😈 [ SpecterOps @SpecterOps ]
Check out our latest blog post about ADCS ESC13. @Jonas_B_K discusses how the abuse technique works, the ADCS feature it abuses, where the feature is used in the wild, how we can audit for ESC13, and how to deal with it from a defensive perspective.
🔗 https://posts.specterops.io/adcs-esc13-abuse-technique-fda4272fbd53
🐥 [ tweet ]
😒
Check out our latest blog post about ADCS ESC13. @Jonas_B_K discusses how the abuse technique works, the ADCS feature it abuses, where the feature is used in the wild, how we can audit for ESC13, and how to deal with it from a defensive perspective.
🔗 https://posts.specterops.io/adcs-esc13-abuse-technique-fda4272fbd53
🐥 [ tweet ]
я запутався в этих эсках уже Please open Telegram to view this post
VIEW IN TELEGRAM
🔥4👍2😁1
😈 [ BlackArrow @BlackArrowSec ]
Enhanced version of secretsdump from #Impacket to dump credentials without touching disk.
This feature takes advantage of the WriteDACL privileges held by local administrators to provide temporary read permissions on registry hives.
🔗 https://github.com/fortra/impacket/pull/1698
🔗 https://github.com/jfjallid/go-secdump
🐥 [ tweet ]
Enhanced version of secretsdump from #Impacket to dump credentials without touching disk.
This feature takes advantage of the WriteDACL privileges held by local administrators to provide temporary read permissions on registry hives.
🔗 https://github.com/fortra/impacket/pull/1698
🔗 https://github.com/jfjallid/go-secdump
🐥 [ tweet ]
🔥7👍2
😈 [ icyguider @icyguider ]
I recently implemented 7 public UAC bypasses as BOFs and integrated them into a Havoc module and Sliver extensions. Requests to add more bypass methods are also welcome!
🔗 https://github.com/icyguider/UAC-BOF-Bonanza
🐥 [ tweet ]
I recently implemented 7 public UAC bypasses as BOFs and integrated them into a Havoc module and Sliver extensions. Requests to add more bypass methods are also welcome!
🔗 https://github.com/icyguider/UAC-BOF-Bonanza
🐥 [ tweet ]
🔥8👍4
😈 [ Thorsten E. @endi24 ]
A PowerShell noscript to create an HTML report on recent changes in Active Directory.
🔗 https://gist.github.com/jdhitsolutions/9255f0bf7fe0dc6d2dde868c18d5049f
🐥 [ tweet ]
A PowerShell noscript to create an HTML report on recent changes in Active Directory.
🔗 https://gist.github.com/jdhitsolutions/9255f0bf7fe0dc6d2dde868c18d5049f
🐥 [ tweet ]
👍5🔥2🤔1
😈 [ Hyp3rlinx @hyp3rlinx ]
Windows Defender Trojan.Win32/Powessere.G / Mitigation Bypass
🐥 [ tweet ]
Windows Defender Trojan.Win32/Powessere.G / Mitigation Bypass
C:\sec>rundll32.exe javanoscript:"\..\..\mshtml,,RunHTMLApplication ";alert(13)
Access is denied.
C:\sec>rundll32.exe javanoscript:"\\..\\..\\mshtml\\..\\..\\mshtml,RunHTMLApplication ";alert('HYP3RLINX')🐥 [ tweet ]
👍10🥱2😁1
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ Diego Capriotti @naksyn ]
Here's a new project and some Pyramid features:
Embedder lets you create small (go | nim | C# | C++) executables that load Python interpreter to execute Python code using the embedding functionality.
Embedder can be easily paired with Pyramid that now has a more OPSEC Pythonmemorymodule with full-in-memory import and all the download chain using Wininet API to reduce the imports to the minimum and smile to those pesky NTLM proxies along the way.
Pyramid updates are on the dev branch, plan merging to main soon.
Here's a video that shows a 13 kB C# embedder assembly bootstrapping Pyramid to execute mimikatz.
Who needs python.exe when you can bring Python to the world? 🌍
🔗 https://github.com/naksyn/Embedder
🐥 [ tweet ]
Here's a new project and some Pyramid features:
Embedder lets you create small (go | nim | C# | C++) executables that load Python interpreter to execute Python code using the embedding functionality.
Embedder can be easily paired with Pyramid that now has a more OPSEC Pythonmemorymodule with full-in-memory import and all the download chain using Wininet API to reduce the imports to the minimum and smile to those pesky NTLM proxies along the way.
Pyramid updates are on the dev branch, plan merging to main soon.
Here's a video that shows a 13 kB C# embedder assembly bootstrapping Pyramid to execute mimikatz.
Who needs python.exe when you can bring Python to the world? 🌍
🔗 https://github.com/naksyn/Embedder
🐥 [ tweet ]
🔥9🤯1
😈 [ pfiatde @pfiatde ]
This is crazy. Github does not prevent you from accessing commits which are reverted nor shown in the UI.
Just query the API and you are ready to go. Cool Blogpost!
🔗 https://neodyme.io/en/blog/github_secrets/
🐥 [ tweet ]
This is crazy. Github does not prevent you from accessing commits which are reverted nor shown in the UI.
Just query the API and you are ready to go. Cool Blogpost!
🔗 https://neodyme.io/en/blog/github_secrets/
🐥 [ tweet ]
😁5👍1🔥1
😈 [ Garrett @garrfoster ]
SCCM hierarchy takeover by abusing site server high availability. In this blog, I walkthrough what active and passive site servers are and share multiple abusable scenarios that come bundled in.
🔗 https://posts.specterops.io/sccm-hierarchy-takeover-with-high-availability-7dcbd3696b43
🐥 [ tweet ]
SCCM hierarchy takeover by abusing site server high availability. In this blog, I walkthrough what active and passive site servers are and share multiple abusable scenarios that come bundled in.
🔗 https://posts.specterops.io/sccm-hierarchy-takeover-with-high-availability-7dcbd3696b43
🐥 [ tweet ]
🔥2👍1
Раз у нас канал чутка завязан на Твиттере, давайте все вместе порадуемся за мои 10к 🤗
🔥44👍2
😈 [ Justin Ibarra @br0k3ns0und ]
Just updated with a few more entries.
Also, let me know if there are any others that should be added
🔗 http://lolol.farm
🐥 [ tweet ]
Just updated with a few more entries.
Also, let me know if there are any others that should be added
🔗 http://lolol.farm
🐥 [ tweet ]
👍5
😈 [ 0xdf @0xdf_ ]
In Visual from @hackthebox_eu I'll exploit a Visual Studio build service. The most interesting part is recovering SeImpersonate for the local service account using FullPower so that I can run a Potato exploit.
🔗 https://0xdf.gitlab.io/2024/02/24/htb-visual.html
🐥 [ tweet ]
In Visual from @hackthebox_eu I'll exploit a Visual Studio build service. The most interesting part is recovering SeImpersonate for the local service account using FullPower so that I can run a Potato exploit.
🔗 https://0xdf.gitlab.io/2024/02/24/htb-visual.html
🐥 [ tweet ]
давно уже не читал htbшные врайтапы, но этот прикольный👍4
😈 [ 𝕯𝖒𝖎𝖙𝖗𝖞 𝕾𝖒𝖎𝖑𝖞𝖆𝖓𝖊𝖙𝖘 @ddd1ms ]
#LockBit releases a long read of what happened. Full text below.
🔗 https://samples.vx-underground.org/tmp/Lockbit_Statement_2024-02-24.txt
🐥 [ tweet ]
#LockBit releases a long read of what happened. Full text below.
🔗 https://samples.vx-underground.org/tmp/Lockbit_Statement_2024-02-24.txt
🐥 [ tweet ]
😁13🤔4
😈 [ spencer @techspence ]
👀Well that is interesting...i've never heard of this before
🔗 https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
🐥 [ tweet ]
👀Well that is interesting...i've never heard of this before
🔗 https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
🐥 [ tweet ]
👍8🔥3😁1
😈 [ Matthew @embee_research ]
New Record for My Longest CyberChef Recipe Ever... 😅
A 22 operation configuration extractor in CyberChef. Utilising Regex, AES, Registers and Flow Control to decode as 3 stage malware sample 🕵️♂️
🔗 https://youtu.be/CIg4TXFJRK0?feature=shared
🔗 https://embee-research.ghost.io/advanced-cyberchef-operations-netsupport/
🐥 [ tweet ]
New Record for My Longest CyberChef Recipe Ever... 😅
A 22 operation configuration extractor in CyberChef. Utilising Regex, AES, Registers and Flow Control to decode as 3 stage malware sample 🕵️♂️
🔗 https://youtu.be/CIg4TXFJRK0?feature=shared
🔗 https://embee-research.ghost.io/advanced-cyberchef-operations-netsupport/
🐥 [ tweet ]
👍6
😈 [ ap @decoder_it ]
Hello: I'm your ADCS server and I want to authenticate against you. My latest Post and PoC are out. You can read it here: Enjoy :)
🔗 https://decoder.cloud/2024/02/26/hello-im-your-adcs-server-and-i-want-to-authenticate-against-you/
🐥 [ tweet ]
Hello: I'm your ADCS server and I want to authenticate against you. My latest Post and PoC are out. You can read it here: Enjoy :)
🔗 https://decoder.cloud/2024/02/26/hello-im-your-adcs-server-and-i-want-to-authenticate-against-you/
🐥 [ tweet ]
👍2
😈 [ eversinc33 🩸🗡️ @eversinc33 ]
Wrote a short blog post about implementing stealthy keylogging in the kernel with gafAsyncKeyState, inspired by @chompie1337's & @FuzzySec's blackhat talk
🔗 https://eversinc33.com/posts/kernel-mode-keylogging/
🐥 [ tweet ]
Wrote a short blog post about implementing stealthy keylogging in the kernel with gafAsyncKeyState, inspired by @chompie1337's & @FuzzySec's blackhat talk
🔗 https://eversinc33.com/posts/kernel-mode-keylogging/
🐥 [ tweet ]
🔥1
Forwarded from Внутрянка
Материал про пентест 1С
Ardent101
Еще 1 раз про пентест 1С
Введение Настоящий материал по большей части состоит из общедоступных наработок других людей. Целью было проверить указанные наработки на практике и собрать получившиеся результаты в одном месте. Именно этим объясняется название статьи.
Продолжу рассуждение…
Продолжу рассуждение…
🔥4
😈 [ Grzegorz Tworek @0gtweet ]
Eliminate huge part of lateral movement scenarios with one command:
It will make Service Control Manager deaf to remote management. Everything else works properly.
🐥 [ tweet ]
Eliminate huge part of lateral movement scenarios with one command:
reg.exe add HKLM\SYSTEM\CurrentControlSet\Control /v DisableRemoteScmEndpoints /t REG_DWORD /d 1
It will make Service Control Manager deaf to remote management. Everything else works properly.
🐥 [ tweet ]
👍10🔥1😁1😢1
😈 [ Winslow @senzee1984 ]
MutationGate is a new approach to bypass EDR's inline hooking by replacing an unhooked NTAPI's SSN with a hooked NTAPI's SSN at run time with hardware breakpoint.
🔗 https://winslow1984.com/books/malware/page/mutationgate
🔗 https://github.com/senzee1984/MutationGate
🐥 [ tweet ]
MutationGate is a new approach to bypass EDR's inline hooking by replacing an unhooked NTAPI's SSN with a hooked NTAPI's SSN at run time with hardware breakpoint.
🔗 https://winslow1984.com/books/malware/page/mutationgate
🔗 https://github.com/senzee1984/MutationGate
🐥 [ tweet ]
🔥9👍1