😈 [ Shashwat Shah 🇮🇳 @0xEr3bus ]

Just crafted a beacon object file for the 8th variant of the powerful process injection technique by @_0xDeku. An exciting journey into the Windows Thread Pool!
#cybersecurity #redteam #infosec #cobaltstrike

🔗 https://github.com/0xEr3bus/PoolPartyBof

🐥 [ tweet ]

😈 [ David @dmcxblue ]

Awesome

🔗 https://ntlm.pw/

🐥 [ tweet ]

😈 [ Furkan Göksel @R0h1rr1m ]

Today I wrote a small code using Nim to emulate DLL Unlinking, one of the very old techniques. Not a fancy or new code, but if someone needs such thing, here it is:

🔗 https://github.com/frkngksl/UnlinkDLL

🐥 [ tweet ]

😈 [ Outflank @OutflankNL ]

Let's explore the intricate dance of virtual to physical memory mapping in BYOVD tooling development! 💻

In @c3c's latest blog we delve into resolving addresses using Superfetch, unlocking control over physical memory.

Dive into the details now 👉

🔗 https://outflank.nl/blog/2023/12/14/mapping-virtual-to-physical-adresses-using-superfetch/

🐥 [ tweet ]

😈 [ Dylan Tran @d_tranman ]

Wrote up on module stomping and modding AceLdr to implement it at rest

🔗 https://dtsec.us/2023-11-04-ModuleStompin/

🐥 [ tweet ]

😈 [ LuemmelSec @theluemmel ]

One Box To Rule Them All

Little write up of my way to tackle remote pentesting situations with a dropbox.

This is about non covert systems that will allow you to carry out full fledged pentests when implanted into the customers network.

🔗 https://luemmelsec.github.io/One-Box-To-Rule-Them-All/

🐥 [ tweet ]

😈 [ S3cur3Th1sSh1t @ShitSecure ]

My talk “Playing Chess as Red Teams” from @MCTTP_Con got published now:

🔗 https://youtu.be/XAvAVKXXC_8?si=W2UKCYYd0Ukf3sDF

🐥 [ tweet ]

😈 [ Jonny Johnson @jsecurity101 ]

Today I am releasing PowerParse. This is a PE Parser I've created that has helped me in the past perform initial triage on malware. I'll provide some examples in the threads below.

🔗 https://github.com/jsecurity101/PowerParse

🐥 [ tweet ]

😈 [ ed @sprocket_ed ]

Blog coming soon... #ffuf

🔗 https://github.com/puzzlepeaches/ffufw

🐥 [ tweet ]

что-то интересное..?

😈 [ Akamai Security Intelligence Group @akamai_research ]

Did you hear that?

Akamai researcher @nachoskrnl has discovered two vulnerabilities within Windows.

Leveraging the infamous custom reminder sound feature, these can be chained together to achieve full 0-click RCE against Outlook.

Full write-up:

🔗 https://www.akamai.com/blog/security-research/2023/dec/chaining-vulnerabilities-to-achieve-rce-part-one

🐥 [ tweet ]

Нравится dns-тулкит многоуважаемого @s0i37, но я все время забываю, как там правильно настраивать записи и что менять в коде, поэтому форкнул с QoL-модами для dns_upload.py:

* Домен можно указывать в виде аргумента.
* Добавил кредл на PS, потому что спавнить 100500 child-процессов nslookup.exe из VBS не всегда комильфо.
* В идеале лучше обращаться к стороннему серверу для резолва, потому что клиенты могут кешировать записи от корпоративных DNS-ов, что может привести к некорректной сборке загружаемых данных.

🔗 https://github.com/snovvcrash/exfiltrate

😈 [ Akamai Security Intelligence Group @akamai_research ]

Earlier this month we released research by @oridavid123 on using DHCP to spoof DNS. But wait, there's more!

We are proud to release DDSpoof: a Python-based tool that enables red and blue teams to perform and study DHCP DNS attacks.

Learn how to use it:

🔗 https://www.akamai.com/blog/security-research/weaponizing-dhcp-dns-spoofing-hands-on-guide?filter=123

🐥 [ tweet ]

😈 [ Grzegorz Tworek @0gtweet ]

Do you store your "DNS dynamic update registration credentials" in a DHCP?
Cute, it means I have a new tool for you 😁😈
Enjoy the DHCP Server DNS Password Stealer. The C source code, and the compiled exe, as usual:

🔗 https://github.com/gtworek/PSBits/tree/master/PasswordStealing/DHCP

🐥 [ tweet ]

😈 [ Synacktiv @Synacktiv ]

One of our ninjas (@_ixty_) wrote a series of articles explaining how to write a win32 keylogger that supports all input languages (that don't use input method editors). Here is the first part which focuses on capturing keyboard events!

🔗 https://www.synacktiv.com/publications/writing-a-decent-win32-keylogger-13

🐥 [ tweet ]

😈 [ rvrsh3ll @424f424f ]

@chvancooten is a certified #OST badass 🫡

🔗 https://github.com/cobbr/Covenant/issues/391#issuecomment-1859177527

🐥 [ tweet ]

смешнявка

😈 [ V❄️ @vincenzosantuc1 ]

What's better for Christmas than a nice read about Reflective DLL Injection? 🎄

🔗 https://oldboy21.github.io/posts/2023/12/all-i-want-for-christmas-is-reflective-dll-injection/

#reflectivedll #oldbutgold #cplusplus #code #belloblog

🐥 [ tweet ]

😈 [ Alex neff @al3x_n3ff ]

A small gift: NetExec now supports Tab-Completion 🎁
Made by @Adamkadaban

Merry Christmas!🎄

🐥 [ tweet ]

😈 [ Ido Veltzman @Idov31 ]

There was no update for a while and the reason being a massive bug fixes, feature checking and a new feature (fun fact: it is the 23th feature!).
Now, you can use Nidhogg to dump credentials from LSASS!
Go check it out:

🔗 https://github.com/Idov31/Nidhogg/tree/dev

#infosec #CyberSecurity

🐥 [ tweet ]

😈 [ bohops @bohops ]

I guess all Microsoft signed debuggers and tracers are execute lolbins by nature, so here is another:

dotnet-trace.exe collect -- <cmd arg...>

If the process is not a .net program, dotnet-trace will kill the direct child process after a few seconds.

🐥 [ tweet ]

😈 [ Josh @passthehashbrwn ]

THIS is an APT. No "cmd /c net user", just technical capability that's almost indistinguishable from magic

🔗 https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/
🔗 https://koeln.ftp.media.ccc.de/congress/2023/h264-hd/37c3-11859-eng-Operation_Triangulation_What_You_Get_When_Attack_iPhones_of_Researchers.mp4

TL;DR
🔗 https://xakep.ru/2023/12/27/operation-triangulation-hardware-mystery/

🐥 [ tweet ]