😈 [ OtterHacker @OtterHacker ]

Majority of custom #GetProcAddress I found didn't handle well forwarded export, here is a snippet for #GetProcAddress and #GetModuleHandle that handle this edge case !

Feel free to use it !

🔗 https://gist.github.com/OtterHacker/8abaf54694ef27b9e3d38dfe57f13bd3

🐥 [ tweet ]

Развернуть приватный Gitea на VPS-ке за 5 минут? Изи 👇🏻

$ docker run -d --name mysql-gitea -e MYSQL_ROOT_PASSWORD='my_mysql_root_pass' -v /opt/volume/mysql-gitea:/var/lib/mysql mysql:latest

$ docker container exec -it mysql-gitea bash
# mysql -u root -p'my_mysql_root_pass'
mysql> CREATE USER 'gitea-user'@'%' IDENTIFIED BY 'my_gitea_db_password';
mysql> CREATE DATABASE giteadb;
mysql> GRANT ALL PRIVILEGES ON giteadb.* TO 'gitea-user'@'%';
mysql> FLUSH PRIVILEGES;
mysql> ^DBye
# exit

$ docker run -d --name gitea -v /opt/volume/gitea:/data -p 127.0.0.1:3000:3000 -p 127.0.0.1:2222:22 -e VIRTUAL_HOST=mygitea.local -e VIRTUAL_PORT=3000 -e USER_UID=1001 -e USER_GID=1001 -e DB_TYPE=mysql -e DB_HOST=172.17.0.2:3306 -e DB_NAME=giteadb -e DB_USER=gitea-user -e DB_PASSWD='my_gitea_db_password' gitea/gitea:latest

$ socat TCP4-LISTEN:31337,bind=0.0.0.0,fork TCP4:127.0.0.1:2222

Пушить и пуллить теперь можно по такому ремоуту 👇🏻

$ git remote set-url origin '[git@mygitea.local:31337]:snovvcrash/HackThePlanet.git'

Как же похорошел девопс при контейнеризации...

#devops #git #gitea

😈 [ XMander @checkymander ]

Setting up Nemesis can be daunting, I wrote a blog post detailing the exact steps you need to to go from a fresh Ubuntu 22.04 image to a running Nemesis setup.

Future posts, I'd like to go into operational usage of it with Mythic and other tools

🔗 https://blog.checkymander.com/red%20team/tools/operations/Nemesis-Zero-To-Hero/

🐥 [ tweet ]

😈 [ Matt Eidelberg @Tyl0us ]

Long overdue but SourcePoint v3.0 is out now, with a ton of new features and bug fixes. With these changes, Initial access and Post-Ex activities with CobaltStrike can fly under the radar.
Check it out !
#redteam #netsec

🔗 https://github.com/Tylous/SourcePoint/releases/tag/v3.0

🐥 [ tweet ]

😈 [ Kurosh Dabbagh @_Kudaes_ ]

Call stack spoofing has reached Rust🙌. I have rewritten Unwinder and it is now a complete and stable weaponization of SilentMoonWalk technique. I have also added support for indirect syscalls and will be adding new features very soon.

🔗 https://github.com/Kudaes/Unwinder

🐥 [ tweet ]

😈 [ SkelSec @SkelSec ]

As I'm getting more sponsors I can make time to deal with all the reorg necessary after the closure of Porchetta.
Another ex-porchetta exclusive repo has been published on Github: evilrdp
I have received good feedback from users about this one.

🔗 https://github.com/skelsec/evilrdp

🐥 [ tweet ]

😈 [ Dirk-jan @_dirkjan ]

It's been quiet for a while around bloodhound Python, however I'm happy to share that I am now maintaining the project at my personal GitHub. The latest version fixes many bugs/issues, also thanks to the many PRs that were submitted (thanks all!).

🔗 https://github.com/dirkjanm/bloodhound.py

🐥 [ tweet ]

😈 [ Octoberfest7 @Octoberfest73 ]

It's not new, but good work deserves a shoutout regardless. Great article from @zyn3rgy on running tools from a Windows attack platform through a SOCKS proxy. Lots to be said for avoiding IOC's on target but still being able to leverage powerful tools.

🔗 https://posts.specterops.io/proxy-windows-tooling-via-socks-c1af66daeef3

🐥 [ tweet ]

😈 [ Rasta Mouse @_RastaMouse ]

🔗 https://github.com/gatariee/Winton

"focus on stealth". Uses cmd.exe, CreateRemoteThread, RWX, unbacked memory, and 0x0 thread start addresses...

🐥 [ tweet ]

yet another opsec c2

😈 [ SkelSec @SkelSec ]

Updates on all my projects:
All projects have been reorganized, the default branch names are now `main` for every project.
All projects -where applicable- now set up with github actions which freezes the examples as windows executables, and puts them on:

🔗 https://foss.skelsecprojects.com/

🐥 [ tweet ]

😈 [ BlackSnufkin @BlackSnufkin42 ]

yet another AV killer tool using BYOVD

Now i am like the cool kids 👻

🔗 https://github.com/BlackSnufkin/GhostDriver

🐥 [ tweet ]

😈 [ DisK0nn3cT @DisK0nn3cT ]

Just released an update to the ScrapedIn tool. This tool has been very handy on red team and social engineering engagements! Please submit any bugs and I’ll get them squared away.

🔗 https://github.com/dchrastil/ScrapedIn

🐥 [ tweet ]

😈 [ daem0nc0re @daem0nc0re ]

To dive more advanced low layer things such as hypervisor, I'm reviewing Windows kernelmode rootkit techniques, and created a repositry for research and educational purpose.
More PoCs will be added later (filesystem/network mini-filter things especially).

🔗 https://github.com/daem0nc0re/VectorKernel

🐥 [ tweet ]

😈 [ TrustedSec @TrustedSec ]

In our new #blog post, Senior Security Consultant @n00py1 shows us why you don't need a drawer full of fancy tools to pivot through networks—just some Windows #OpenSSH magic. Read it now!

🔗 https://hubs.ly/Q02b_c620

🐥 [ tweet ]

😈 [ Elliot @ElliotKillick ]

What is Loader Lock? 🤔 Going BEYOND undocumented, we delve into the heart of the modern Windows loader investigating some internals for the first time and demystifying Loader Lock. 🔒 Check out the research article

🔗 https://elliotonsecurity.com/what-is-loader-lock/

🐥 [ tweet ]