😈 [ уυηg ՏΝАΤ @yunginnanet ]

this was meant to be a simple debugging tool, but ended up being a full barebones, concurrent RFC1928 (SOCKS5) server. unnecessarily fast, very simple.

gophers that are interested in learning SOCKS5 protocol may find this useful (hopefully someone does)

🔗 https://gist.github.com/yunginnanet/c84f831a4ac39eada5609ce0319f8d54

🐥 [ tweet ]

😈 [ 5pider @C5pider ]

LdrLibraryEx.
A small x64 library to load PEs into memory.

🔗 https://github.com/Cracked5pider/LdrLibraryEx

🐥 [ tweet ]

😈 [ Charlie Clark @exploitph ]

Finally updated my RitM tool with the DES TGT session roasting code if anyone is interested.

Reminder, this isn't intended to be attack-ready code!

The attack is described in detail in my DES post (currently pinned to my profile).

🔗 https://github.com/0xe7/RoastInTheMiddle/pull/1

🐥 [ tweet ]

спасибо @Michaelzhm, что пнул 😅

😈 [ S4ntiagoP @s4ntiago_p ]

🔥 New blogpost 🔥
Running PEs inline without a console.
You now can, for example, run PowerShell in CobaltStrike and obtain its output without spawning any process (including conhost.exe)

🔗 https://www.coresecurity.com/core-labs/articles/running-pes-inline-without-console

🐥 [ tweet ]

😈 [ S3cur3Th1sSh1t @ShitSecure ]

Today I needed to decrypt Veeam stored credentials. As existing toolings failed and/or manual decryption for a lot of passwords was too much effort I wrote a small assembly to do the whole job:

🔗 https://github.com/S3cur3Th1sSh1t/SharpVeeamDecryptor

🐥 [ tweet ]

😈 [ Rémi GASCOU (Podalirius) @podalirius_ ]

In my latest article, discover the depth of the msDS-KeyCredentialLink attribute used in ShadowCredentials attacks and how to parse it. Plus, discover a Python library, pydsinternals, that simplifies the parsing process.

Check it out ⤵️

🔗 https://podalirius.net/en/articles/parsing-the-msds-keycredentiallink-value-for-shadowcredentials-attack/

🐥 [ tweet ]

😈 [ Matt Creel @Tw1sm ]

New post 👇

Taking a look at compromising Slack access on both Windows and macOS. New BOF included!

🔗 https://posts.specterops.io/abusing-slack-for-offensive-operations-part-2-19fef38cc967

🐥 [ tweet ]

😈 [ an0n @an0n_r0 ]

super useful, thanks ;) actually, the best manual post-exploitation decryption howto is provided by Veeam itself: :)

🔗 https://www.veeam.com/kb4349

🐥 [ tweet ]

😈 [ Nick VanGilder @nickvangilder ]

Red teamers: Early on in my offensive security career, I relied heavily on popular C2 frameworks like Metasploit, PowerShell Empire, Cobalt Strike, etc. during my engagements. I’m sure this is probably fairly common for many of us in this space. However, somewhere along the way, it began to bother me that I didn’t really understand how C2 frameworks worked “under the hood”. So, I set out to address that. For better or worse, I decided that the solution to the problem was to write my own (very basic) C2 framework. I didn’t do this because I felt that the community needed yet another C2 framework (it doesn’t, and it definitely doesn’t need mine). I did it so that I could better understand key, foundational C2 concepts and improve my own personal red team tradecraft. The process of designing and coding a simple C2 framework actually helped me more than I had planned, and I wish I had done it sooner.

Takeaway: if you are in the offensive security space and using OSTs created by others, I would highly encourage you to carve out time to learn how these tools work under the hood. I can promise you that you will learn a lot by doing this.

If you want to check out my C2 framework or use it has a starting point for developing your own, please feel free. You can find the "Most Average C2 Ever" on GitHub, here:

🔗 https://github.com/nickvangilder/most-average-c2-ever

If I can do it, you can do it. (And yes, I'm a terrible coder, but it works!)

🐥 [ tweet ]

не понял тред: чела решили забулить, потому что он поделился опытом создания базового ратника + выложил код... ну ок 😐

Генератор тестилки шеллкодов, как shcode2exe, только на баше 👇🏻

#!/usr/bin/env bash

# Usage:
#   bin2compile.sh {32|64} <INPUT_BIN> [OUTPUT_EXE]
# Examples:
#   msfvenom -p windows/x64/exec CMD=calc.exe -f raw -o calc.bin
#   bin2compile.sh 64 calc.bin calc.exe

ARCH="${1}"
SC_PATH=`realpath "${2}"`
SC_NAME=`basename "${SC_PATH}"`
SC_NAME="${SC_NAME%.*}"
[[ "${#}" -gt 2 ]] && EXE_NAME="${3}" || EXE_NAME="${SC_NAME}.exe"

cat << EOT > "/tmp/${SC_NAME}.asm"
    global _start
    section .text
_start:
    incbin "${SC_PATH}"
EOT

if [[ "${ARCH}" == "32" ]]; then
    NASM_ARCH="win32"
    LD_ARCH="i386pe"
elif [[ "${ARCH}" == "64" ]]; then
    NASM_ARCH="win64"
    LD_ARCH="i386pep"
fi

echo "[*] Compile time: `date`"
echo "[*] Compiling x${ARCH}"

nasm -f "${NASM_ARCH}" -o "/tmp/${SC_NAME}.obj" "/tmp/${SC_NAME}.asm"
ld -m "${LD_ARCH}" -o "${EXE_NAME}" "/tmp/${SC_NAME}.obj"

if [[ "$?" -ne 1 ]]; then
    echo "[+] Success"
    echo "[+] Output size: `stat -c %s ${EXE_NAME} | numfmt --to=iec`"
else
    echo "[-] Failed"
fi

rm -f /tmp/${SC_NAME}.{asm,obj}