https://threadreaderapp.com/thread/1706772248802291929.html
🐥 [ tweet ]
Spent some time refreshing my memory on ETW TI tonight. As a red teamer it's really important to get a good understanding of what the defenders/EDRs can see. Using the excellent Havoc as an example, let's have a peak...
🔗 https://threadreaderapp.com/thread/1706772248802291929.html
🐥 [ tweet ]
🔥3
Offensive Xwitter
Куdos коллегам из Awillix (@justsecurity) и всем причастным за крутую инициативу Pentest Award – было приятно посоревноваться, поддержать такое уникальное начинание, как первая премия для пентестеров, и в аналоговом мире поздороваться с топовым спецами) Как…
Ксакеп порционно публикует райтапы:
🔗 https://xakep.ru/2023/09/21/perimeter-silver/
🔗 https://xakep.ru/2023/09/22/seedr-hack/
🔗 https://xakep.ru/2023/09/27/pentest-award-bypass/ (мама, я в телевизоре)
🔗 https://xakep.ru/2023/09/29/fuck-the-logic/
🔗 https://xakep.ru/2023/10/03/macos-lpe/
🔗 https://xakep.ru/2023/09/21/perimeter-silver/
🔗 https://xakep.ru/2023/09/22/seedr-hack/
🔗 https://xakep.ru/2023/09/27/pentest-award-bypass/ (мама, я в телевизоре)
🔗 https://xakep.ru/2023/09/29/fuck-the-logic/
🔗 https://xakep.ru/2023/10/03/macos-lpe/
🔥13👍1
😈 [ Orange Cyberdefense's SensePost Team @sensepost ]
Traditional methods of blinding EDR's are to remove hooks. In this post @vikingfr investigates a new technique (and tool) for blinding an EDR in kernel land by limiting connections to the EDR driver's filter communication port.
🔗 https://sensepost.com/blog/2023/filter-mute-operation-investigating-edr-internal-communication/
🔗 https://v1k1ngfr.github.io/edrsnowblast/
🐥 [ tweet ]
Traditional methods of blinding EDR's are to remove hooks. In this post @vikingfr investigates a new technique (and tool) for blinding an EDR in kernel land by limiting connections to the EDR driver's filter communication port.
🔗 https://sensepost.com/blog/2023/filter-mute-operation-investigating-edr-internal-communication/
🔗 https://v1k1ngfr.github.io/edrsnowblast/
🐥 [ tweet ]
ультра интересно про препятствие взаимодействия подсистем user mode <-> kernel mode EDR, ослепление последнего без вайпа ядерных колбеков🔗 https://ppn.snovvcrash.rocks/pentest/infrastructure/ad/av-edr-evasion/byovd
ссылочки про BYOVD я коллекционирую вот тут:
👍6🔥1
😈 [ HADESS @Hadess_security ]
The Art Of Hiding In Windows: techniques used by malicious actors to obscure their activities, making detection and analysis significantly more challenging for security professionals.
Article:
🔗 https://hadess.io/the-art-of-hiding-in-windows/
EBook:
🔗 https://hadess.io/the-art-of-hiding-in-windows-ebook/
#windows #redteam
🐥 [ tweet ]
The Art Of Hiding In Windows: techniques used by malicious actors to obscure their activities, making detection and analysis significantly more challenging for security professionals.
Article:
🔗 https://hadess.io/the-art-of-hiding-in-windows/
EBook:
🔗 https://hadess.io/the-art-of-hiding-in-windows-ebook/
#windows #redteam
🐥 [ tweet ]
(pdf-ка в комментах)👍2🔥2
😈 [ eversinc33 @eversinc33 ]
Nice tool:) Reminded me of a noscript I wrote a while ago, which is for those environments where users have to change their pws every X months, resulting in passwords like January2022. The noscript simply uses the LDAP pwdLastSet attr to generate a wordlist.
🔗 https://github.com/eversinc33/CredGuess
🐥 [ tweet ][ quote ]
Nice tool:) Reminded me of a noscript I wrote a while ago, which is for those environments where users have to change their pws every X months, resulting in passwords like January2022. The noscript simply uses the LDAP pwdLastSet attr to generate a wordlist.
🔗 https://github.com/eversinc33/CredGuess
🐥 [ tweet ][ quote ]
👍3
😈 [ Gabriel Landau @GabrielLandau ]
Watch me drop some still-unpatched Windows exploits at BlackHat:
✅ Bypass LSASS RunAsPPL
✅ Modify kernel memory
💥 Zero vulnerable drivers
Article:
🔗 http://tiny.cc/FVDX
Article #2:
🔗 http://tiny.cc/KillingPPLFault
Code:
🔗 https://github.com/gabriellandau/PPLFault
Talk:
🔗 https://youtu.be/5xteW8Tm410
🐥 [ tweet ]
Watch me drop some still-unpatched Windows exploits at BlackHat:
✅ Bypass LSASS RunAsPPL
✅ Modify kernel memory
💥 Zero vulnerable drivers
Article:
🔗 http://tiny.cc/FVDX
Article #2:
🔗 http://tiny.cc/KillingPPLFault
Code:
🔗 https://github.com/gabriellandau/PPLFault
Talk:
🔗 https://youtu.be/5xteW8Tm410
🐥 [ tweet ]
👍1🔥1
😈 [ Csaba Fitzl @theevilbit ]
🎉🥁 The wait is over. Please welcome "Dock Tile Plugins" to the persistence club. My new favorite. 🤩 In the blog:
🍎 background and details
🍎 how to create and use
🍎 how to detect
🍎 sample code and binary
🔗 https://theevilbit.github.io/beyond/beyond_0032/
🐥 [ tweet ][ quote ]
🎉🥁 The wait is over. Please welcome "Dock Tile Plugins" to the persistence club. My new favorite. 🤩 In the blog:
🍎 background and details
🍎 how to create and use
🍎 how to detect
🍎 sample code and binary
🔗 https://theevilbit.github.io/beyond/beyond_0032/
🐥 [ tweet ][ quote ]
🔥3
😈 [ Orange Cyberdefense Switzerland @orangecyberch ]
The correct IP address is sometimes all you need to exploit a remote target.
Want to know more ? Have a look at the latest post by @plopz0r on our blog:
🔗 https://blog.scrt.ch/2023/09/25/exploiting-stale-adidns-entries/
🐥 [ tweet ]
The correct IP address is sometimes all you need to exploit a remote target.
Want to know more ? Have a look at the latest post by @plopz0r on our blog:
🔗 https://blog.scrt.ch/2023/09/25/exploiting-stale-adidns-entries/
🐥 [ tweet ]
👍3
😈 [ Chetan Nayak (Brute Ratel C4 Author) @NinjaParanoid ]
Here is my blog post detailing the secure hosting of a C2 infrastructure and the exploitation of various Azure services for C2 purposes:
🔗 https://0xdarkvortex.dev/c2-infra-on-azure/
🐥 [ tweet ]
Here is my blog post detailing the secure hosting of a C2 infrastructure and the exploitation of various Azure services for C2 purposes:
🔗 https://0xdarkvortex.dev/c2-infra-on-azure/
🐥 [ tweet ]
👍3🤔1
😈 [ eversinc33 @eversinc33 ]
Wrote a blog post for my company on how we implement obfuscation for our C# post-exploitation arsenal. Discussing some detection opportunities and our ways around them. Special thx to @Flangvik for his video on SharpCollection, which is our pipelines base
🔗 https://www.r-tec.net/r-tec-blog-net-assembly-obfuscation-for-memory-scanner-evasion.html
🐥 [ tweet ]
Wrote a blog post for my company on how we implement obfuscation for our C# post-exploitation arsenal. Discussing some detection opportunities and our ways around them. Special thx to @Flangvik for his video on SharpCollection, which is our pipelines base
🔗 https://www.r-tec.net/r-tec-blog-net-assembly-obfuscation-for-memory-scanner-evasion.html
🐥 [ tweet ]
🔥3
😈 [ Md Ismail Šojal @0x0SojalSec ]
The new cs.github.com search allows for regex, which means brand new regex GitHub Dorks are possible!
Eg, find SSH and FTP passwords via connection strings with:
/ssh:\/\/.*:.*@.*target\.com/
/ftp:\/\/.*:.*@.*target\.com/
🐥 [ tweet ]
The new cs.github.com search allows for regex, which means brand new regex GitHub Dorks are possible!
Eg, find SSH and FTP passwords via connection strings with:
/ssh:\/\/.*:.*@.*target\.com/
/ftp:\/\/.*:.*@.*target\.com/
🐥 [ tweet ]
🔥4
😈 [ 📔 Michael Grafnetter @MGrafnetter ]
Introducing a new offline variant of the Golden gMSA attack against AD with time shifting. Enables Pass-the-Hash and Silver Ticket attacks. Requires access to ntds.dit backup and works until a new KDS Root Key is generated. #DSInternals CC: @YuG0rd
🔗 https://www.dsinternals.com/en/dsinternals-v4.11/
🐥 [ tweet ]
Introducing a new offline variant of the Golden gMSA attack against AD with time shifting. Enables Pass-the-Hash and Silver Ticket attacks. Requires access to ntds.dit backup and works until a new KDS Root Key is generated. #DSInternals CC: @YuG0rd
🔗 https://www.dsinternals.com/en/dsinternals-v4.11/
🐥 [ tweet ]
🔥4
This media is not supported in your browser
VIEW IN TELEGRAM
Недавно поймал себя на мысли, что я скрафтил 31337ный хацкерский промпт для zsh, а на рабочей тачке все равно пользуюсь дефолтным, потому что некрасиво пихать скрины с консолью, где 100500 эмоджи, в многомиллионные отчеты заказчикам – поймут подумают ведь, что дурачок какой-то работал. Поэтому спиздил разработал такую вот новинку – автоскрываемый промпт,
после выполнения команд в котором остается только таймстемп, который можно по красоте пихать в отчеты 🤓
🔗 https://github.com/snovvcrash/dotfiles-linux/blob/master/zsh/plugins/zsh-transient-prompt.zsh
после выполнения команд в котором остается только таймстемп, который можно по красоте пихать в отчеты 🤓
🔗 https://github.com/snovvcrash/dotfiles-linux/blob/master/zsh/plugins/zsh-transient-prompt.zsh
👍11🔥4😁2