😈 [ Mayfly @M4yFly ]
A new Lab 🏰 is available on GOAD: NHA.
This time it is a challenge, 5 vms, you start with no account and try to get domain admin on the two domains.
Have fun !
🔗 https://github.com/Orange-Cyberdefense/GOAD/tree/main/ad/NHA
🐥 [ tweet ]
A new Lab 🏰 is available on GOAD: NHA.
This time it is a challenge, 5 vms, you start with no account and try to get domain admin on the two domains.
Have fun !
🔗 https://github.com/Orange-Cyberdefense/GOAD/tree/main/ad/NHA
🐥 [ tweet ]
🔥5
😈 [ Garrett @garrfoster ]
Pushed an update to SCCMHunter to include @SkelSec's python unobfuscator for @_xpn_'s sccmwtf NAA attack. Shout out to you both for the awesome work!
🔗 https://github.com/garrettfoster13/sccmhunter
🔗 https://github.com/xpn/sccmwtf/blob/main/policysecretunobfuscate.py
🐥 [ tweet ]
Pushed an update to SCCMHunter to include @SkelSec's python unobfuscator for @_xpn_'s sccmwtf NAA attack. Shout out to you both for the awesome work!
🔗 https://github.com/garrettfoster13/sccmhunter
🔗 https://github.com/xpn/sccmwtf/blob/main/policysecretunobfuscate.py
🐥 [ tweet ]
👍4🔥1
😈 [ Justin Elze @HackingLZ ]
wmiexec is so reliable with so many great detections avaliable. Cortex does a really good job without of the box Impacket as well.
🔗 https://www.crowdstrike.com/blog/how-to-detect-and-prevent-impackets-wmiexec/
🔗 https://micahbabinski.medium.com/brace-for-impacket-5191dff82c74
🐥 [ tweet ]
wmiexec is so reliable with so many great detections avaliable. Cortex does a really good job without of the box Impacket as well.
🔗 https://www.crowdstrike.com/blog/how-to-detect-and-prevent-impackets-wmiexec/
🔗 https://micahbabinski.medium.com/brace-for-impacket-5191dff82c74
🐥 [ tweet ]
🔥3
🔥3👍1
😈 [ Chris Au @netero_1010 ]
Made a tool to create/modify schedule task using just registry keys. It has some requirements (require SYSTEM) but the beauty of it is it wont generate schedule task creation event log.
🔗 https://github.com/netero1010/GhostTask
🐥 [ tweet ]
Made a tool to create/modify schedule task using just registry keys. It has some requirements (require SYSTEM) but the beauty of it is it wont generate schedule task creation event log.
🔗 https://github.com/netero1010/GhostTask
🐥 [ tweet ]
🔥4👍2🥱1
😈 [ Fabian @testert01 ]
[Blogpost] EvtPsst a small EventLog Process Mute tool without OpenProcess call to the EventLog process.
This blog shows how to elevate a SYNCHRONIZE handle to a full process handle with a process token of EventLog.
🔗 https://nothingspecialforu.github.io/EvtPsstBlog/
🐥 [ tweet ]
[Blogpost] EvtPsst a small EventLog Process Mute tool without OpenProcess call to the EventLog process.
This blog shows how to elevate a SYNCHRONIZE handle to a full process handle with a process token of EventLog.
🔗 https://nothingspecialforu.github.io/EvtPsstBlog/
🐥 [ tweet ]
🔥3👍2
😈 [ Corben Leo @hacker_ ]
I've made $500k+ from #SSRF vulnerabilities.
Here are my tricks:
🔗 https://threadreaderapp.com/thread/1694554700555981176.html
🐥 [ tweet ]
I've made $500k+ from #SSRF vulnerabilities.
Here are my tricks:
🔗 https://threadreaderapp.com/thread/1694554700555981176.html
🐥 [ tweet ]
👍5
😈 [ Matthew @embee_research ]
Unpacking .NET Malware Using Process Hacker and Dnspy.
An easy method to obtain unpacked .NET samples by leveraging Process Hacker to identify suspicious modules, and Dnspy to save them from memory.
🔗 https://embee-research.ghost.io/unpacking-net-malware-with-process-hacker/
🐥 [ tweet ]
Unpacking .NET Malware Using Process Hacker and Dnspy.
An easy method to obtain unpacked .NET samples by leveraging Process Hacker to identify suspicious modules, and Dnspy to save them from memory.
🔗 https://embee-research.ghost.io/unpacking-net-malware-with-process-hacker/
🐥 [ tweet ]
👍3
😈 [ n00py @n00py1 ]
The craziest BloodHound art I've made yet (password sharing clusters)
🐥 [ tweet ]
плагиат - очевидно же, что это Волосатый бублик
The craziest BloodHound art I've made yet (password sharing clusters)
🐥 [ tweet ]
плагиат - очевидно же, что это Волосатый бублик
🔥6
Offensive Xwitter
😈 [ Elliot @ElliotKillick ] Perfect DLL Hijacking: It's now possible with the latest in security research. Building on previous insights from @NetSPI, we reverse engineer the Windows library loader to disable the infamous Loader Lock and achieve ShellExecute…
😈 [ Elliot @ElliotKillick ]
The full and open source code used in "Perfect DLL Hijacking" has now been released on GitHub: LdrLockLiberator
🔗 https://github.com/ElliotKillick/LdrLockLiberator
🐥 [ tweet ]
The full and open source code used in "Perfect DLL Hijacking" has now been released on GitHub: LdrLockLiberator
🔗 https://github.com/ElliotKillick/LdrLockLiberator
🐥 [ tweet ]
🔥2
😈 [ Almond OffSec @AlmondOffSec ]
Understanding the different types of LDAP authentication methods is fundamental to apprehend subjects such as relay attacks or countermeasures. This post by @lowercase_drm introduces them through the lens of Python libraries.
🔗 https://offsec.almond.consulting/ldap-authentication-in-active-directory-environments.html
🐥 [ tweet ]
Understanding the different types of LDAP authentication methods is fundamental to apprehend subjects such as relay attacks or countermeasures. This post by @lowercase_drm introduces them through the lens of Python libraries.
🔗 https://offsec.almond.consulting/ldap-authentication-in-active-directory-environments.html
🐥 [ tweet ]
🔥2
😈 [ sinusoid @the_bit_diddler ]
Ever wanted to create Defender exclusions non-interactively?
Support for local and remote systems? ✔️
Ability to revert said changes? ✔️
Support processes, paths, and extensions? ✔️
BOF? ✔️
C# ✔️
Code is public:
🔗 https://github.com/EspressoCake/DefenderPathExclusions
🔗 https://github.com/EspressoCake/Defender-Exclusions-Creator-BOF
🐥 [ tweet ]
Ever wanted to create Defender exclusions non-interactively?
Support for local and remote systems? ✔️
Ability to revert said changes? ✔️
Support processes, paths, and extensions? ✔️
BOF? ✔️
C# ✔️
Code is public:
🔗 https://github.com/EspressoCake/DefenderPathExclusions
🔗 https://github.com/EspressoCake/Defender-Exclusions-Creator-BOF
🐥 [ tweet ]
🔥6
😈 [ Craig Rowland - Agentless Linux Security @CraigHRowland ]
Daily Linux whoami:
🐥 [ tweet ]
Daily Linux whoami:
$(echo -e "\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x77\x68\x6f\x61\x6d\x69")
🐥 [ tweet ]
😁5🔥1
Offensive Xwitter
😈 [ Antonio Cocomazzi @splinter_code ] Do you want to start the RemoteRegistry service without Admin privileges? Just write into the "winreg" named pipe 👆 🐥 [ tweet ]
😈 [ Geiseric @Geiseric4 ]
Following @splinter_code idea, you can also start RemoteRegistry remotely. This way you can check on which server DAs are connected, in case you want dump their creds. This noscript could help:
It works from low privileged user 😉
🔗 https://gist.github.com/GeisericII/6849bc86620c7a764d88502df5187bd0
🐥 [ tweet ]
Following @splinter_code idea, you can also start RemoteRegistry remotely. This way you can check on which server DAs are connected, in case you want dump their creds. This noscript could help:
It works from low privileged user 😉
🔗 https://gist.github.com/GeisericII/6849bc86620c7a764d88502df5187bd0
🐥 [ tweet ]
🔥4
😈 [ Thomas Seigneuret @_zblurx ]
New feature in #NetExec : S4U2Self and S4U2Proxy support and automation with --delegate and --self
It allows you to abuse KCD with protocol transition and RBCD automatically in NetExec, and use directly all the postex functionalities 🔥
For example with RBCD 👆🏻
🐥 [ tweet ]
New feature in #NetExec : S4U2Self and S4U2Proxy support and automation with --delegate and --self
It allows you to abuse KCD with protocol transition and RBCD automatically in NetExec, and use directly all the postex functionalities 🔥
For example with RBCD 👆🏻
🐥 [ tweet ]
🔥8👍1
😈 [ Antonio Cocomazzi @splinter_code ]
The slides of our joint research talk “10 Years of Windows Privilege Escalation with Potatoes” at #POC2023 are out!
cc @decoder_it
🔗 https://github.com/antonioCoco/infosec-talks/blob/main/10_years_of_Windows_Privilege_Escalation_with_Potatoes.pdf
🐥 [ tweet ]
The slides of our joint research talk “10 Years of Windows Privilege Escalation with Potatoes” at #POC2023 are out!
cc @decoder_it
🔗 https://github.com/antonioCoco/infosec-talks/blob/main/10_years_of_Windows_Privilege_Escalation_with_Potatoes.pdf
🐥 [ tweet ]
🔥7
Offensive Xwitter
😈 [ Antonio Cocomazzi @splinter_code ] The slides of our joint research talk “10 Years of Windows Privilege Escalation with Potatoes” at #POC2023 are out! cc @decoder_it 🔗 https://github.com/antonioCoco/infosec-talks/blob/main/10_years_of_Windows_Priv…
10_years_of_Windows_Privilege_Escalation_with_Potatoes.pdf
1.6 MB
🔥4
😈 [ уυηg ՏΝАΤ @yunginnanet ]
this was meant to be a simple debugging tool, but ended up being a full barebones, concurrent RFC1928 (SOCKS5) server. unnecessarily fast, very simple.
gophers that are interested in learning SOCKS5 protocol may find this useful (hopefully someone does)
🔗 https://gist.github.com/yunginnanet/c84f831a4ac39eada5609ce0319f8d54
🐥 [ tweet ]
this was meant to be a simple debugging tool, but ended up being a full barebones, concurrent RFC1928 (SOCKS5) server. unnecessarily fast, very simple.
gophers that are interested in learning SOCKS5 protocol may find this useful (hopefully someone does)
🔗 https://gist.github.com/yunginnanet/c84f831a4ac39eada5609ce0319f8d54
🐥 [ tweet ]
🔥6