This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ Arris Huijgen @bitsadmin ]
#LOFLCAB highlight: Ssms.exe
Using SQL Server Management Studio with Kerberos authentication to obtain command execution on the SQL server using the xp_cmdshell stored procedure.
Details:
🔗 https://lofl-project.github.io/loflcab/Binaries/Ssms/
Full quality video:
🔗 https://blog.bitsadmin.com/living-off-the-foreign-land-windows-as-offensive-platform-part-3#sql-server
🐥 [ tweet ][ quote ]
#LOFLCAB highlight: Ssms.exe
Using SQL Server Management Studio with Kerberos authentication to obtain command execution on the SQL server using the xp_cmdshell stored procedure.
Details:
🔗 https://lofl-project.github.io/loflcab/Binaries/Ssms/
Full quality video:
🔗 https://blog.bitsadmin.com/living-off-the-foreign-land-windows-as-offensive-platform-part-3#sql-server
🐥 [ tweet ][ quote ]
🔥3
😈 [ Adam Svoboda @adamsvoboda ]
Ever find yourself on an endpoint with SentinelOne and have Local Admin? Just ask SentinelAgent.exe nicely, and it will dump a process for you, including itself!
It bombs out on LSASS, but most other processes work.
🔗 https://gist.github.com/adamsvoboda/8e248c6b7fb812af5d04daba141c867e
Unable to dump LSASS using the previous noscript? No problem, just ask S1 for a Live Kernel Dump instead! You can open this in windbg (and use mimilib.dll) and go from there.
🔗 https://gist.github.com/adamsvoboda/8f29e09d74b73e1dec3f9049c4358e80
🐥 [ tweet ][ quote ]
Ever find yourself on an endpoint with SentinelOne and have Local Admin? Just ask SentinelAgent.exe nicely, and it will dump a process for you, including itself!
It bombs out on LSASS, but most other processes work.
🔗 https://gist.github.com/adamsvoboda/8e248c6b7fb812af5d04daba141c867e
Unable to dump LSASS using the previous noscript? No problem, just ask S1 for a Live Kernel Dump instead! You can open this in windbg (and use mimilib.dll) and go from there.
🔗 https://gist.github.com/adamsvoboda/8f29e09d74b73e1dec3f9049c4358e80
🐥 [ tweet ][ quote ]
😁4
Offensive Xwitter
😈 [ Adam Svoboda @adamsvoboda ] Ever find yourself on an endpoint with SentinelOne and have Local Admin? Just ask SentinelAgent.exe nicely, and it will dump a process for you, including itself! It bombs out on LSASS, but most other processes work. 🔗 ht…
😈 [ D4rthMaulCop @D4rthMaulCop ]
@adamsvoboda Awesome! I wrote a quick C# port too!
🔗 https://github.com/D4rthMaulCop/DumpKernel-S1
🐥 [ tweet ]
@adamsvoboda Awesome! I wrote a quick C# port too!
🔗 https://github.com/D4rthMaulCop/DumpKernel-S1
🐥 [ tweet ]
👍3
😈 [ HackerRalf @hacker_ralf ]
Everyone takes a lot from the community... it's time to give something back yourself.
Kerbeus - BOF implementation of Rubeus (not all).
🔗 https://github.com/RalfHacker/Kerbeus-BOF
P. S. PM me about all bugs
#redteam #kerberos #havoc #cobaltstrike #bof
🐥 [ tweet ]
Everyone takes a lot from the community... it's time to give something back yourself.
Kerbeus - BOF implementation of Rubeus (not all).
🔗 https://github.com/RalfHacker/Kerbeus-BOF
P. S. PM me about all bugs
#redteam #kerberos #havoc #cobaltstrike #bof
🐥 [ tweet ]
👍10
😈 [ hermit @ackmage ]
hi, check out this tool for easy Linux kernel building and debugging - easylkb
worked on it together with @netspooky! 💕
writeup:
🔗 http://tmpout.sh/3/20.html
repo:
🔗 http://github.com/deepseagirl/easylkb
🐥 [ tweet ]
hi, check out this tool for easy Linux kernel building and debugging - easylkb
worked on it together with @netspooky! 💕
writeup:
🔗 http://tmpout.sh/3/20.html
repo:
🔗 http://github.com/deepseagirl/easylkb
🐥 [ tweet ]
👍4
😈 [ Synacktiv @Synacktiv ]
Unlock the Global Admin access 🏆 on Azure with this pentesting mindmap made by @alexisdanizan!
🔗 https://github.com/synacktiv/Mindmaps
🐥 [ tweet ]
Unlock the Global Admin access 🏆 on Azure with this pentesting mindmap made by @alexisdanizan!
🔗 https://github.com/synacktiv/Mindmaps
🐥 [ tweet ]
🔥1
😈 [ OtterHacker @OtterHacker ]
Finally 🤩 I got a PIC code for my #beacon! It was a really nice journey and a lot of things have been learnt on the way. If you want to try it too, I found this blog by @winternl_t really interesting:
🔗 https://winternl.com/shellcodestdio/
And as usual, the @C5pider #Havoc ❤️
🐥 [ tweet ]
Finally 🤩 I got a PIC code for my #beacon! It was a really nice journey and a lot of things have been learnt on the way. If you want to try it too, I found this blog by @winternl_t really interesting:
🔗 https://winternl.com/shellcodestdio/
And as usual, the @C5pider #Havoc ❤️
🐥 [ tweet ]
🔥2
😈 [ soka @pentest_soka ]
I just released a blogpost where I describe how two open source tools can be easily converted to Reflective DLL to be loaded in memory with Cobalt Strike.
This post comes along with which exists thanks to @Prepouce_ work
🔗 https://sokarepo.github.io/redteam/2023/10/11/create-reflective-dll-for-cobaltstrike.html
🔗 https://github.com/sokaRepo/CoercedPotatoRDLL
🐥 [ tweet ]
I just released a blogpost where I describe how two open source tools can be easily converted to Reflective DLL to be loaded in memory with Cobalt Strike.
This post comes along with which exists thanks to @Prepouce_ work
🔗 https://sokarepo.github.io/redteam/2023/10/11/create-reflective-dll-for-cobaltstrike.html
🔗 https://github.com/sokaRepo/CoercedPotatoRDLL
🐥 [ tweet ]
🔥3
😈 [ SAINTCON @SAINTCON ]
Lee Christensen, Will Schroeder, and Maxwell Harley - Fighting Data With Data
Detailing the various red team challenges regarding data, leading into how this influenced Nemesis’ architectural decisions and design.
🔗 https://youtu.be/0q9u2hDcpIo
🐥 [ tweet ]
Lee Christensen, Will Schroeder, and Maxwell Harley - Fighting Data With Data
Detailing the various red team challenges regarding data, leading into how this influenced Nemesis’ architectural decisions and design.
🔗 https://youtu.be/0q9u2hDcpIo
🐥 [ tweet ]
🔥1
Offensive Xwitter
😈 [ Antonio Cocomazzi @splinter_code ] Do you want to start the RemoteRegistry service without Admin privileges? Just write into the "winreg" named pipe 👆 🐥 [ tweet ]
😈 [ an0n @an0n_r0 ]
just found that SharpHound used this RemoteRegistry trigger already earlier for session enumeration, like nmap smb-enum-sessions noscript and Sysinternals PsLoggedOn also. here is a nice summary about it from Sven Defatsch (@compasssecurity) in 2022:
🔗 https://blog.compass-security.com/2022/05/bloodhound-inner-workings-part-3/
🐥 [ tweet ][ quote ]
just found that SharpHound used this RemoteRegistry trigger already earlier for session enumeration, like nmap smb-enum-sessions noscript and Sysinternals PsLoggedOn also. here is a nice summary about it from Sven Defatsch (@compasssecurity) in 2022:
🔗 https://blog.compass-security.com/2022/05/bloodhound-inner-workings-part-3/
🐥 [ tweet ][ quote ]
👍1🔥1
Forwarded from vx-underground
Media is too big
VIEW IN TELEGRAM
Some nerd on Twitter named Bjorn Staal is programming out of his mind.
11/10. Solid programming skills (designed to demonstrate quantum entanglement)
11/10. Solid programming skills (designed to demonstrate quantum entanglement)
🤯9👍1🔥1
vx-underground
Some nerd on Twitter named Bjorn Staal is programming out of his mind. 11/10. Solid programming skills (designed to demonstrate quantum entanglement)
😈 [ 𝕭𝖏ø𝖗𝖓 𝕾𝖙𝖆𝖆𝖑 @_nonfigurativ_ ]
Ok, so a lot of people have been asking me for code/writeup of this so I made a stripped down example (works with an infinite amount of windows) so that you can look at to get the basic gist of it (that's all I have time for now, sorry!).
🔗 https://bgstaal.github.io/multipleWindow3dScene/
🔗 https://github.com/bgstaal/multipleWindow3dScene
🐥 [ tweet ][ quote ]
Ok, so a lot of people have been asking me for code/writeup of this so I made a stripped down example (works with an infinite amount of windows) so that you can look at to get the basic gist of it (that's all I have time for now, sorry!).
🔗 https://bgstaal.github.io/multipleWindow3dScene/
🔗 https://github.com/bgstaal/multipleWindow3dScene
🐥 [ tweet ][ quote ]
👍5
😈 [ Ido Veltzman @Idov31 ]
Weekly Nidhogg update
Driver hiding feature is also finished and live in the dev branch: :)
On the photos you can see the before and after in DriverView (From Nirsoft's tools)
🔗 https://github.com/Idov31/Nidhogg/tree/dev
#infosec #CyberSecurity
🐥 [ tweet ]
Weekly Nidhogg update
Driver hiding feature is also finished and live in the dev branch: :)
On the photos you can see the before and after in DriverView (From Nirsoft's tools)
🔗 https://github.com/Idov31/Nidhogg/tree/dev
#infosec #CyberSecurity
🐥 [ tweet ]
👍4
😈 [ WHOAMI @wh0amitz ]
To audit the security of read-only domain controllers, I created the SharpRODC project, a simple .NET tool for RODC-related misconfigurations.
🔗 https://github.com/wh0amitz/SharpRODC
#infosec #redteam #cybersecurity #pentesting
🐥 [ tweet ]
To audit the security of read-only domain controllers, I created the SharpRODC project, a simple .NET tool for RODC-related misconfigurations.
🔗 https://github.com/wh0amitz/SharpRODC
#infosec #redteam #cybersecurity #pentesting
🐥 [ tweet ]
🔥3
😈 [ OtterHacker @OtterHacker ]
Majority of custom #GetProcAddress I found didn't handle well forwarded export, here is a snippet for #GetProcAddress and #GetModuleHandle that handle this edge case !
Feel free to use it !
🔗 https://gist.github.com/OtterHacker/8abaf54694ef27b9e3d38dfe57f13bd3
🐥 [ tweet ]
Majority of custom #GetProcAddress I found didn't handle well forwarded export, here is a snippet for #GetProcAddress and #GetModuleHandle that handle this edge case !
Feel free to use it !
🔗 https://gist.github.com/OtterHacker/8abaf54694ef27b9e3d38dfe57f13bd3
🐥 [ tweet ]
🥱1