😈 [ yxel @httpyxel ]
LLVM-Yx-CallObfuscator: An LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.
🔗 https://github.com/janoglezcampos/llvm-yx-callobfuscator
🐥 [ tweet ]
LLVM-Yx-CallObfuscator: An LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.
🔗 https://github.com/janoglezcampos/llvm-yx-callobfuscator
🐥 [ tweet ]
🔥3👍1
😈 [ EvilMog @Evil_Mog ]
4 billion if statements:
🔗 https://andreasjhkarlsson.github.io//jekyll/update/2023/12/27/4-billion-if-statements.html
🐥 [ tweet ]
4 billion if statements:
🔗 https://andreasjhkarlsson.github.io//jekyll/update/2023/12/27/4-billion-if-statements.html
🐥 [ tweet ]
смешнявка на этот вечер пятницы😁7👍4🤯1🥱1
😈 [ zhassulan zhussupov @cocomelonckz ]
next one. Since I’m a little busy writing my book for the Packt, I haven’t been writing as often lately. But I’m still working on researching and simulating ransomware.
🔗 https://cocomelonc.github.io/malware/2024/01/16/malware-cryptography-24.html
🐥 [ tweet ]
next one. Since I’m a little busy writing my book for the Packt, I haven’t been writing as often lately. But I’m still working on researching and simulating ransomware.
🔗 https://cocomelonc.github.io/malware/2024/01/16/malware-cryptography-24.html
🐥 [ tweet ]
🔥4😢1
😈 [ Octoberfest7 @Octoberfest73 ]
I'm exited to release GraphStrike, a project I completed during my internship at @RedSiege. Route all of your Cobalt Strike HTTPS traffic through graph.microsoft.com.
Tool:
🔗 https://github.com/RedSiege/GraphStrike?tab=readme-ov-file
Dev blog:
🔗 https://redsiege.com/blog/2024/01/graphstrike-developer
🐥 [ tweet ]
I'm exited to release GraphStrike, a project I completed during my internship at @RedSiege. Route all of your Cobalt Strike HTTPS traffic through graph.microsoft.com.
Tool:
🔗 https://github.com/RedSiege/GraphStrike?tab=readme-ov-file
Dev blog:
🔗 https://redsiege.com/blog/2024/01/graphstrike-developer
🐥 [ tweet ]
🔥3
😈 [ Kleiton Kurti @kleiton0x7e ]
Created a PoC for loading DLLs without LoadLibraryA. Instead we'll leverage the VEH (Vectored Exception Handler) to modify the context, especially RIP and RCX to hold the LoadLibraryA address and it's argument.
🔗 https://github.com/kleiton0x00/Proxy-DLL-Loads
🐥 [ tweet ]
Created a PoC for loading DLLs without LoadLibraryA. Instead we'll leverage the VEH (Vectored Exception Handler) to modify the context, especially RIP and RCX to hold the LoadLibraryA address and it's argument.
🔗 https://github.com/kleiton0x00/Proxy-DLL-Loads
🐥 [ tweet ]
👍3🔥3
😈 [ ap @decoder_it ]
This is how a specific Group Policy configuration, enabling a security feature bypass, can lead to Privilege Escalation. Full details and examples in my latest blog post ;)
🔗 https://decoder.cloud/2024/01/23/do-not-trust-this-group-policy/
🐥 [ tweet ]
This is how a specific Group Policy configuration, enabling a security feature bypass, can lead to Privilege Escalation. Full details and examples in my latest blog post ;)
🔗 https://decoder.cloud/2024/01/23/do-not-trust-this-group-policy/
🐥 [ tweet ]
🔥1
😈 [ eversinc33 @eversinc33 ]
Small experiment today, inspired by @kaganisildak, using RCON protocol, as used by e.g. CS 1.6 as a C2 channel for the lulz.
🔗 https://github.com/eversinc33/1.6-C2
🐥 [ tweet ]
Small experiment today, inspired by @kaganisildak, using RCON protocol, as used by e.g. CS 1.6 as a C2 channel for the lulz.
🔗 https://github.com/eversinc33/1.6-C2
🐥 [ tweet ]
👍8😁2
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ eversinc33 @eversinc33 ]
Yea yea, EDR bypass this, VEH that, but have you every ran mimikatz while surfing in 1.6.? 😎😎
🐥 [ tweet ]
Yea yea, EDR bypass this, VEH that, but have you every ran mimikatz while surfing in 1.6.? 😎😎
🐥 [ tweet ]
🔥20😁7👍3
😈 [ Jonas Bülow Knudsen @Jonas_B_K ]
ADCS attack paths in BloodHound! 🥳
This blog post breaks down the implementation of the ESC1 requirements and guides you on effectively leveraging BloodHound to identify attack paths that include ESC1 privileges.
🔗 https://posts.specterops.io/adcs-attack-paths-in-bloodhound-part-1-799f3d3b03cf
🐥 [ tweet ]
ADCS attack paths in BloodHound! 🥳
This blog post breaks down the implementation of the ESC1 requirements and guides you on effectively leveraging BloodHound to identify attack paths that include ESC1 privileges.
🔗 https://posts.specterops.io/adcs-attack-paths-in-bloodhound-part-1-799f3d3b03cf
🐥 [ tweet ]
👍2🔥1
Forwarded from APT
Learn the process of crafting a personalized RDI/sRDI loader in C and ASM, incorporating code optimization to achieve full position independence.
🔗 https://blog.malicious.group/writing-your-own-rdi-srdi-loader-using-c-and-asm/
#maldev #reflective #dll #clang #asm
Please open Telegram to view this post
VIEW IN TELEGRAM
Malicious Group
Writing your own RDI /sRDI loader using C and ASM
In this post, I am going to show the readers how to write their own RDI/sRDI loader in C, and then show how to optimize the code to make it fully position independent.
👍5
😈 [ William Burgess @joehowwolf ]
New CS blog: Introducing the Mutator Kit - Creating Object File Monstrosities with Sleep Mask and LLVM
🔗 https://www.cobaltstrike.com/blog/introducing-the-mutator-kit-creating-object-file-monstrosities-with-sleep-mask-and-llvm
🐥 [ tweet ]
New CS blog: Introducing the Mutator Kit - Creating Object File Monstrosities with Sleep Mask and LLVM
🔗 https://www.cobaltstrike.com/blog/introducing-the-mutator-kit-creating-object-file-monstrosities-with-sleep-mask-and-llvm
🐥 [ tweet ]
😈 [ FalconForce Official @falconforceteam ]
We are thrilled to publish SOAPHound: a custom-developed data collector tool to enumerate Active Directory environments via the ADWS-protocol. Enjoy!
🔗 https://falconforce.nl/soaphound-tool-to-collect-active-directory-data-via-adws/
🔗 https://github.com/FalconForceTeam/SOAPHound
🐥 [ tweet ]
We are thrilled to publish SOAPHound: a custom-developed data collector tool to enumerate Active Directory environments via the ADWS-protocol. Enjoy!
🔗 https://falconforce.nl/soaphound-tool-to-collect-active-directory-data-via-adws/
🔗 https://github.com/FalconForceTeam/SOAPHound
🐥 [ tweet ]
🔥4
😈 [ 5pider @C5pider ]
Modern implant design: position independent malware development.
A small blog post on how to design "modern" malware with features like global variables, raw strings, and compile-time hashing.
🔗 https://5pider.net/blog/2024/01/27/modern-shellcode-implant-design
🔗 https://github.com/Cracked5pider/Stardust
🐥 [ tweet ]
Modern implant design: position independent malware development.
A small blog post on how to design "modern" malware with features like global variables, raw strings, and compile-time hashing.
🔗 https://5pider.net/blog/2024/01/27/modern-shellcode-implant-design
🔗 https://github.com/Cracked5pider/Stardust
🐥 [ tweet ]
👍5
😈 [ Rasta Mouse @_RastaMouse ]
Demo version of CsWhispers is now public. Any and all feedback is welcome.
🔗 https://github.com/rasta-mouse/CsWhispers
🐥 [ tweet ]
Demo version of CsWhispers is now public. Any and all feedback is welcome.
🔗 https://github.com/rasta-mouse/CsWhispers
🐥 [ tweet ]
🔥1
😈 [ Rasta Mouse @_RastaMouse ]
[BLOG]
Very short post containing some guidance on how to deal with ANYSIZE_ARRAY structures in C#.
🔗 https://rastamouse.me/anysize-array-csharp/
🐥 [ tweet ]
[BLOG]
Very short post containing some guidance on how to deal with ANYSIZE_ARRAY structures in C#.
🔗 https://rastamouse.me/anysize-array-csharp/
🐥 [ tweet ]
👍2
😈 [ LuemmelSec @theluemmel ]
New blog by @itm4n is a must read for blue and red alike:
🔗 https://itm4n.github.io/printnightmare-exploitation/
Quality stuff as always. Thanks
I updated my Client-Checker to evaluate the affected reg keys so you can quickly check on your own if you might be affected or not:
🔗 https://github.com/LuemmelSec/Client-Checker
🐥 [ tweet ]
New blog by @itm4n is a must read for blue and red alike:
🔗 https://itm4n.github.io/printnightmare-exploitation/
Quality stuff as always. Thanks
I updated my Client-Checker to evaluate the affected reg keys so you can quickly check on your own if you might be affected or not:
🔗 https://github.com/LuemmelSec/Client-Checker
🐥 [ tweet ]
🔥6
😈 [ John Lambert @JohnLaTwC ]
Midnight Blizzard: Guidance for responders on nation-state attack
🔗 https://www.microsoft.com/en-us/security/blog/2024/01/25/midnight-blizzard-guidance-for-responders-on-nation-state-attack/
🐥 [ tweet ]
Midnight Blizzard: Guidance for responders on nation-state attack
🔗 https://www.microsoft.com/en-us/security/blog/2024/01/25/midnight-blizzard-guidance-for-responders-on-nation-state-attack/
🐥 [ tweet ]
ох уж эти русские аптшники, знаете ли😁6
😈 [ Aurélien Chalot @Defte_ ]
It's finally out: from a Windows driver to a fully functionnal driver. In this blogpost we'll go through the history of EDR's, how they used to work, how they work now and how we can build a fully functionnal one. Last step is a chall, bypass MyDumbEDR
🔗 https://sensepost.com/blog/2024/sensecon-23-from-windows-drivers-to-an-almost-fully-working-edr/
🐥 [ tweet ]
It's finally out: from a Windows driver to a fully functionnal driver. In this blogpost we'll go through the history of EDR's, how they used to work, how they work now and how we can build a fully functionnal one. Last step is a chall, bypass MyDumbEDR
🔗 https://sensepost.com/blog/2024/sensecon-23-from-windows-drivers-to-an-almost-fully-working-edr/
🐥 [ tweet ]
👍3
😈 [ Slowerzs @slowerzs ]
I recently released ThievingFox, a collection of post-exploitation tools to gather credentials from various password managers and Windows utilities.
You can find my blogpost about it:
🔗 https://blog.slowerzs.net/posts/thievingfox/
And the Github repo of the tool:
🔗 https://github.com/Slowerzs/ThievingFox/
🐥 [ tweet ]
I recently released ThievingFox, a collection of post-exploitation tools to gather credentials from various password managers and Windows utilities.
You can find my blogpost about it:
🔗 https://blog.slowerzs.net/posts/thievingfox/
And the Github repo of the tool:
🔗 https://github.com/Slowerzs/ThievingFox/
🐥 [ tweet ]
👍2🔥2