😈 [ Antonio Cocomazzi @splinter_code ]
Do you want to start the RemoteRegistry service without Admin privileges?
Just write into the "winreg" named pipe 👆
🐥 [ tweet ]
Do you want to start the RemoteRegistry service without Admin privileges?
Just write into the "winreg" named pipe 👆
🐥 [ tweet ]
🤯13😁1
😈 [ Tony Gore @nullg0re ]
Dcsync without triggering traditional alerts?
🔗 https://nullg0re.com/2023/09/hijacking-someone-else-dcsync/
🐥 [ tweet ]
Dcsync without triggering traditional alerts?
🔗 https://nullg0re.com/2023/09/hijacking-someone-else-dcsync/
🐥 [ tweet ]
Offensive Xwitter
😈 [ Andrew @4ndr3w6S ] Happy to finally share our slide deck/demo videos from our @texascyber talk, “You DISliked DCSync? Wait For NetSync!” Thank you x3000 to @MindsEyeCCF, for help with the fantastic slides, & my co-presenter/friend/mentor/research partner…
You_Disliked_DCSync_Wait_For_NetSync_Texas_Cyber_Summit_2023_Charlie.pdf
31.6 MB
🔥3
😈 [ Kleiton Kurti @kleiton0x7e ]
Spent some time reversing undocumented Syscalls residing in Kernel32/Ntdll and created a PoC for proxying DLL loads. This leads to a clean call stack as the return address pointing to shellcode won't be pushed to stack.
#CyberSecurity #redteam #infosec
🔗 https://github.com/kleiton0x00/Proxy-DLL-Loads
🐥 [ tweet ]
Spent some time reversing undocumented Syscalls residing in Kernel32/Ntdll and created a PoC for proxying DLL loads. This leads to a clean call stack as the return address pointing to shellcode won't be pushed to stack.
#CyberSecurity #redteam #infosec
🔗 https://github.com/kleiton0x00/Proxy-DLL-Loads
🐥 [ tweet ]
👍4🔥1
😈 [ spencer @techspence ]
A .net port of @ZeroMemoryEx AMSI Killer with an added feature to continuously patch new powershell processes by @S1lky_1337
🔗 https://github.com/S1lkys/SharpKiller
🔗 https://github.com/ZeroMemoryEx/Amsi-Killer
🐥 [ tweet ]
A .net port of @ZeroMemoryEx AMSI Killer with an added feature to continuously patch new powershell processes by @S1lky_1337
🔗 https://github.com/S1lkys/SharpKiller
🔗 https://github.com/ZeroMemoryEx/Amsi-Killer
🐥 [ tweet ]
🔥4
😈 [ N1k0la @webdxg ]
Exchange Server CVE-2023-36745
Standing on the Shoulder of Giants @chudyPB
🔗 https://n1k0la-t.github.io/2023/10/24/Microsoft-Exchange-Server-CVE-2023-36745/
🐥 [ tweet ]
Exchange Server CVE-2023-36745
Standing on the Shoulder of Giants @chudyPB
🔗 https://n1k0la-t.github.io/2023/10/24/Microsoft-Exchange-Server-CVE-2023-36745/
🐥 [ tweet ]
🔥4
😈 [ Mayfly @M4yFly ]
A new Lab 🏰 is available on GOAD: NHA.
This time it is a challenge, 5 vms, you start with no account and try to get domain admin on the two domains.
Have fun !
🔗 https://github.com/Orange-Cyberdefense/GOAD/tree/main/ad/NHA
🐥 [ tweet ]
A new Lab 🏰 is available on GOAD: NHA.
This time it is a challenge, 5 vms, you start with no account and try to get domain admin on the two domains.
Have fun !
🔗 https://github.com/Orange-Cyberdefense/GOAD/tree/main/ad/NHA
🐥 [ tweet ]
🔥5
😈 [ Garrett @garrfoster ]
Pushed an update to SCCMHunter to include @SkelSec's python unobfuscator for @_xpn_'s sccmwtf NAA attack. Shout out to you both for the awesome work!
🔗 https://github.com/garrettfoster13/sccmhunter
🔗 https://github.com/xpn/sccmwtf/blob/main/policysecretunobfuscate.py
🐥 [ tweet ]
Pushed an update to SCCMHunter to include @SkelSec's python unobfuscator for @_xpn_'s sccmwtf NAA attack. Shout out to you both for the awesome work!
🔗 https://github.com/garrettfoster13/sccmhunter
🔗 https://github.com/xpn/sccmwtf/blob/main/policysecretunobfuscate.py
🐥 [ tweet ]
👍4🔥1
😈 [ Justin Elze @HackingLZ ]
wmiexec is so reliable with so many great detections avaliable. Cortex does a really good job without of the box Impacket as well.
🔗 https://www.crowdstrike.com/blog/how-to-detect-and-prevent-impackets-wmiexec/
🔗 https://micahbabinski.medium.com/brace-for-impacket-5191dff82c74
🐥 [ tweet ]
wmiexec is so reliable with so many great detections avaliable. Cortex does a really good job without of the box Impacket as well.
🔗 https://www.crowdstrike.com/blog/how-to-detect-and-prevent-impackets-wmiexec/
🔗 https://micahbabinski.medium.com/brace-for-impacket-5191dff82c74
🐥 [ tweet ]
🔥3
🔥3👍1
😈 [ Chris Au @netero_1010 ]
Made a tool to create/modify schedule task using just registry keys. It has some requirements (require SYSTEM) but the beauty of it is it wont generate schedule task creation event log.
🔗 https://github.com/netero1010/GhostTask
🐥 [ tweet ]
Made a tool to create/modify schedule task using just registry keys. It has some requirements (require SYSTEM) but the beauty of it is it wont generate schedule task creation event log.
🔗 https://github.com/netero1010/GhostTask
🐥 [ tweet ]
🔥4👍2🥱1
😈 [ Fabian @testert01 ]
[Blogpost] EvtPsst a small EventLog Process Mute tool without OpenProcess call to the EventLog process.
This blog shows how to elevate a SYNCHRONIZE handle to a full process handle with a process token of EventLog.
🔗 https://nothingspecialforu.github.io/EvtPsstBlog/
🐥 [ tweet ]
[Blogpost] EvtPsst a small EventLog Process Mute tool without OpenProcess call to the EventLog process.
This blog shows how to elevate a SYNCHRONIZE handle to a full process handle with a process token of EventLog.
🔗 https://nothingspecialforu.github.io/EvtPsstBlog/
🐥 [ tweet ]
🔥3👍2
😈 [ Corben Leo @hacker_ ]
I've made $500k+ from #SSRF vulnerabilities.
Here are my tricks:
🔗 https://threadreaderapp.com/thread/1694554700555981176.html
🐥 [ tweet ]
I've made $500k+ from #SSRF vulnerabilities.
Here are my tricks:
🔗 https://threadreaderapp.com/thread/1694554700555981176.html
🐥 [ tweet ]
👍5
😈 [ Matthew @embee_research ]
Unpacking .NET Malware Using Process Hacker and Dnspy.
An easy method to obtain unpacked .NET samples by leveraging Process Hacker to identify suspicious modules, and Dnspy to save them from memory.
🔗 https://embee-research.ghost.io/unpacking-net-malware-with-process-hacker/
🐥 [ tweet ]
Unpacking .NET Malware Using Process Hacker and Dnspy.
An easy method to obtain unpacked .NET samples by leveraging Process Hacker to identify suspicious modules, and Dnspy to save them from memory.
🔗 https://embee-research.ghost.io/unpacking-net-malware-with-process-hacker/
🐥 [ tweet ]
👍3
😈 [ n00py @n00py1 ]
The craziest BloodHound art I've made yet (password sharing clusters)
🐥 [ tweet ]
плагиат - очевидно же, что это Волосатый бублик
The craziest BloodHound art I've made yet (password sharing clusters)
🐥 [ tweet ]
плагиат - очевидно же, что это Волосатый бублик
🔥6
Offensive Xwitter
😈 [ Elliot @ElliotKillick ] Perfect DLL Hijacking: It's now possible with the latest in security research. Building on previous insights from @NetSPI, we reverse engineer the Windows library loader to disable the infamous Loader Lock and achieve ShellExecute…
😈 [ Elliot @ElliotKillick ]
The full and open source code used in "Perfect DLL Hijacking" has now been released on GitHub: LdrLockLiberator
🔗 https://github.com/ElliotKillick/LdrLockLiberator
🐥 [ tweet ]
The full and open source code used in "Perfect DLL Hijacking" has now been released on GitHub: LdrLockLiberator
🔗 https://github.com/ElliotKillick/LdrLockLiberator
🐥 [ tweet ]
🔥2