😈 [ NCV @nickvourd ]
Proudly Announcing Windows Local Privilege Escalation Cookbook
#pentest #redteam #windows #privesc
🔗 https://github.com/nickvourd/Windows-Local-Privilege-Escalation-Cookbook
🐥 [ tweet ]
Proudly Announcing Windows Local Privilege Escalation Cookbook
#pentest #redteam #windows #privesc
🔗 https://github.com/nickvourd/Windows-Local-Privilege-Escalation-Cookbook
🐥 [ tweet ]
🔥4
😈 [ Elastic Security Labs @elasticseclabs ]
In this follow up from his article in May, @SBousseaden digs deeper into call stacks! See how Elastic Security 8.11 further increases efficacy against in-memory threats:
🔗 https://go.es.io/47vnlPZ
🐥 [ tweet ]
In this follow up from his article in May, @SBousseaden digs deeper into call stacks! See how Elastic Security 8.11 further increases efficacy against in-memory threats:
🔗 https://go.es.io/47vnlPZ
🐥 [ tweet ]
👍3
Forwarded from PT SWARM
New article by our researcher @snovvcrash: "Python ❤️ SSPI: Teaching #Impacket to Respect Windows SSO".
🥷 Read the blog post and you'll fly under the radar of endpoint security mechanisms as well as custom network detection rules more easily.
https://swarm.ptsecurity.com/python-sspi-teaching-impacket-to-respect-windows-sso/
🥷 Read the blog post and you'll fly under the radar of endpoint security mechanisms as well as custom network detection rules more easily.
https://swarm.ptsecurity.com/python-sspi-teaching-impacket-to-respect-windows-sso/
PT SWARM
Python ❤️ SSPI: Teaching Impacket to Respect Windows SSO
One handy feature of our private Impacket (by @fortra) fork is that it can leverage native SSPI interaction for authentication purposes when operating from a legit domain context on a Windows machine. As far as the partial implementation of Ntsecapi represents…
🔥13
😈 [ Mayfly @M4yFly ]
Did you know you didn't need to use a potatoes exploit to going from iis apppool account to admin or system?
🔗 https://threadreaderapp.com/thread/1745581076846690811.html
🐥 [ tweet ]
Did you know you didn't need to use a potatoes exploit to going from iis apppool account to admin or system?
🔗 https://threadreaderapp.com/thread/1745581076846690811.html
🐥 [ tweet ]
🔥9👍2
😈 [ MDSec @MDSecLabs ]
Exploiting CVE-2024-20656, a Local Privilege Escalation in the VSStandardCollectorService150 Service - new research from @filip_dragovic
🔗 https://www.mdsec.co.uk/2024/01/cve-2024-20656-local-privilege-escalation-in-vsstandardcollectorservice150-service/
🔗 https://github.com/Wh04m1001/CVE-2024-20656
🐥 [ tweet ]
Exploiting CVE-2024-20656, a Local Privilege Escalation in the VSStandardCollectorService150 Service - new research from @filip_dragovic
🔗 https://www.mdsec.co.uk/2024/01/cve-2024-20656-local-privilege-escalation-in-vsstandardcollectorservice150-service/
🔗 https://github.com/Wh04m1001/CVE-2024-20656
🐥 [ tweet ]
👍2
😈 [ Vozec @Vozec1 ]
I have implemented the latest CVE-2023-7028 to Account Take-Over on GitLab completely automatically. (CVSS10):
🔗 https://github.com/Vozec/CVE-2023-7028
🐥 [ tweet ]
I have implemented the latest CVE-2023-7028 to Account Take-Over on GitLab completely automatically. (CVSS10):
🔗 https://github.com/Vozec/CVE-2023-7028
🐥 [ tweet ]
👍1🔥1
😈 [ Rasta Mouse @_RastaMouse ]
Ok, is now live. A simple GitBook of code-generated P/Invoke signatures. Just C# for now, but I may add Rust and a few others in the future.
🔗 https://www.pinvoke.dev
🔗 https://github.com/ZeroPointSecurity/PInvoke
🐥 [ tweet ]
Ok, is now live. A simple GitBook of code-generated P/Invoke signatures. Just C# for now, but I may add Rust and a few others in the future.
🔗 https://www.pinvoke.dev
🔗 https://github.com/ZeroPointSecurity/PInvoke
🐥 [ tweet ]
👍4
😈 [ Daniel Feichter @VirtualAllocEx ]
I was interested to learn more about Vectored Exception Handling and how it can be used in malware development. Hence my first blog post of the year ennoscriptd "Syscalls via Vectored Exception Handling".
🔗 https://redops.at/en/blog/syscalls-via-vectored-exception-handling
🐥 [ tweet ]
I was interested to learn more about Vectored Exception Handling and how it can be used in malware development. Hence my first blog post of the year ennoscriptd "Syscalls via Vectored Exception Handling".
🔗 https://redops.at/en/blog/syscalls-via-vectored-exception-handling
🐥 [ tweet ]
👍3
😈 [ Steve Campbell @lpha3ch0 ]
I felt like httpx was missing the ability to parse Nmap reports for http/s services and it made more sense to create a standalone utility. Nmapurls parses Nmap xml reports and outputs a list of URL's.
🔗 https://github.com/sdcampbell/nmapurls
🐥 [ tweet ]
I felt like httpx was missing the ability to parse Nmap reports for http/s services and it made more sense to create a standalone utility. Nmapurls parses Nmap xml reports and outputs a list of URL's.
🔗 https://github.com/sdcampbell/nmapurls
🐥 [ tweet ]
📢 Команда PT SWARM в поисках своего оффенсив-разработчика!
Заниматься будем поддержкой существующего внутреннего инструментария команды, а также разрабатывать новый для закрытия проектов, важным аспектом которых является уклонения от систем обнаружения и деятельности команд реагирования на киберинциденты, а именно – операций Red Team и контролируемых киберучений.
Работать предстоит под моим кураторством (ЛС @snovvcrash), если вдруг для кого-то это будет преимуществом🤓
🔗 https://hh.ru/vacancy/91158970
Заниматься будем поддержкой существующего внутреннего инструментария команды, а также разрабатывать новый для закрытия проектов, важным аспектом которых является уклонения от систем обнаружения и деятельности команд реагирования на киберинциденты, а именно – операций Red Team и контролируемых киберучений.
Работать предстоит под моим кураторством (ЛС @snovvcrash), если вдруг для кого-то это будет преимуществом
🔗 https://hh.ru/vacancy/91158970
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥5👍3🤔3😢1
😈 [ vs1m @Vsimpro ]
Got an ethical pentest for a kiosk-esque environment, but you're stuck in a browser? Have access to websites, but have a need to go deeper?
Look no further! With you have access to tools that enable lateral enum, calculator://, file browsing, and more!
🔗 https://kiosk.vsim.xyz/
🐥 [ tweet ]
Got an ethical pentest for a kiosk-esque environment, but you're stuck in a browser? Have access to websites, but have a need to go deeper?
Look no further! With you have access to tools that enable lateral enum, calculator://, file browsing, and more!
🔗 https://kiosk.vsim.xyz/
🐥 [ tweet ]
👍5🤔2
😈 [ yxel @httpyxel ]
LLVM-Yx-CallObfuscator: An LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.
🔗 https://github.com/janoglezcampos/llvm-yx-callobfuscator
🐥 [ tweet ]
LLVM-Yx-CallObfuscator: An LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.
🔗 https://github.com/janoglezcampos/llvm-yx-callobfuscator
🐥 [ tweet ]
🔥3👍1
😈 [ EvilMog @Evil_Mog ]
4 billion if statements:
🔗 https://andreasjhkarlsson.github.io//jekyll/update/2023/12/27/4-billion-if-statements.html
🐥 [ tweet ]
4 billion if statements:
🔗 https://andreasjhkarlsson.github.io//jekyll/update/2023/12/27/4-billion-if-statements.html
🐥 [ tweet ]
смешнявка на этот вечер пятницы😁7👍4🤯1🥱1
😈 [ zhassulan zhussupov @cocomelonckz ]
next one. Since I’m a little busy writing my book for the Packt, I haven’t been writing as often lately. But I’m still working on researching and simulating ransomware.
🔗 https://cocomelonc.github.io/malware/2024/01/16/malware-cryptography-24.html
🐥 [ tweet ]
next one. Since I’m a little busy writing my book for the Packt, I haven’t been writing as often lately. But I’m still working on researching and simulating ransomware.
🔗 https://cocomelonc.github.io/malware/2024/01/16/malware-cryptography-24.html
🐥 [ tweet ]
🔥4😢1
😈 [ Octoberfest7 @Octoberfest73 ]
I'm exited to release GraphStrike, a project I completed during my internship at @RedSiege. Route all of your Cobalt Strike HTTPS traffic through graph.microsoft.com.
Tool:
🔗 https://github.com/RedSiege/GraphStrike?tab=readme-ov-file
Dev blog:
🔗 https://redsiege.com/blog/2024/01/graphstrike-developer
🐥 [ tweet ]
I'm exited to release GraphStrike, a project I completed during my internship at @RedSiege. Route all of your Cobalt Strike HTTPS traffic through graph.microsoft.com.
Tool:
🔗 https://github.com/RedSiege/GraphStrike?tab=readme-ov-file
Dev blog:
🔗 https://redsiege.com/blog/2024/01/graphstrike-developer
🐥 [ tweet ]
🔥3
😈 [ Kleiton Kurti @kleiton0x7e ]
Created a PoC for loading DLLs without LoadLibraryA. Instead we'll leverage the VEH (Vectored Exception Handler) to modify the context, especially RIP and RCX to hold the LoadLibraryA address and it's argument.
🔗 https://github.com/kleiton0x00/Proxy-DLL-Loads
🐥 [ tweet ]
Created a PoC for loading DLLs without LoadLibraryA. Instead we'll leverage the VEH (Vectored Exception Handler) to modify the context, especially RIP and RCX to hold the LoadLibraryA address and it's argument.
🔗 https://github.com/kleiton0x00/Proxy-DLL-Loads
🐥 [ tweet ]
👍3🔥3
😈 [ ap @decoder_it ]
This is how a specific Group Policy configuration, enabling a security feature bypass, can lead to Privilege Escalation. Full details and examples in my latest blog post ;)
🔗 https://decoder.cloud/2024/01/23/do-not-trust-this-group-policy/
🐥 [ tweet ]
This is how a specific Group Policy configuration, enabling a security feature bypass, can lead to Privilege Escalation. Full details and examples in my latest blog post ;)
🔗 https://decoder.cloud/2024/01/23/do-not-trust-this-group-policy/
🐥 [ tweet ]
🔥1
😈 [ eversinc33 @eversinc33 ]
Small experiment today, inspired by @kaganisildak, using RCON protocol, as used by e.g. CS 1.6 as a C2 channel for the lulz.
🔗 https://github.com/eversinc33/1.6-C2
🐥 [ tweet ]
Small experiment today, inspired by @kaganisildak, using RCON protocol, as used by e.g. CS 1.6 as a C2 channel for the lulz.
🔗 https://github.com/eversinc33/1.6-C2
🐥 [ tweet ]
👍8😁2
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ eversinc33 @eversinc33 ]
Yea yea, EDR bypass this, VEH that, but have you every ran mimikatz while surfing in 1.6.? 😎😎
🐥 [ tweet ]
Yea yea, EDR bypass this, VEH that, but have you every ran mimikatz while surfing in 1.6.? 😎😎
🐥 [ tweet ]
🔥20😁7👍3
😈 [ Jonas Bülow Knudsen @Jonas_B_K ]
ADCS attack paths in BloodHound! 🥳
This blog post breaks down the implementation of the ESC1 requirements and guides you on effectively leveraging BloodHound to identify attack paths that include ESC1 privileges.
🔗 https://posts.specterops.io/adcs-attack-paths-in-bloodhound-part-1-799f3d3b03cf
🐥 [ tweet ]
ADCS attack paths in BloodHound! 🥳
This blog post breaks down the implementation of the ESC1 requirements and guides you on effectively leveraging BloodHound to identify attack paths that include ESC1 privileges.
🔗 https://posts.specterops.io/adcs-attack-paths-in-bloodhound-part-1-799f3d3b03cf
🐥 [ tweet ]
👍2🔥1