😈 [ assume_breach @assume_breach ]
Getting a beacon from the DC using a raw Havoc shellcode file from a network shared folder. Tool is in my repo.
🔗 https://github.com/assume-breach/Home-Grown-Red-Team.git
🐥 [ tweet ]
Getting a beacon from the DC using a raw Havoc shellcode file from a network shared folder. Tool is in my repo.
🔗 https://github.com/assume-breach/Home-Grown-Red-Team.git
🐥 [ tweet ]
👍5
😈 [ Panagiotis Chartas @t3l3machus ]
For your #redteam enumeration and brute forcing needs, use babelstrike to transliterate and generate usernames from full names in various non-English languages (common issue from scraped employee data) 🌐 Currently, it covers Greek, Hindi, Spanish, French, Polish, and Hungarian:
🔗 https://github.com/t3l3machus/BabelStrike
Combine it with #psudohash, a password list generator that imitates password creation patterns commonly used by humans, like substituting a word's letters with symbols or numbers (leet), using char-case variations, adding a common padding before or after the main passphrase and more:
🔗 https://github.com/t3l3machus/psudohash
🐥 [ tweet ]
For your #redteam enumeration and brute forcing needs, use babelstrike to transliterate and generate usernames from full names in various non-English languages (common issue from scraped employee data) 🌐 Currently, it covers Greek, Hindi, Spanish, French, Polish, and Hungarian:
🔗 https://github.com/t3l3machus/BabelStrike
Combine it with #psudohash, a password list generator that imitates password creation patterns commonly used by humans, like substituting a word's letters with symbols or numbers (leet), using char-case variations, adding a common padding before or after the main passphrase and more:
🔗 https://github.com/t3l3machus/psudohash
🐥 [ tweet ]
😈 [ SkelSec @SkelSec ]
Due to a gentle nudge from @michael_eder_ I have uploaded my pysnaffler project to Github and to pyp.
(did you know that you can sponsor me on github?)
Anyways, enjoy!
🔗 https://github.com/skelsec/pysnaffler
🐥 [ tweet ]
Due to a gentle nudge from @michael_eder_ I have uploaded my pysnaffler project to Github and to pyp.
(did you know that you can sponsor me on github?)
Anyways, enjoy!
🔗 https://github.com/skelsec/pysnaffler
🐥 [ tweet ]
😈 [ Diego Capriotti @naksyn ]
Here's Process Stomping injection and how you can use it in a Mockingjay-ish way to load a Beacon on a exe's RWX section using sRDI. Check it out!
Blog:
🔗 https://www.naksyn.com/edr%20evasion/2023/11/18/mockingjay-revisited-process-stomping-srdi-beacon.html
Tool:
🔗 https://github.com/naksyn/ProcessStomping
Thanks to @hasherezade and @monoxgas for their awesome work
🐥 [ tweet ]
Here's Process Stomping injection and how you can use it in a Mockingjay-ish way to load a Beacon on a exe's RWX section using sRDI. Check it out!
Blog:
🔗 https://www.naksyn.com/edr%20evasion/2023/11/18/mockingjay-revisited-process-stomping-srdi-beacon.html
Tool:
🔗 https://github.com/naksyn/ProcessStomping
Thanks to @hasherezade and @monoxgas for their awesome work
🐥 [ tweet ]
🔥3
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ Arris Huijgen @bitsadmin ]
#LOFLCAB highlight: Ssms.exe
Using SQL Server Management Studio with Kerberos authentication to obtain command execution on the SQL server using the xp_cmdshell stored procedure.
Details:
🔗 https://lofl-project.github.io/loflcab/Binaries/Ssms/
Full quality video:
🔗 https://blog.bitsadmin.com/living-off-the-foreign-land-windows-as-offensive-platform-part-3#sql-server
🐥 [ tweet ][ quote ]
#LOFLCAB highlight: Ssms.exe
Using SQL Server Management Studio with Kerberos authentication to obtain command execution on the SQL server using the xp_cmdshell stored procedure.
Details:
🔗 https://lofl-project.github.io/loflcab/Binaries/Ssms/
Full quality video:
🔗 https://blog.bitsadmin.com/living-off-the-foreign-land-windows-as-offensive-platform-part-3#sql-server
🐥 [ tweet ][ quote ]
🔥3
😈 [ Adam Svoboda @adamsvoboda ]
Ever find yourself on an endpoint with SentinelOne and have Local Admin? Just ask SentinelAgent.exe nicely, and it will dump a process for you, including itself!
It bombs out on LSASS, but most other processes work.
🔗 https://gist.github.com/adamsvoboda/8e248c6b7fb812af5d04daba141c867e
Unable to dump LSASS using the previous noscript? No problem, just ask S1 for a Live Kernel Dump instead! You can open this in windbg (and use mimilib.dll) and go from there.
🔗 https://gist.github.com/adamsvoboda/8f29e09d74b73e1dec3f9049c4358e80
🐥 [ tweet ][ quote ]
Ever find yourself on an endpoint with SentinelOne and have Local Admin? Just ask SentinelAgent.exe nicely, and it will dump a process for you, including itself!
It bombs out on LSASS, but most other processes work.
🔗 https://gist.github.com/adamsvoboda/8e248c6b7fb812af5d04daba141c867e
Unable to dump LSASS using the previous noscript? No problem, just ask S1 for a Live Kernel Dump instead! You can open this in windbg (and use mimilib.dll) and go from there.
🔗 https://gist.github.com/adamsvoboda/8f29e09d74b73e1dec3f9049c4358e80
🐥 [ tweet ][ quote ]
😁4
Offensive Xwitter
😈 [ Adam Svoboda @adamsvoboda ] Ever find yourself on an endpoint with SentinelOne and have Local Admin? Just ask SentinelAgent.exe nicely, and it will dump a process for you, including itself! It bombs out on LSASS, but most other processes work. 🔗 ht…
😈 [ D4rthMaulCop @D4rthMaulCop ]
@adamsvoboda Awesome! I wrote a quick C# port too!
🔗 https://github.com/D4rthMaulCop/DumpKernel-S1
🐥 [ tweet ]
@adamsvoboda Awesome! I wrote a quick C# port too!
🔗 https://github.com/D4rthMaulCop/DumpKernel-S1
🐥 [ tweet ]
👍3
😈 [ HackerRalf @hacker_ralf ]
Everyone takes a lot from the community... it's time to give something back yourself.
Kerbeus - BOF implementation of Rubeus (not all).
🔗 https://github.com/RalfHacker/Kerbeus-BOF
P. S. PM me about all bugs
#redteam #kerberos #havoc #cobaltstrike #bof
🐥 [ tweet ]
Everyone takes a lot from the community... it's time to give something back yourself.
Kerbeus - BOF implementation of Rubeus (not all).
🔗 https://github.com/RalfHacker/Kerbeus-BOF
P. S. PM me about all bugs
#redteam #kerberos #havoc #cobaltstrike #bof
🐥 [ tweet ]
👍10
😈 [ hermit @ackmage ]
hi, check out this tool for easy Linux kernel building and debugging - easylkb
worked on it together with @netspooky! 💕
writeup:
🔗 http://tmpout.sh/3/20.html
repo:
🔗 http://github.com/deepseagirl/easylkb
🐥 [ tweet ]
hi, check out this tool for easy Linux kernel building and debugging - easylkb
worked on it together with @netspooky! 💕
writeup:
🔗 http://tmpout.sh/3/20.html
repo:
🔗 http://github.com/deepseagirl/easylkb
🐥 [ tweet ]
👍4
😈 [ Synacktiv @Synacktiv ]
Unlock the Global Admin access 🏆 on Azure with this pentesting mindmap made by @alexisdanizan!
🔗 https://github.com/synacktiv/Mindmaps
🐥 [ tweet ]
Unlock the Global Admin access 🏆 on Azure with this pentesting mindmap made by @alexisdanizan!
🔗 https://github.com/synacktiv/Mindmaps
🐥 [ tweet ]
🔥1
😈 [ OtterHacker @OtterHacker ]
Finally 🤩 I got a PIC code for my #beacon! It was a really nice journey and a lot of things have been learnt on the way. If you want to try it too, I found this blog by @winternl_t really interesting:
🔗 https://winternl.com/shellcodestdio/
And as usual, the @C5pider #Havoc ❤️
🐥 [ tweet ]
Finally 🤩 I got a PIC code for my #beacon! It was a really nice journey and a lot of things have been learnt on the way. If you want to try it too, I found this blog by @winternl_t really interesting:
🔗 https://winternl.com/shellcodestdio/
And as usual, the @C5pider #Havoc ❤️
🐥 [ tweet ]
🔥2
😈 [ soka @pentest_soka ]
I just released a blogpost where I describe how two open source tools can be easily converted to Reflective DLL to be loaded in memory with Cobalt Strike.
This post comes along with which exists thanks to @Prepouce_ work
🔗 https://sokarepo.github.io/redteam/2023/10/11/create-reflective-dll-for-cobaltstrike.html
🔗 https://github.com/sokaRepo/CoercedPotatoRDLL
🐥 [ tweet ]
I just released a blogpost where I describe how two open source tools can be easily converted to Reflective DLL to be loaded in memory with Cobalt Strike.
This post comes along with which exists thanks to @Prepouce_ work
🔗 https://sokarepo.github.io/redteam/2023/10/11/create-reflective-dll-for-cobaltstrike.html
🔗 https://github.com/sokaRepo/CoercedPotatoRDLL
🐥 [ tweet ]
🔥3
😈 [ SAINTCON @SAINTCON ]
Lee Christensen, Will Schroeder, and Maxwell Harley - Fighting Data With Data
Detailing the various red team challenges regarding data, leading into how this influenced Nemesis’ architectural decisions and design.
🔗 https://youtu.be/0q9u2hDcpIo
🐥 [ tweet ]
Lee Christensen, Will Schroeder, and Maxwell Harley - Fighting Data With Data
Detailing the various red team challenges regarding data, leading into how this influenced Nemesis’ architectural decisions and design.
🔗 https://youtu.be/0q9u2hDcpIo
🐥 [ tweet ]
🔥1
Offensive Xwitter
😈 [ Antonio Cocomazzi @splinter_code ] Do you want to start the RemoteRegistry service without Admin privileges? Just write into the "winreg" named pipe 👆 🐥 [ tweet ]
😈 [ an0n @an0n_r0 ]
just found that SharpHound used this RemoteRegistry trigger already earlier for session enumeration, like nmap smb-enum-sessions noscript and Sysinternals PsLoggedOn also. here is a nice summary about it from Sven Defatsch (@compasssecurity) in 2022:
🔗 https://blog.compass-security.com/2022/05/bloodhound-inner-workings-part-3/
🐥 [ tweet ][ quote ]
just found that SharpHound used this RemoteRegistry trigger already earlier for session enumeration, like nmap smb-enum-sessions noscript and Sysinternals PsLoggedOn also. here is a nice summary about it from Sven Defatsch (@compasssecurity) in 2022:
🔗 https://blog.compass-security.com/2022/05/bloodhound-inner-workings-part-3/
🐥 [ tweet ][ quote ]
👍1🔥1
Forwarded from vx-underground
Media is too big
VIEW IN TELEGRAM
Some nerd on Twitter named Bjorn Staal is programming out of his mind.
11/10. Solid programming skills (designed to demonstrate quantum entanglement)
11/10. Solid programming skills (designed to demonstrate quantum entanglement)
🤯9👍1🔥1