😈 [ Bad Cyber @badcybercom ]

Dieselgate, but for trains - some heavyweight hardware hacking.

Story about trains that broke down and analysis that discovered it was not a coincidence.

🔗 https://badcyber.com/dieselgate-but-for-trains-some-heavyweight-hardware-hacking/

🐥 [ tweet ]

какая-то лютейшая байка про реверс поездов

😈 [ Akamai Security Intelligence Group @akamai_research ]

Turns out, sometimes it isn't DNS... it's DHCP 👀

See @oridavid123's research on how DHCP can be used to spoof DNS records- potentially leading to Active Directory compromise.

Worst part? No credentials needed, just network access.

Full write-up:

🔗 https://www.akamai.com/blog/security-research/spoofing-dns-by-abusing-dhcp?filter=123

🐥 [ tweet ]

😈 [ Zak @_ZakSec ]

For those interested in developing standalone binaries that exploit vulnerable drivers (BYOVD), I just released a tool called IoctlHunter. This tool ease the process of identifying weaponisable IOCTL codes in win drivers 👌

📚 Blog post, code & full demo:

🔗 https://z4ksec.github.io/posts/ioctlhunter-release-v0.2

🐥 [ tweet ]

😈 [ SafeBreach @safebreach ]

This is huge. As presented at #BlackHatEurope today, see how SafeBreach Labs researcher Alon Leviev developed a brand new set of highly flexible process injection techniques that are able to completely bypass leading EDR solutions.

🔗 https://www.safebreach.com/blog/process-injection-using-windows-thread-pools
🔗 https://github.com/SafeBreach-Labs/PoolParty

🐥 [ tweet ]

😈 [ Sprocket Security @SprocketSec ]

Automate the process of running Certipy against every user in a domain with the help of ADCSsync!

This tool provides an effective means of performing a makeshift DCSync attack using ESC1!

Install now 👇

🔗 https://github.com/JPG0mez/ADCSync

🐥 [ tweet ]

😈 [ Lsec @lsecqt ]

I have finally decided to move away from Medium and implement my own custom blogging platform. After a lot of brain storming, my first blog about DLL Proxying is finally live:

Hope you find that useful!

🔗 https://lsecqt.github.io/Red-Teaming-Army/malware-development/weaponizing-dll-hijacking-via-dll-proxying/

🐥 [ tweet ]

А вы знали что принуждать к аутентификации Windows машины можно не только через 445/tcp порт (MSRPC)? Если вы читаете меня не первый день - то знаете (https://habr.com/ru/articles/688682/). Пару месяцев назад в Coercer (https://github.com/p0dalirius/Coercer) с моим коммитом появилась замечательная возможность - принуждать к аутентификации ещё и через DCERPC. Что это даёт атакующему? Теперь можно принудить к аутентификации машину за фаерволом (часто фильтрующем 445/tcp), тк DCERPC порты как правило достаточно рандомные и выборочно прикрыть их сложно.
Кстати ещё coerce можно делать и через NetBIOS (139), правда этот коммит я поленился сделать

😈 [ Sebas @0xroot ]

🤖 How GitLab's Red Team automates C2 testing

@eip_4141 from GitLab's Red Team on leveraging PyTest, Mythic's Scripting, and CI/CD for continuous testing of open source C2 tools, including Mythic, Poseidon, and @merlin_c2

🔗 https://about.gitlab.com/blog/2023/11/28/how-gitlabs-red-team-automates-c2-testing

🐥 [ tweet ]

😈 [ Shashwat Shah 🇮🇳 @0xEr3bus ]

Just crafted a beacon object file for the 8th variant of the powerful process injection technique by @_0xDeku. An exciting journey into the Windows Thread Pool!
#cybersecurity #redteam #infosec #cobaltstrike

🔗 https://github.com/0xEr3bus/PoolPartyBof

🐥 [ tweet ]

😈 [ David @dmcxblue ]

Awesome

🔗 https://ntlm.pw/

🐥 [ tweet ]

😈 [ Furkan Göksel @R0h1rr1m ]

Today I wrote a small code using Nim to emulate DLL Unlinking, one of the very old techniques. Not a fancy or new code, but if someone needs such thing, here it is:

🔗 https://github.com/frkngksl/UnlinkDLL

🐥 [ tweet ]

😈 [ Outflank @OutflankNL ]

Let's explore the intricate dance of virtual to physical memory mapping in BYOVD tooling development! 💻

In @c3c's latest blog we delve into resolving addresses using Superfetch, unlocking control over physical memory.

Dive into the details now 👉

🔗 https://outflank.nl/blog/2023/12/14/mapping-virtual-to-physical-adresses-using-superfetch/

🐥 [ tweet ]

😈 [ Dylan Tran @d_tranman ]

Wrote up on module stomping and modding AceLdr to implement it at rest

🔗 https://dtsec.us/2023-11-04-ModuleStompin/

🐥 [ tweet ]

😈 [ LuemmelSec @theluemmel ]

One Box To Rule Them All

Little write up of my way to tackle remote pentesting situations with a dropbox.

This is about non covert systems that will allow you to carry out full fledged pentests when implanted into the customers network.

🔗 https://luemmelsec.github.io/One-Box-To-Rule-Them-All/

🐥 [ tweet ]

😈 [ S3cur3Th1sSh1t @ShitSecure ]

My talk “Playing Chess as Red Teams” from @MCTTP_Con got published now:

🔗 https://youtu.be/XAvAVKXXC_8?si=W2UKCYYd0Ukf3sDF

🐥 [ tweet ]

😈 [ Jonny Johnson @jsecurity101 ]

Today I am releasing PowerParse. This is a PE Parser I've created that has helped me in the past perform initial triage on malware. I'll provide some examples in the threads below.

🔗 https://github.com/jsecurity101/PowerParse

🐥 [ tweet ]

😈 [ ed @sprocket_ed ]

Blog coming soon... #ffuf

🔗 https://github.com/puzzlepeaches/ffufw

🐥 [ tweet ]

что-то интересное..?