😈 [ Rasta Mouse @_RastaMouse ]
🔗 https://github.com/gatariee/Winton
"focus on stealth". Uses cmd.exe, CreateRemoteThread, RWX, unbacked memory, and 0x0 thread start addresses...
🐥 [ tweet ]
🔗 https://github.com/gatariee/Winton
"focus on stealth". Uses cmd.exe, CreateRemoteThread, RWX, unbacked memory, and 0x0 thread start addresses...
🐥 [ tweet ]
yet another opsec c2😁6🔥1
😈 [ SkelSec @SkelSec ]
Updates on all my projects:
All projects have been reorganized, the default branch names are now `main` for every project.
All projects -where applicable- now set up with github actions which freezes the examples as windows executables, and puts them on:
🔗 https://foss.skelsecprojects.com/
🐥 [ tweet ]
Updates on all my projects:
All projects have been reorganized, the default branch names are now `main` for every project.
All projects -where applicable- now set up with github actions which freezes the examples as windows executables, and puts them on:
🔗 https://foss.skelsecprojects.com/
🐥 [ tweet ]
🔥5
😈 [ BlackSnufkin @BlackSnufkin42 ]
yet another AV killer tool using BYOVD
Now i am like the cool kids 👻
🔗 https://github.com/BlackSnufkin/GhostDriver
🐥 [ tweet ]
yet another AV killer tool using BYOVD
Now i am like the cool kids 👻
🔗 https://github.com/BlackSnufkin/GhostDriver
🐥 [ tweet ]
👍3
😈 [ Rad K. @rad9800 ]
I decided to wrap all the various features I PoC'd recently into one project to make it easier for you to use.
- No CRT
- Unhook from system32/knowndlls
- LL with work items
- Clear VEH, DLL notifs, HWBPs
- Compile time API hashing
- Configurable
- C++17
🔗 https://github.com/rad9800/WTSRM2
🐥 [ tweet ]
I decided to wrap all the various features I PoC'd recently into one project to make it easier for you to use.
- No CRT
- Unhook from system32/knowndlls
- LL with work items
- Clear VEH, DLL notifs, HWBPs
- Compile time API hashing
- Configurable
- C++17
🔗 https://github.com/rad9800/WTSRM2
🐥 [ tweet ]
👍5
😈 [ DisK0nn3cT @DisK0nn3cT ]
Just released an update to the ScrapedIn tool. This tool has been very handy on red team and social engineering engagements! Please submit any bugs and I’ll get them squared away.
🔗 https://github.com/dchrastil/ScrapedIn
🐥 [ tweet ]
Just released an update to the ScrapedIn tool. This tool has been very handy on red team and social engineering engagements! Please submit any bugs and I’ll get them squared away.
🔗 https://github.com/dchrastil/ScrapedIn
🐥 [ tweet ]
🔥3
😈 [ daem0nc0re @daem0nc0re ]
To dive more advanced low layer things such as hypervisor, I'm reviewing Windows kernelmode rootkit techniques, and created a repositry for research and educational purpose.
More PoCs will be added later (filesystem/network mini-filter things especially).
🔗 https://github.com/daem0nc0re/VectorKernel
🐥 [ tweet ]
To dive more advanced low layer things such as hypervisor, I'm reviewing Windows kernelmode rootkit techniques, and created a repositry for research and educational purpose.
More PoCs will be added later (filesystem/network mini-filter things especially).
🔗 https://github.com/daem0nc0re/VectorKernel
🐥 [ tweet ]
👍7
😈 [ TrustedSec @TrustedSec ]
In our new #blog post, Senior Security Consultant @n00py1 shows us why you don't need a drawer full of fancy tools to pivot through networks—just some Windows #OpenSSH magic. Read it now!
🔗 https://hubs.ly/Q02b_c620
🐥 [ tweet ]
In our new #blog post, Senior Security Consultant @n00py1 shows us why you don't need a drawer full of fancy tools to pivot through networks—just some Windows #OpenSSH magic. Read it now!
🔗 https://hubs.ly/Q02b_c620
🐥 [ tweet ]
👍5🔥1
Offensive Xwitter
😈 [ Elliot @ElliotKillick ] The full and open source code used in "Perfect DLL Hijacking" has now been released on GitHub: LdrLockLiberator 🔗 https://github.com/ElliotKillick/LdrLockLiberator 🐥 [ tweet ]
😈 [ Elliot @ElliotKillick ]
What is Loader Lock? 🤔 Going BEYOND undocumented, we delve into the heart of the modern Windows loader investigating some internals for the first time and demystifying Loader Lock. 🔒 Check out the research article
🔗 https://elliotonsecurity.com/what-is-loader-lock/
🐥 [ tweet ]
What is Loader Lock? 🤔 Going BEYOND undocumented, we delve into the heart of the modern Windows loader investigating some internals for the first time and demystifying Loader Lock. 🔒 Check out the research article
🔗 https://elliotonsecurity.com/what-is-loader-lock/
🐥 [ tweet ]
🤯3
😈 [ @belette_timorée @belettet1m0ree ]
Hello! Yet another way to exploit WSUS misconfiguration.. Essentially relaying to ADCS for ESC8 attack. Hope you enjoy reading :). Thank's to @GoSecure_Inc for all the inspiration!
🔗 https://j4s0nmo0n.github.io/belettetimoree.github.io/2023-12-01-WSUS-to-ESC8.html
🐥 [ tweet ]
Hello! Yet another way to exploit WSUS misconfiguration.. Essentially relaying to ADCS for ESC8 attack. Hope you enjoy reading :). Thank's to @GoSecure_Inc for all the inspiration!
🔗 https://j4s0nmo0n.github.io/belettetimoree.github.io/2023-12-01-WSUS-to-ESC8.html
🐥 [ tweet ]
🔥8
😈 [ Bad Cyber @badcybercom ]
Dieselgate, but for trains - some heavyweight hardware hacking.
Story about trains that broke down and analysis that discovered it was not a coincidence.
🔗 https://badcyber.com/dieselgate-but-for-trains-some-heavyweight-hardware-hacking/
🐥 [ tweet ]
Dieselgate, but for trains - some heavyweight hardware hacking.
Story about trains that broke down and analysis that discovered it was not a coincidence.
🔗 https://badcyber.com/dieselgate-but-for-trains-some-heavyweight-hardware-hacking/
🐥 [ tweet ]
какая-то лютейшая байка про реверс поездов👍4
😈 [ Akamai Security Intelligence Group @akamai_research ]
Turns out, sometimes it isn't DNS... it's DHCP 👀
See @oridavid123's research on how DHCP can be used to spoof DNS records- potentially leading to Active Directory compromise.
Worst part? No credentials needed, just network access.
Full write-up:
🔗 https://www.akamai.com/blog/security-research/spoofing-dns-by-abusing-dhcp?filter=123
🐥 [ tweet ]
Turns out, sometimes it isn't DNS... it's DHCP 👀
See @oridavid123's research on how DHCP can be used to spoof DNS records- potentially leading to Active Directory compromise.
Worst part? No credentials needed, just network access.
Full write-up:
🔗 https://www.akamai.com/blog/security-research/spoofing-dns-by-abusing-dhcp?filter=123
🐥 [ tweet ]
🤯5👍2
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ Zak @_ZakSec ]
For those interested in developing standalone binaries that exploit vulnerable drivers (BYOVD), I just released a tool called IoctlHunter. This tool ease the process of identifying weaponisable IOCTL codes in win drivers 👌
📚 Blog post, code & full demo:
🔗 https://z4ksec.github.io/posts/ioctlhunter-release-v0.2
🐥 [ tweet ]
For those interested in developing standalone binaries that exploit vulnerable drivers (BYOVD), I just released a tool called IoctlHunter. This tool ease the process of identifying weaponisable IOCTL codes in win drivers 👌
📚 Blog post, code & full demo:
🔗 https://z4ksec.github.io/posts/ioctlhunter-release-v0.2
🐥 [ tweet ]
🔥4👍2
😈 [ SafeBreach @safebreach ]
This is huge. As presented at #BlackHatEurope today, see how SafeBreach Labs researcher Alon Leviev developed a brand new set of highly flexible process injection techniques that are able to completely bypass leading EDR solutions.
🔗 https://www.safebreach.com/blog/process-injection-using-windows-thread-pools
🔗 https://github.com/SafeBreach-Labs/PoolParty
🐥 [ tweet ]
This is huge. As presented at #BlackHatEurope today, see how SafeBreach Labs researcher Alon Leviev developed a brand new set of highly flexible process injection techniques that are able to completely bypass leading EDR solutions.
🔗 https://www.safebreach.com/blog/process-injection-using-windows-thread-pools
🔗 https://github.com/SafeBreach-Labs/PoolParty
🐥 [ tweet ]
👍4🤔1
😈 [ Sprocket Security @SprocketSec ]
Automate the process of running Certipy against every user in a domain with the help of ADCSsync!
This tool provides an effective means of performing a makeshift DCSync attack using ESC1!
Install now 👇
🔗 https://github.com/JPG0mez/ADCSync
🐥 [ tweet ]
Automate the process of running Certipy against every user in a domain with the help of ADCSsync!
This tool provides an effective means of performing a makeshift DCSync attack using ESC1!
Install now 👇
🔗 https://github.com/JPG0mez/ADCSync
🐥 [ tweet ]
👍3
😈 [ Lsec @lsecqt ]
I have finally decided to move away from Medium and implement my own custom blogging platform. After a lot of brain storming, my first blog about DLL Proxying is finally live:
Hope you find that useful!
🔗 https://lsecqt.github.io/Red-Teaming-Army/malware-development/weaponizing-dll-hijacking-via-dll-proxying/
🐥 [ tweet ]
I have finally decided to move away from Medium and implement my own custom blogging platform. After a lot of brain storming, my first blog about DLL Proxying is finally live:
Hope you find that useful!
🔗 https://lsecqt.github.io/Red-Teaming-Army/malware-development/weaponizing-dll-hijacking-via-dll-proxying/
🐥 [ tweet ]
👍9
Forwarded from s0i37_channel
А вы знали что принуждать к аутентификации Windows машины можно не только через 445/tcp порт (MSRPC)? Если вы читаете меня не первый день - то знаете (https://habr.com/ru/articles/688682/). Пару месяцев назад в Coercer (https://github.com/p0dalirius/Coercer) с моим коммитом появилась замечательная возможность - принуждать к аутентификации ещё и через DCERPC. Что это даёт атакующему? Теперь можно принудить к аутентификации машину за фаерволом (часто фильтрующем 445/tcp), тк DCERPC порты как правило достаточно рандомные и выборочно прикрыть их сложно.
Кстати ещё coerce можно делать и через NetBIOS (139), правда этот коммит я поленился сделать
Кстати ещё coerce можно делать и через NetBIOS (139), правда этот коммит я поленился сделать
👍9🥱1
😈 [ Sebas @0xroot ]
🤖 How GitLab's Red Team automates C2 testing
@eip_4141 from GitLab's Red Team on leveraging PyTest, Mythic's Scripting, and CI/CD for continuous testing of open source C2 tools, including Mythic, Poseidon, and @merlin_c2
🔗 https://about.gitlab.com/blog/2023/11/28/how-gitlabs-red-team-automates-c2-testing
🐥 [ tweet ]
🤖 How GitLab's Red Team automates C2 testing
@eip_4141 from GitLab's Red Team on leveraging PyTest, Mythic's Scripting, and CI/CD for continuous testing of open source C2 tools, including Mythic, Poseidon, and @merlin_c2
🔗 https://about.gitlab.com/blog/2023/11/28/how-gitlabs-red-team-automates-c2-testing
🐥 [ tweet ]
🤔2
Offensive Xwitter
😈 [ SafeBreach @safebreach ] This is huge. As presented at #BlackHatEurope today, see how SafeBreach Labs researcher Alon Leviev developed a brand new set of highly flexible process injection techniques that are able to completely bypass leading EDR solutions.…
😈 [ Shashwat Shah 🇮🇳 @0xEr3bus ]
Just crafted a beacon object file for the 8th variant of the powerful process injection technique by @_0xDeku. An exciting journey into the Windows Thread Pool!
#cybersecurity #redteam #infosec #cobaltstrike
🔗 https://github.com/0xEr3bus/PoolPartyBof
🐥 [ tweet ]
Just crafted a beacon object file for the 8th variant of the powerful process injection technique by @_0xDeku. An exciting journey into the Windows Thread Pool!
#cybersecurity #redteam #infosec #cobaltstrike
🔗 https://github.com/0xEr3bus/PoolPartyBof
🐥 [ tweet ]
👍2