😈 [ Kurosh Dabbagh @_Kudaes_ ]
Call stack spoofing has reached Rust🙌. I have rewritten Unwinder and it is now a complete and stable weaponization of SilentMoonWalk technique. I have also added support for indirect syscalls and will be adding new features very soon.
🔗 https://github.com/Kudaes/Unwinder
🐥 [ tweet ]
Call stack spoofing has reached Rust🙌. I have rewritten Unwinder and it is now a complete and stable weaponization of SilentMoonWalk technique. I have also added support for indirect syscalls and will be adding new features very soon.
🔗 https://github.com/Kudaes/Unwinder
🐥 [ tweet ]
👍5
😈 [ SkelSec @SkelSec ]
As I'm getting more sponsors I can make time to deal with all the reorg necessary after the closure of Porchetta.
Another ex-porchetta exclusive repo has been published on Github: evilrdp
I have received good feedback from users about this one.
🔗 https://github.com/skelsec/evilrdp
🐥 [ tweet ]
As I'm getting more sponsors I can make time to deal with all the reorg necessary after the closure of Porchetta.
Another ex-porchetta exclusive repo has been published on Github: evilrdp
I have received good feedback from users about this one.
🔗 https://github.com/skelsec/evilrdp
🐥 [ tweet ]
🔥7👍1
😈 [ Dirk-jan @_dirkjan ]
It's been quiet for a while around bloodhound Python, however I'm happy to share that I am now maintaining the project at my personal GitHub. The latest version fixes many bugs/issues, also thanks to the many PRs that were submitted (thanks all!).
🔗 https://github.com/dirkjanm/bloodhound.py
🐥 [ tweet ]
It's been quiet for a while around bloodhound Python, however I'm happy to share that I am now maintaining the project at my personal GitHub. The latest version fixes many bugs/issues, also thanks to the many PRs that were submitted (thanks all!).
🔗 https://github.com/dirkjanm/bloodhound.py
🐥 [ tweet ]
👍8
😈 [ Octoberfest7 @Octoberfest73 ]
It's not new, but good work deserves a shoutout regardless. Great article from @zyn3rgy on running tools from a Windows attack platform through a SOCKS proxy. Lots to be said for avoiding IOC's on target but still being able to leverage powerful tools.
🔗 https://posts.specterops.io/proxy-windows-tooling-via-socks-c1af66daeef3
🐥 [ tweet ]
It's not new, but good work deserves a shoutout regardless. Great article from @zyn3rgy on running tools from a Windows attack platform through a SOCKS proxy. Lots to be said for avoiding IOC's on target but still being able to leverage powerful tools.
🔗 https://posts.specterops.io/proxy-windows-tooling-via-socks-c1af66daeef3
🐥 [ tweet ]
😢1
😈 [ Rasta Mouse @_RastaMouse ]
🔗 https://github.com/gatariee/Winton
"focus on stealth". Uses cmd.exe, CreateRemoteThread, RWX, unbacked memory, and 0x0 thread start addresses...
🐥 [ tweet ]
🔗 https://github.com/gatariee/Winton
"focus on stealth". Uses cmd.exe, CreateRemoteThread, RWX, unbacked memory, and 0x0 thread start addresses...
🐥 [ tweet ]
yet another opsec c2😁6🔥1
😈 [ SkelSec @SkelSec ]
Updates on all my projects:
All projects have been reorganized, the default branch names are now `main` for every project.
All projects -where applicable- now set up with github actions which freezes the examples as windows executables, and puts them on:
🔗 https://foss.skelsecprojects.com/
🐥 [ tweet ]
Updates on all my projects:
All projects have been reorganized, the default branch names are now `main` for every project.
All projects -where applicable- now set up with github actions which freezes the examples as windows executables, and puts them on:
🔗 https://foss.skelsecprojects.com/
🐥 [ tweet ]
🔥5
😈 [ BlackSnufkin @BlackSnufkin42 ]
yet another AV killer tool using BYOVD
Now i am like the cool kids 👻
🔗 https://github.com/BlackSnufkin/GhostDriver
🐥 [ tweet ]
yet another AV killer tool using BYOVD
Now i am like the cool kids 👻
🔗 https://github.com/BlackSnufkin/GhostDriver
🐥 [ tweet ]
👍3
😈 [ Rad K. @rad9800 ]
I decided to wrap all the various features I PoC'd recently into one project to make it easier for you to use.
- No CRT
- Unhook from system32/knowndlls
- LL with work items
- Clear VEH, DLL notifs, HWBPs
- Compile time API hashing
- Configurable
- C++17
🔗 https://github.com/rad9800/WTSRM2
🐥 [ tweet ]
I decided to wrap all the various features I PoC'd recently into one project to make it easier for you to use.
- No CRT
- Unhook from system32/knowndlls
- LL with work items
- Clear VEH, DLL notifs, HWBPs
- Compile time API hashing
- Configurable
- C++17
🔗 https://github.com/rad9800/WTSRM2
🐥 [ tweet ]
👍5
😈 [ DisK0nn3cT @DisK0nn3cT ]
Just released an update to the ScrapedIn tool. This tool has been very handy on red team and social engineering engagements! Please submit any bugs and I’ll get them squared away.
🔗 https://github.com/dchrastil/ScrapedIn
🐥 [ tweet ]
Just released an update to the ScrapedIn tool. This tool has been very handy on red team and social engineering engagements! Please submit any bugs and I’ll get them squared away.
🔗 https://github.com/dchrastil/ScrapedIn
🐥 [ tweet ]
🔥3
😈 [ daem0nc0re @daem0nc0re ]
To dive more advanced low layer things such as hypervisor, I'm reviewing Windows kernelmode rootkit techniques, and created a repositry for research and educational purpose.
More PoCs will be added later (filesystem/network mini-filter things especially).
🔗 https://github.com/daem0nc0re/VectorKernel
🐥 [ tweet ]
To dive more advanced low layer things such as hypervisor, I'm reviewing Windows kernelmode rootkit techniques, and created a repositry for research and educational purpose.
More PoCs will be added later (filesystem/network mini-filter things especially).
🔗 https://github.com/daem0nc0re/VectorKernel
🐥 [ tweet ]
👍7
😈 [ TrustedSec @TrustedSec ]
In our new #blog post, Senior Security Consultant @n00py1 shows us why you don't need a drawer full of fancy tools to pivot through networks—just some Windows #OpenSSH magic. Read it now!
🔗 https://hubs.ly/Q02b_c620
🐥 [ tweet ]
In our new #blog post, Senior Security Consultant @n00py1 shows us why you don't need a drawer full of fancy tools to pivot through networks—just some Windows #OpenSSH magic. Read it now!
🔗 https://hubs.ly/Q02b_c620
🐥 [ tweet ]
👍5🔥1
Offensive Xwitter
😈 [ Elliot @ElliotKillick ] The full and open source code used in "Perfect DLL Hijacking" has now been released on GitHub: LdrLockLiberator 🔗 https://github.com/ElliotKillick/LdrLockLiberator 🐥 [ tweet ]
😈 [ Elliot @ElliotKillick ]
What is Loader Lock? 🤔 Going BEYOND undocumented, we delve into the heart of the modern Windows loader investigating some internals for the first time and demystifying Loader Lock. 🔒 Check out the research article
🔗 https://elliotonsecurity.com/what-is-loader-lock/
🐥 [ tweet ]
What is Loader Lock? 🤔 Going BEYOND undocumented, we delve into the heart of the modern Windows loader investigating some internals for the first time and demystifying Loader Lock. 🔒 Check out the research article
🔗 https://elliotonsecurity.com/what-is-loader-lock/
🐥 [ tweet ]
🤯3
😈 [ @belette_timorée @belettet1m0ree ]
Hello! Yet another way to exploit WSUS misconfiguration.. Essentially relaying to ADCS for ESC8 attack. Hope you enjoy reading :). Thank's to @GoSecure_Inc for all the inspiration!
🔗 https://j4s0nmo0n.github.io/belettetimoree.github.io/2023-12-01-WSUS-to-ESC8.html
🐥 [ tweet ]
Hello! Yet another way to exploit WSUS misconfiguration.. Essentially relaying to ADCS for ESC8 attack. Hope you enjoy reading :). Thank's to @GoSecure_Inc for all the inspiration!
🔗 https://j4s0nmo0n.github.io/belettetimoree.github.io/2023-12-01-WSUS-to-ESC8.html
🐥 [ tweet ]
🔥8
😈 [ Bad Cyber @badcybercom ]
Dieselgate, but for trains - some heavyweight hardware hacking.
Story about trains that broke down and analysis that discovered it was not a coincidence.
🔗 https://badcyber.com/dieselgate-but-for-trains-some-heavyweight-hardware-hacking/
🐥 [ tweet ]
Dieselgate, but for trains - some heavyweight hardware hacking.
Story about trains that broke down and analysis that discovered it was not a coincidence.
🔗 https://badcyber.com/dieselgate-but-for-trains-some-heavyweight-hardware-hacking/
🐥 [ tweet ]
какая-то лютейшая байка про реверс поездов👍4
😈 [ Akamai Security Intelligence Group @akamai_research ]
Turns out, sometimes it isn't DNS... it's DHCP 👀
See @oridavid123's research on how DHCP can be used to spoof DNS records- potentially leading to Active Directory compromise.
Worst part? No credentials needed, just network access.
Full write-up:
🔗 https://www.akamai.com/blog/security-research/spoofing-dns-by-abusing-dhcp?filter=123
🐥 [ tweet ]
Turns out, sometimes it isn't DNS... it's DHCP 👀
See @oridavid123's research on how DHCP can be used to spoof DNS records- potentially leading to Active Directory compromise.
Worst part? No credentials needed, just network access.
Full write-up:
🔗 https://www.akamai.com/blog/security-research/spoofing-dns-by-abusing-dhcp?filter=123
🐥 [ tweet ]
🤯5👍2
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ Zak @_ZakSec ]
For those interested in developing standalone binaries that exploit vulnerable drivers (BYOVD), I just released a tool called IoctlHunter. This tool ease the process of identifying weaponisable IOCTL codes in win drivers 👌
📚 Blog post, code & full demo:
🔗 https://z4ksec.github.io/posts/ioctlhunter-release-v0.2
🐥 [ tweet ]
For those interested in developing standalone binaries that exploit vulnerable drivers (BYOVD), I just released a tool called IoctlHunter. This tool ease the process of identifying weaponisable IOCTL codes in win drivers 👌
📚 Blog post, code & full demo:
🔗 https://z4ksec.github.io/posts/ioctlhunter-release-v0.2
🐥 [ tweet ]
🔥4👍2
😈 [ SafeBreach @safebreach ]
This is huge. As presented at #BlackHatEurope today, see how SafeBreach Labs researcher Alon Leviev developed a brand new set of highly flexible process injection techniques that are able to completely bypass leading EDR solutions.
🔗 https://www.safebreach.com/blog/process-injection-using-windows-thread-pools
🔗 https://github.com/SafeBreach-Labs/PoolParty
🐥 [ tweet ]
This is huge. As presented at #BlackHatEurope today, see how SafeBreach Labs researcher Alon Leviev developed a brand new set of highly flexible process injection techniques that are able to completely bypass leading EDR solutions.
🔗 https://www.safebreach.com/blog/process-injection-using-windows-thread-pools
🔗 https://github.com/SafeBreach-Labs/PoolParty
🐥 [ tweet ]
👍4🤔1
😈 [ Sprocket Security @SprocketSec ]
Automate the process of running Certipy against every user in a domain with the help of ADCSsync!
This tool provides an effective means of performing a makeshift DCSync attack using ESC1!
Install now 👇
🔗 https://github.com/JPG0mez/ADCSync
🐥 [ tweet ]
Automate the process of running Certipy against every user in a domain with the help of ADCSsync!
This tool provides an effective means of performing a makeshift DCSync attack using ESC1!
Install now 👇
🔗 https://github.com/JPG0mez/ADCSync
🐥 [ tweet ]
👍3