This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ eversinc33 @eversinc33 ]
Yea yea, EDR bypass this, VEH that, but have you every ran mimikatz while surfing in 1.6.? 😎😎
🐥 [ tweet ]
Yea yea, EDR bypass this, VEH that, but have you every ran mimikatz while surfing in 1.6.? 😎😎
🐥 [ tweet ]
🔥20😁7👍3
😈 [ Jonas Bülow Knudsen @Jonas_B_K ]
ADCS attack paths in BloodHound! 🥳
This blog post breaks down the implementation of the ESC1 requirements and guides you on effectively leveraging BloodHound to identify attack paths that include ESC1 privileges.
🔗 https://posts.specterops.io/adcs-attack-paths-in-bloodhound-part-1-799f3d3b03cf
🐥 [ tweet ]
ADCS attack paths in BloodHound! 🥳
This blog post breaks down the implementation of the ESC1 requirements and guides you on effectively leveraging BloodHound to identify attack paths that include ESC1 privileges.
🔗 https://posts.specterops.io/adcs-attack-paths-in-bloodhound-part-1-799f3d3b03cf
🐥 [ tweet ]
👍2🔥1
Forwarded from APT
Learn the process of crafting a personalized RDI/sRDI loader in C and ASM, incorporating code optimization to achieve full position independence.
🔗 https://blog.malicious.group/writing-your-own-rdi-srdi-loader-using-c-and-asm/
#maldev #reflective #dll #clang #asm
Please open Telegram to view this post
VIEW IN TELEGRAM
Malicious Group
Writing your own RDI /sRDI loader using C and ASM
In this post, I am going to show the readers how to write their own RDI/sRDI loader in C, and then show how to optimize the code to make it fully position independent.
👍5
😈 [ William Burgess @joehowwolf ]
New CS blog: Introducing the Mutator Kit - Creating Object File Monstrosities with Sleep Mask and LLVM
🔗 https://www.cobaltstrike.com/blog/introducing-the-mutator-kit-creating-object-file-monstrosities-with-sleep-mask-and-llvm
🐥 [ tweet ]
New CS blog: Introducing the Mutator Kit - Creating Object File Monstrosities with Sleep Mask and LLVM
🔗 https://www.cobaltstrike.com/blog/introducing-the-mutator-kit-creating-object-file-monstrosities-with-sleep-mask-and-llvm
🐥 [ tweet ]
😈 [ FalconForce Official @falconforceteam ]
We are thrilled to publish SOAPHound: a custom-developed data collector tool to enumerate Active Directory environments via the ADWS-protocol. Enjoy!
🔗 https://falconforce.nl/soaphound-tool-to-collect-active-directory-data-via-adws/
🔗 https://github.com/FalconForceTeam/SOAPHound
🐥 [ tweet ]
We are thrilled to publish SOAPHound: a custom-developed data collector tool to enumerate Active Directory environments via the ADWS-protocol. Enjoy!
🔗 https://falconforce.nl/soaphound-tool-to-collect-active-directory-data-via-adws/
🔗 https://github.com/FalconForceTeam/SOAPHound
🐥 [ tweet ]
🔥4
😈 [ 5pider @C5pider ]
Modern implant design: position independent malware development.
A small blog post on how to design "modern" malware with features like global variables, raw strings, and compile-time hashing.
🔗 https://5pider.net/blog/2024/01/27/modern-shellcode-implant-design
🔗 https://github.com/Cracked5pider/Stardust
🐥 [ tweet ]
Modern implant design: position independent malware development.
A small blog post on how to design "modern" malware with features like global variables, raw strings, and compile-time hashing.
🔗 https://5pider.net/blog/2024/01/27/modern-shellcode-implant-design
🔗 https://github.com/Cracked5pider/Stardust
🐥 [ tweet ]
👍5
😈 [ Rasta Mouse @_RastaMouse ]
Demo version of CsWhispers is now public. Any and all feedback is welcome.
🔗 https://github.com/rasta-mouse/CsWhispers
🐥 [ tweet ]
Demo version of CsWhispers is now public. Any and all feedback is welcome.
🔗 https://github.com/rasta-mouse/CsWhispers
🐥 [ tweet ]
🔥1
😈 [ Rasta Mouse @_RastaMouse ]
[BLOG]
Very short post containing some guidance on how to deal with ANYSIZE_ARRAY structures in C#.
🔗 https://rastamouse.me/anysize-array-csharp/
🐥 [ tweet ]
[BLOG]
Very short post containing some guidance on how to deal with ANYSIZE_ARRAY structures in C#.
🔗 https://rastamouse.me/anysize-array-csharp/
🐥 [ tweet ]
👍2
😈 [ LuemmelSec @theluemmel ]
New blog by @itm4n is a must read for blue and red alike:
🔗 https://itm4n.github.io/printnightmare-exploitation/
Quality stuff as always. Thanks
I updated my Client-Checker to evaluate the affected reg keys so you can quickly check on your own if you might be affected or not:
🔗 https://github.com/LuemmelSec/Client-Checker
🐥 [ tweet ]
New blog by @itm4n is a must read for blue and red alike:
🔗 https://itm4n.github.io/printnightmare-exploitation/
Quality stuff as always. Thanks
I updated my Client-Checker to evaluate the affected reg keys so you can quickly check on your own if you might be affected or not:
🔗 https://github.com/LuemmelSec/Client-Checker
🐥 [ tweet ]
🔥6
😈 [ John Lambert @JohnLaTwC ]
Midnight Blizzard: Guidance for responders on nation-state attack
🔗 https://www.microsoft.com/en-us/security/blog/2024/01/25/midnight-blizzard-guidance-for-responders-on-nation-state-attack/
🐥 [ tweet ]
Midnight Blizzard: Guidance for responders on nation-state attack
🔗 https://www.microsoft.com/en-us/security/blog/2024/01/25/midnight-blizzard-guidance-for-responders-on-nation-state-attack/
🐥 [ tweet ]
ох уж эти русские аптшники, знаете ли😁6
😈 [ Aurélien Chalot @Defte_ ]
It's finally out: from a Windows driver to a fully functionnal driver. In this blogpost we'll go through the history of EDR's, how they used to work, how they work now and how we can build a fully functionnal one. Last step is a chall, bypass MyDumbEDR
🔗 https://sensepost.com/blog/2024/sensecon-23-from-windows-drivers-to-an-almost-fully-working-edr/
🐥 [ tweet ]
It's finally out: from a Windows driver to a fully functionnal driver. In this blogpost we'll go through the history of EDR's, how they used to work, how they work now and how we can build a fully functionnal one. Last step is a chall, bypass MyDumbEDR
🔗 https://sensepost.com/blog/2024/sensecon-23-from-windows-drivers-to-an-almost-fully-working-edr/
🐥 [ tweet ]
👍3
😈 [ Slowerzs @slowerzs ]
I recently released ThievingFox, a collection of post-exploitation tools to gather credentials from various password managers and Windows utilities.
You can find my blogpost about it:
🔗 https://blog.slowerzs.net/posts/thievingfox/
And the Github repo of the tool:
🔗 https://github.com/Slowerzs/ThievingFox/
🐥 [ tweet ]
I recently released ThievingFox, a collection of post-exploitation tools to gather credentials from various password managers and Windows utilities.
You can find my blogpost about it:
🔗 https://blog.slowerzs.net/posts/thievingfox/
And the Github repo of the tool:
🔗 https://github.com/Slowerzs/ThievingFox/
🐥 [ tweet ]
👍2🔥2
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ stacksmashing @ghidraninja ]
Lenovo X1 Carbon Bitlocker Key Sniffing any% Speedrun
(42.9 seconds)
Breaking Bitlocker: Bypassing the Windows Disk Encryption - using less than $10 of equipment:
🔗 https://youtu.be/wTl4vEednkQ
🐥 [ tweet ]
Lenovo X1 Carbon Bitlocker Key Sniffing any% Speedrun
(42.9 seconds)
Breaking Bitlocker: Bypassing the Windows Disk Encryption - using less than $10 of equipment:
🔗 https://youtu.be/wTl4vEednkQ
🐥 [ tweet ]
расскажите этому парню про аккумуляторную отвертку😁13👍4🤔1
😈 [ Rasta Mouse @_RastaMouse ]
[BLOG]
I ported @0gtweet's token theft code to C#.
🔗 https://offensivedefence.co.uk/posts/nt-token-theft/
🐥 [ tweet ]
[BLOG]
I ported @0gtweet's token theft code to C#.
🔗 https://offensivedefence.co.uk/posts/nt-token-theft/
🐥 [ tweet ]
👍3
😈 [ Antonio 's4tan' Parata @s4tan ]
I wrote a new post: "Exploiting a vulnerable Minifilter Driver to create a process killer" source code: #malware #byovd
🔗 https://antonioparata.blogspot.com/2024/02/exploiting-vulnerable-minifilter-driver.html
🔗 https://github.com/enkomio/s4killer
🐥 [ tweet ]
I wrote a new post: "Exploiting a vulnerable Minifilter Driver to create a process killer" source code: #malware #byovd
🔗 https://antonioparata.blogspot.com/2024/02/exploiting-vulnerable-minifilter-driver.html
🔗 https://github.com/enkomio/s4killer
🐥 [ tweet ]
👍3🥱2
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ Cody Thomas @its_a_feature_ ]
Have you used a web shell on an offensive assessment recently? Were you able to task and create it through your C2 framework? I'm excited to announce the new Arachne agent for Mythic that allows you to do just that! Check it out
🔗 https://posts.specterops.io/spinning-webs-unveiling-arachne-for-web-shell-c2-26c40f570ea1
🐥 [ tweet ]
Have you used a web shell on an offensive assessment recently? Were you able to task and create it through your C2 framework? I'm excited to announce the new Arachne agent for Mythic that allows you to do just that! Check it out
🔗 https://posts.specterops.io/spinning-webs-unveiling-arachne-for-web-shell-c2-26c40f570ea1
🐥 [ tweet ]
🔥5
😈 [ Steve S. @0xTriboulet ]
Diago's writeup on Thread Pool manipulations is exactly what you need to read before your next Pool Party
🔗 https://urien.gitbook.io/diago-lima/a-deep-dive-into-exploiting-windows-thread-pools
🐥 [ tweet ]
Diago's writeup on Thread Pool manipulations is exactly what you need to read before your next Pool Party
🔗 https://urien.gitbook.io/diago-lima/a-deep-dive-into-exploiting-windows-thread-pools
🐥 [ tweet ]
🤯4
😈 [ James Forshaw @tiraniddo ]
I try an avoid this hellsite, but I did a quick dive into sudo in Windows and here are my initial findings.
The main take away is, writing Rust won't save you from logical bugs :)
🔗 https://www.tiraniddo.dev/2024/02/sudo-on-windows-quick-rundown.html
🐥 [ tweet ]
I try an avoid this hellsite, but I did a quick dive into sudo in Windows and here are my initial findings.
The main take away is, writing Rust won't save you from logical bugs :)
🔗 https://www.tiraniddo.dev/2024/02/sudo-on-windows-quick-rundown.html
🐥 [ tweet ]
про новый sudo в win 11🔥8
😈 [ WithSecure™ @WithSecure ]
Threat actors often sign malware using either stolen, or even legally acquired, code signing certificates.
Check out the latest @Github update from @WithSecure's @dottor_morte, with a repository of certs known to have been leaked/stolen, and then abused.
🔗 https://github.com/WithSecureLabs/lolcerts
🐥 [ tweet ]
Threat actors often sign malware using either stolen, or even legally acquired, code signing certificates.
Check out the latest @Github update from @WithSecure's @dottor_morte, with a repository of certs known to have been leaked/stolen, and then abused.
🔗 https://github.com/WithSecureLabs/lolcerts
🐥 [ tweet ]
🔥2
😈 [ Soumyani1 @reveng007 ]
I wanna thank all of them (Not In Order):
@SEKTOR7net
@VirtualAllocEx
@peterwintrsmith
@D1rkMtr
@Jean_Maes_1994
@0xBoku
@Sh0ckFR
@_winterknife_
@jack_halon
For helping me develop this POC, DarkWidow:
🔗 https://github.com/reveng007/DarkWidow
🐥 [ tweet ]
I wanna thank all of them (Not In Order):
@SEKTOR7net
@VirtualAllocEx
@peterwintrsmith
@D1rkMtr
@Jean_Maes_1994
@0xBoku
@Sh0ckFR
@_winterknife_
@jack_halon
For helping me develop this POC, DarkWidow:
🔗 https://github.com/reveng007/DarkWidow
🐥 [ tweet ]
👍8🔥5