😈 [ an0n @an0n_r0 ]

just found that SharpHound used this RemoteRegistry trigger already earlier for session enumeration, like nmap smb-enum-sessions noscript and Sysinternals PsLoggedOn also. here is a nice summary about it from Sven Defatsch (@compasssecurity) in 2022:

🔗 https://blog.compass-security.com/2022/05/bloodhound-inner-workings-part-3/

🐥 [ tweet ][ quote ]

Очень круто

Some nerd on Twitter named Bjorn Staal is programming out of his mind.

11/10. Solid programming skills (designed to demonstrate quantum entanglement)

😈 [ 𝕭𝖏ø𝖗𝖓 𝕾𝖙𝖆𝖆𝖑 @_nonfigurativ_ ]

Ok, so a lot of people have been asking me for code/writeup of this so I made a stripped down example (works with an infinite amount of windows) so that you can look at to get the basic gist of it (that's all I have time for now, sorry!).

🔗 https://bgstaal.github.io/multipleWindow3dScene/
🔗 https://github.com/bgstaal/multipleWindow3dScene

🐥 [ tweet ][ quote ]

😈 [ WHOAMI @wh0amitz ]

To audit the security of read-only domain controllers, I created the SharpRODC project, a simple .NET tool for RODC-related misconfigurations.

🔗 https://github.com/wh0amitz/SharpRODC

#infosec #redteam #cybersecurity #pentesting

🐥 [ tweet ]

😈 [ OtterHacker @OtterHacker ]

Majority of custom #GetProcAddress I found didn't handle well forwarded export, here is a snippet for #GetProcAddress and #GetModuleHandle that handle this edge case !

Feel free to use it !

🔗 https://gist.github.com/OtterHacker/8abaf54694ef27b9e3d38dfe57f13bd3

🐥 [ tweet ]

Развернуть приватный Gitea на VPS-ке за 5 минут? Изи 👇🏻

$ docker run -d --name mysql-gitea -e MYSQL_ROOT_PASSWORD='my_mysql_root_pass' -v /opt/volume/mysql-gitea:/var/lib/mysql mysql:latest

$ docker container exec -it mysql-gitea bash
# mysql -u root -p'my_mysql_root_pass'
mysql> CREATE USER 'gitea-user'@'%' IDENTIFIED BY 'my_gitea_db_password';
mysql> CREATE DATABASE giteadb;
mysql> GRANT ALL PRIVILEGES ON giteadb.* TO 'gitea-user'@'%';
mysql> FLUSH PRIVILEGES;
mysql> ^DBye
# exit

$ docker run -d --name gitea -v /opt/volume/gitea:/data -p 127.0.0.1:3000:3000 -p 127.0.0.1:2222:22 -e VIRTUAL_HOST=mygitea.local -e VIRTUAL_PORT=3000 -e USER_UID=1001 -e USER_GID=1001 -e DB_TYPE=mysql -e DB_HOST=172.17.0.2:3306 -e DB_NAME=giteadb -e DB_USER=gitea-user -e DB_PASSWD='my_gitea_db_password' gitea/gitea:latest

$ socat TCP4-LISTEN:31337,bind=0.0.0.0,fork TCP4:127.0.0.1:2222

Пушить и пуллить теперь можно по такому ремоуту 👇🏻

$ git remote set-url origin '[git@mygitea.local:31337]:snovvcrash/HackThePlanet.git'

Как же похорошел девопс при контейнеризации...

#devops #git #gitea

😈 [ XMander @checkymander ]

Setting up Nemesis can be daunting, I wrote a blog post detailing the exact steps you need to to go from a fresh Ubuntu 22.04 image to a running Nemesis setup.

Future posts, I'd like to go into operational usage of it with Mythic and other tools

🔗 https://blog.checkymander.com/red%20team/tools/operations/Nemesis-Zero-To-Hero/

🐥 [ tweet ]

😈 [ Matt Eidelberg @Tyl0us ]

Long overdue but SourcePoint v3.0 is out now, with a ton of new features and bug fixes. With these changes, Initial access and Post-Ex activities with CobaltStrike can fly under the radar.
Check it out !
#redteam #netsec

🔗 https://github.com/Tylous/SourcePoint/releases/tag/v3.0

🐥 [ tweet ]

😈 [ Kurosh Dabbagh @_Kudaes_ ]

Call stack spoofing has reached Rust🙌. I have rewritten Unwinder and it is now a complete and stable weaponization of SilentMoonWalk technique. I have also added support for indirect syscalls and will be adding new features very soon.

🔗 https://github.com/Kudaes/Unwinder

🐥 [ tweet ]

😈 [ SkelSec @SkelSec ]

As I'm getting more sponsors I can make time to deal with all the reorg necessary after the closure of Porchetta.
Another ex-porchetta exclusive repo has been published on Github: evilrdp
I have received good feedback from users about this one.

🔗 https://github.com/skelsec/evilrdp

🐥 [ tweet ]

😈 [ Dirk-jan @_dirkjan ]

It's been quiet for a while around bloodhound Python, however I'm happy to share that I am now maintaining the project at my personal GitHub. The latest version fixes many bugs/issues, also thanks to the many PRs that were submitted (thanks all!).

🔗 https://github.com/dirkjanm/bloodhound.py

🐥 [ tweet ]

😈 [ Octoberfest7 @Octoberfest73 ]

It's not new, but good work deserves a shoutout regardless. Great article from @zyn3rgy on running tools from a Windows attack platform through a SOCKS proxy. Lots to be said for avoiding IOC's on target but still being able to leverage powerful tools.

🔗 https://posts.specterops.io/proxy-windows-tooling-via-socks-c1af66daeef3

🐥 [ tweet ]

😈 [ Rasta Mouse @_RastaMouse ]

🔗 https://github.com/gatariee/Winton

"focus on stealth". Uses cmd.exe, CreateRemoteThread, RWX, unbacked memory, and 0x0 thread start addresses...

🐥 [ tweet ]

yet another opsec c2

😈 [ SkelSec @SkelSec ]

Updates on all my projects:
All projects have been reorganized, the default branch names are now `main` for every project.
All projects -where applicable- now set up with github actions which freezes the examples as windows executables, and puts them on:

🔗 https://foss.skelsecprojects.com/

🐥 [ tweet ]

😈 [ BlackSnufkin @BlackSnufkin42 ]

yet another AV killer tool using BYOVD

Now i am like the cool kids 👻

🔗 https://github.com/BlackSnufkin/GhostDriver

🐥 [ tweet ]