😈 [ Dylan Tran @d_tranman ]

Wrote up on module stomping and modding AceLdr to implement it at rest

🔗 https://dtsec.us/2023-11-04-ModuleStompin/

🐥 [ tweet ]

😈 [ LuemmelSec @theluemmel ]

One Box To Rule Them All

Little write up of my way to tackle remote pentesting situations with a dropbox.

This is about non covert systems that will allow you to carry out full fledged pentests when implanted into the customers network.

🔗 https://luemmelsec.github.io/One-Box-To-Rule-Them-All/

🐥 [ tweet ]

😈 [ S3cur3Th1sSh1t @ShitSecure ]

My talk “Playing Chess as Red Teams” from @MCTTP_Con got published now:

🔗 https://youtu.be/XAvAVKXXC_8?si=W2UKCYYd0Ukf3sDF

🐥 [ tweet ]

😈 [ Jonny Johnson @jsecurity101 ]

Today I am releasing PowerParse. This is a PE Parser I've created that has helped me in the past perform initial triage on malware. I'll provide some examples in the threads below.

🔗 https://github.com/jsecurity101/PowerParse

🐥 [ tweet ]

😈 [ ed @sprocket_ed ]

Blog coming soon... #ffuf

🔗 https://github.com/puzzlepeaches/ffufw

🐥 [ tweet ]

что-то интересное..?

😈 [ Akamai Security Intelligence Group @akamai_research ]

Did you hear that?

Akamai researcher @nachoskrnl has discovered two vulnerabilities within Windows.

Leveraging the infamous custom reminder sound feature, these can be chained together to achieve full 0-click RCE against Outlook.

Full write-up:

🔗 https://www.akamai.com/blog/security-research/2023/dec/chaining-vulnerabilities-to-achieve-rce-part-one

🐥 [ tweet ]

Нравится dns-тулкит многоуважаемого @s0i37, но я все время забываю, как там правильно настраивать записи и что менять в коде, поэтому форкнул с QoL-модами для dns_upload.py:

* Домен можно указывать в виде аргумента.
* Добавил кредл на PS, потому что спавнить 100500 child-процессов nslookup.exe из VBS не всегда комильфо.
* В идеале лучше обращаться к стороннему серверу для резолва, потому что клиенты могут кешировать записи от корпоративных DNS-ов, что может привести к некорректной сборке загружаемых данных.

🔗 https://github.com/snovvcrash/exfiltrate

😈 [ Akamai Security Intelligence Group @akamai_research ]

Earlier this month we released research by @oridavid123 on using DHCP to spoof DNS. But wait, there's more!

We are proud to release DDSpoof: a Python-based tool that enables red and blue teams to perform and study DHCP DNS attacks.

Learn how to use it:

🔗 https://www.akamai.com/blog/security-research/weaponizing-dhcp-dns-spoofing-hands-on-guide?filter=123

🐥 [ tweet ]

😈 [ Grzegorz Tworek @0gtweet ]

Do you store your "DNS dynamic update registration credentials" in a DHCP?
Cute, it means I have a new tool for you 😁😈
Enjoy the DHCP Server DNS Password Stealer. The C source code, and the compiled exe, as usual:

🔗 https://github.com/gtworek/PSBits/tree/master/PasswordStealing/DHCP

🐥 [ tweet ]

😈 [ Synacktiv @Synacktiv ]

One of our ninjas (@_ixty_) wrote a series of articles explaining how to write a win32 keylogger that supports all input languages (that don't use input method editors). Here is the first part which focuses on capturing keyboard events!

🔗 https://www.synacktiv.com/publications/writing-a-decent-win32-keylogger-13

🐥 [ tweet ]

😈 [ rvrsh3ll @424f424f ]

@chvancooten is a certified #OST badass 🫡

🔗 https://github.com/cobbr/Covenant/issues/391#issuecomment-1859177527

🐥 [ tweet ]

смешнявка

😈 [ V❄️ @vincenzosantuc1 ]

What's better for Christmas than a nice read about Reflective DLL Injection? 🎄

🔗 https://oldboy21.github.io/posts/2023/12/all-i-want-for-christmas-is-reflective-dll-injection/

#reflectivedll #oldbutgold #cplusplus #code #belloblog

🐥 [ tweet ]

😈 [ Alex neff @al3x_n3ff ]

A small gift: NetExec now supports Tab-Completion 🎁
Made by @Adamkadaban

Merry Christmas!🎄

🐥 [ tweet ]

😈 [ Ido Veltzman @Idov31 ]

There was no update for a while and the reason being a massive bug fixes, feature checking and a new feature (fun fact: it is the 23th feature!).
Now, you can use Nidhogg to dump credentials from LSASS!
Go check it out:

🔗 https://github.com/Idov31/Nidhogg/tree/dev

#infosec #CyberSecurity

🐥 [ tweet ]

😈 [ bohops @bohops ]

I guess all Microsoft signed debuggers and tracers are execute lolbins by nature, so here is another:

dotnet-trace.exe collect -- <cmd arg...>

If the process is not a .net program, dotnet-trace will kill the direct child process after a few seconds.

🐥 [ tweet ]

😈 [ Josh @passthehashbrwn ]

THIS is an APT. No "cmd /c net user", just technical capability that's almost indistinguishable from magic

🔗 https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/
🔗 https://koeln.ftp.media.ccc.de/congress/2023/h264-hd/37c3-11859-eng-Operation_Triangulation_What_You_Get_When_Attack_iPhones_of_Researchers.mp4

TL;DR
🔗 https://xakep.ru/2023/12/27/operation-triangulation-hardware-mystery/

🐥 [ tweet ]

😈 [ an0n @an0n_r0 ]

OST cannot be stopped. Here is a technique we tested internally 9 months ago: blocking EDR telemetry by leveraging the Windows Filtering Platform. Considered it so evil that we didn't publish it that time. It was pointless, now here it is by @netero_1010:

🔗 https://github.com/netero1010/EDRSilencer

🐥 [ tweet ]

😈 [ Diego Capriotti @naksyn ]

The shutter project has been hiding in plain sight for quite some time. I've been happily using this for nearly 2 years:

🔗 https://github.com/dsnezhkov/shutter

🐥 [ tweet ]

😈 [ hackerfantastic.x @hackerfantastic ]

4 new releases from @myhackerhouse for your malware development and analysis purposes with 3 re-created from the CIA's Vault7 leak:

🔗 https://github.com/hackerhouse-opensource/marble
🔗 https://github.com/hackerhouse-opensource/WMIProcessWatcher
🔗 https://github.com/hackerhouse-opensource/Artillery
🔗 https://github.com/hackerhouse-opensource/SignToolEx

Happy New Year & Enjoy 2024!🎇

🐥 [ tweet ]