😈 [ Lsec @lsecqt ]
I have finally decided to move away from Medium and implement my own custom blogging platform. After a lot of brain storming, my first blog about DLL Proxying is finally live:
Hope you find that useful!
🔗 https://lsecqt.github.io/Red-Teaming-Army/malware-development/weaponizing-dll-hijacking-via-dll-proxying/
🐥 [ tweet ]
I have finally decided to move away from Medium and implement my own custom blogging platform. After a lot of brain storming, my first blog about DLL Proxying is finally live:
Hope you find that useful!
🔗 https://lsecqt.github.io/Red-Teaming-Army/malware-development/weaponizing-dll-hijacking-via-dll-proxying/
🐥 [ tweet ]
👍9
Forwarded from s0i37_channel
А вы знали что принуждать к аутентификации Windows машины можно не только через 445/tcp порт (MSRPC)? Если вы читаете меня не первый день - то знаете (https://habr.com/ru/articles/688682/). Пару месяцев назад в Coercer (https://github.com/p0dalirius/Coercer) с моим коммитом появилась замечательная возможность - принуждать к аутентификации ещё и через DCERPC. Что это даёт атакующему? Теперь можно принудить к аутентификации машину за фаерволом (часто фильтрующем 445/tcp), тк DCERPC порты как правило достаточно рандомные и выборочно прикрыть их сложно.
Кстати ещё coerce можно делать и через NetBIOS (139), правда этот коммит я поленился сделать
Кстати ещё coerce можно делать и через NetBIOS (139), правда этот коммит я поленился сделать
👍9🥱1
😈 [ Sebas @0xroot ]
🤖 How GitLab's Red Team automates C2 testing
@eip_4141 from GitLab's Red Team on leveraging PyTest, Mythic's Scripting, and CI/CD for continuous testing of open source C2 tools, including Mythic, Poseidon, and @merlin_c2
🔗 https://about.gitlab.com/blog/2023/11/28/how-gitlabs-red-team-automates-c2-testing
🐥 [ tweet ]
🤖 How GitLab's Red Team automates C2 testing
@eip_4141 from GitLab's Red Team on leveraging PyTest, Mythic's Scripting, and CI/CD for continuous testing of open source C2 tools, including Mythic, Poseidon, and @merlin_c2
🔗 https://about.gitlab.com/blog/2023/11/28/how-gitlabs-red-team-automates-c2-testing
🐥 [ tweet ]
🤔2
Offensive Xwitter
😈 [ SafeBreach @safebreach ] This is huge. As presented at #BlackHatEurope today, see how SafeBreach Labs researcher Alon Leviev developed a brand new set of highly flexible process injection techniques that are able to completely bypass leading EDR solutions.…
😈 [ Shashwat Shah 🇮🇳 @0xEr3bus ]
Just crafted a beacon object file for the 8th variant of the powerful process injection technique by @_0xDeku. An exciting journey into the Windows Thread Pool!
#cybersecurity #redteam #infosec #cobaltstrike
🔗 https://github.com/0xEr3bus/PoolPartyBof
🐥 [ tweet ]
Just crafted a beacon object file for the 8th variant of the powerful process injection technique by @_0xDeku. An exciting journey into the Windows Thread Pool!
#cybersecurity #redteam #infosec #cobaltstrike
🔗 https://github.com/0xEr3bus/PoolPartyBof
🐥 [ tweet ]
👍2
😈 [ Furkan Göksel @R0h1rr1m ]
Today I wrote a small code using Nim to emulate DLL Unlinking, one of the very old techniques. Not a fancy or new code, but if someone needs such thing, here it is:
🔗 https://github.com/frkngksl/UnlinkDLL
🐥 [ tweet ]
Today I wrote a small code using Nim to emulate DLL Unlinking, one of the very old techniques. Not a fancy or new code, but if someone needs such thing, here it is:
🔗 https://github.com/frkngksl/UnlinkDLL
🐥 [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ Outflank @OutflankNL ]
Let's explore the intricate dance of virtual to physical memory mapping in BYOVD tooling development! 💻
In @c3c's latest blog we delve into resolving addresses using Superfetch, unlocking control over physical memory.
Dive into the details now 👉
🔗 https://outflank.nl/blog/2023/12/14/mapping-virtual-to-physical-adresses-using-superfetch/
🐥 [ tweet ]
Let's explore the intricate dance of virtual to physical memory mapping in BYOVD tooling development! 💻
In @c3c's latest blog we delve into resolving addresses using Superfetch, unlocking control over physical memory.
Dive into the details now 👉
🔗 https://outflank.nl/blog/2023/12/14/mapping-virtual-to-physical-adresses-using-superfetch/
🐥 [ tweet ]
👍1
😈 [ Dylan Tran @d_tranman ]
Wrote up on module stomping and modding AceLdr to implement it at rest
🔗 https://dtsec.us/2023-11-04-ModuleStompin/
🐥 [ tweet ]
Wrote up on module stomping and modding AceLdr to implement it at rest
🔗 https://dtsec.us/2023-11-04-ModuleStompin/
🐥 [ tweet ]
😈 [ LuemmelSec @theluemmel ]
One Box To Rule Them All
Little write up of my way to tackle remote pentesting situations with a dropbox.
This is about non covert systems that will allow you to carry out full fledged pentests when implanted into the customers network.
🔗 https://luemmelsec.github.io/One-Box-To-Rule-Them-All/
🐥 [ tweet ]
One Box To Rule Them All
Little write up of my way to tackle remote pentesting situations with a dropbox.
This is about non covert systems that will allow you to carry out full fledged pentests when implanted into the customers network.
🔗 https://luemmelsec.github.io/One-Box-To-Rule-Them-All/
🐥 [ tweet ]
🤔1
😈 [ S3cur3Th1sSh1t @ShitSecure ]
My talk “Playing Chess as Red Teams” from @MCTTP_Con got published now:
🔗 https://youtu.be/XAvAVKXXC_8?si=W2UKCYYd0Ukf3sDF
🐥 [ tweet ]
My talk “Playing Chess as Red Teams” from @MCTTP_Con got published now:
🔗 https://youtu.be/XAvAVKXXC_8?si=W2UKCYYd0Ukf3sDF
🐥 [ tweet ]
YouTube
MCTTP 2023 | Talk by Fabian Mosch
Playing Chess as Red Teams
https://www.mcttp.de
https://www.mcttp.de
🔥4
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ Jonny Johnson @jsecurity101 ]
Today I am releasing PowerParse. This is a PE Parser I've created that has helped me in the past perform initial triage on malware. I'll provide some examples in the threads below.
🔗 https://github.com/jsecurity101/PowerParse
🐥 [ tweet ]
Today I am releasing PowerParse. This is a PE Parser I've created that has helped me in the past perform initial triage on malware. I'll provide some examples in the threads below.
🔗 https://github.com/jsecurity101/PowerParse
🐥 [ tweet ]
👍1
😈 [ ed @sprocket_ed ]
Blog coming soon... #ffuf
🔗 https://github.com/puzzlepeaches/ffufw
🐥 [ tweet ]
Blog coming soon... #ffuf
🔗 https://github.com/puzzlepeaches/ffufw
🐥 [ tweet ]
что-то интересное..?🥱3🤔1
😈 [ Akamai Security Intelligence Group @akamai_research ]
Did you hear that?
Akamai researcher @nachoskrnl has discovered two vulnerabilities within Windows.
Leveraging the infamous custom reminder sound feature, these can be chained together to achieve full 0-click RCE against Outlook.
Full write-up:
🔗 https://www.akamai.com/blog/security-research/2023/dec/chaining-vulnerabilities-to-achieve-rce-part-one
🐥 [ tweet ]
Did you hear that?
Akamai researcher @nachoskrnl has discovered two vulnerabilities within Windows.
Leveraging the infamous custom reminder sound feature, these can be chained together to achieve full 0-click RCE against Outlook.
Full write-up:
🔗 https://www.akamai.com/blog/security-research/2023/dec/chaining-vulnerabilities-to-achieve-rce-part-one
🐥 [ tweet ]
Нравится dns-тулкит многоуважаемого @s0i37, но я все время забываю, как там правильно настраивать записи и что менять в коде, поэтому форкнул с QoL-модами для dns_upload.py:
* Домен можно указывать в виде аргумента.
* Добавил кредл на PS, потому что спавнить 100500 child-процессов
* В идеале лучше обращаться к стороннему серверу для резолва, потому что клиенты могут кешировать записи от корпоративных DNS-ов, что может привести к некорректной сборке загружаемых данных.
🔗 https://github.com/snovvcrash/exfiltrate
* Домен можно указывать в виде аргумента.
* Добавил кредл на PS, потому что спавнить 100500 child-процессов
nslookup.exe из VBS не всегда комильфо.* В идеале лучше обращаться к стороннему серверу для резолва, потому что клиенты могут кешировать записи от корпоративных DNS-ов, что может привести к некорректной сборке загружаемых данных.
🔗 https://github.com/snovvcrash/exfiltrate
👍7
Offensive Xwitter
😈 [ Akamai Security Intelligence Group @akamai_research ] Turns out, sometimes it isn't DNS... it's DHCP 👀 See @oridavid123's research on how DHCP can be used to spoof DNS records- potentially leading to Active Directory compromise. Worst part? No credentials…
😈 [ Akamai Security Intelligence Group @akamai_research ]
Earlier this month we released research by @oridavid123 on using DHCP to spoof DNS. But wait, there's more!
We are proud to release DDSpoof: a Python-based tool that enables red and blue teams to perform and study DHCP DNS attacks.
Learn how to use it:
🔗 https://www.akamai.com/blog/security-research/weaponizing-dhcp-dns-spoofing-hands-on-guide?filter=123
🐥 [ tweet ]
Earlier this month we released research by @oridavid123 on using DHCP to spoof DNS. But wait, there's more!
We are proud to release DDSpoof: a Python-based tool that enables red and blue teams to perform and study DHCP DNS attacks.
Learn how to use it:
🔗 https://www.akamai.com/blog/security-research/weaponizing-dhcp-dns-spoofing-hands-on-guide?filter=123
🐥 [ tweet ]
🔥6
😈 [ Grzegorz Tworek @0gtweet ]
Do you store your "DNS dynamic update registration credentials" in a DHCP?
Cute, it means I have a new tool for you 😁😈
Enjoy the DHCP Server DNS Password Stealer. The C source code, and the compiled exe, as usual:
🔗 https://github.com/gtworek/PSBits/tree/master/PasswordStealing/DHCP
🐥 [ tweet ]
Do you store your "DNS dynamic update registration credentials" in a DHCP?
Cute, it means I have a new tool for you 😁😈
Enjoy the DHCP Server DNS Password Stealer. The C source code, and the compiled exe, as usual:
🔗 https://github.com/gtworek/PSBits/tree/master/PasswordStealing/DHCP
🐥 [ tweet ]
🤯2🔥1
😈 [ Synacktiv @Synacktiv ]
One of our ninjas (@_ixty_) wrote a series of articles explaining how to write a win32 keylogger that supports all input languages (that don't use input method editors). Here is the first part which focuses on capturing keyboard events!
🔗 https://www.synacktiv.com/publications/writing-a-decent-win32-keylogger-13
🐥 [ tweet ]
One of our ninjas (@_ixty_) wrote a series of articles explaining how to write a win32 keylogger that supports all input languages (that don't use input method editors). Here is the first part which focuses on capturing keyboard events!
🔗 https://www.synacktiv.com/publications/writing-a-decent-win32-keylogger-13
🐥 [ tweet ]
🔥2
😈 [ rvrsh3ll @424f424f ]
@chvancooten is a certified #OST badass 🫡
🔗 https://github.com/cobbr/Covenant/issues/391#issuecomment-1859177527
🐥 [ tweet ]
@chvancooten is a certified #OST badass 🫡
🔗 https://github.com/cobbr/Covenant/issues/391#issuecomment-1859177527
🐥 [ tweet ]
смешнявка😁8👍1🥱1
😈 [ V❄️ @vincenzosantuc1 ]
What's better for Christmas than a nice read about Reflective DLL Injection? 🎄
🔗 https://oldboy21.github.io/posts/2023/12/all-i-want-for-christmas-is-reflective-dll-injection/
#reflectivedll #oldbutgold #cplusplus #code #belloblog
🐥 [ tweet ]
What's better for Christmas than a nice read about Reflective DLL Injection? 🎄
🔗 https://oldboy21.github.io/posts/2023/12/all-i-want-for-christmas-is-reflective-dll-injection/
#reflectivedll #oldbutgold #cplusplus #code #belloblog
🐥 [ tweet ]
👍5😁2
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ Alex neff @al3x_n3ff ]
A small gift: NetExec now supports Tab-Completion 🎁
Made by @Adamkadaban
Merry Christmas!🎄
🐥 [ tweet ]
A small gift: NetExec now supports Tab-Completion 🎁
Made by @Adamkadaban
Merry Christmas!🎄
🐥 [ tweet ]
🔥10🥱1