This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ Diego Capriotti @naksyn ]
Here's a new project and some Pyramid features:
Embedder lets you create small (go | nim | C# | C++) executables that load Python interpreter to execute Python code using the embedding functionality.
Embedder can be easily paired with Pyramid that now has a more OPSEC Pythonmemorymodule with full-in-memory import and all the download chain using Wininet API to reduce the imports to the minimum and smile to those pesky NTLM proxies along the way.
Pyramid updates are on the dev branch, plan merging to main soon.
Here's a video that shows a 13 kB C# embedder assembly bootstrapping Pyramid to execute mimikatz.
Who needs python.exe when you can bring Python to the world? 🌍
🔗 https://github.com/naksyn/Embedder
🐥 [ tweet ]
Here's a new project and some Pyramid features:
Embedder lets you create small (go | nim | C# | C++) executables that load Python interpreter to execute Python code using the embedding functionality.
Embedder can be easily paired with Pyramid that now has a more OPSEC Pythonmemorymodule with full-in-memory import and all the download chain using Wininet API to reduce the imports to the minimum and smile to those pesky NTLM proxies along the way.
Pyramid updates are on the dev branch, plan merging to main soon.
Here's a video that shows a 13 kB C# embedder assembly bootstrapping Pyramid to execute mimikatz.
Who needs python.exe when you can bring Python to the world? 🌍
🔗 https://github.com/naksyn/Embedder
🐥 [ tweet ]
🔥9🤯1
😈 [ pfiatde @pfiatde ]
This is crazy. Github does not prevent you from accessing commits which are reverted nor shown in the UI.
Just query the API and you are ready to go. Cool Blogpost!
🔗 https://neodyme.io/en/blog/github_secrets/
🐥 [ tweet ]
This is crazy. Github does not prevent you from accessing commits which are reverted nor shown in the UI.
Just query the API and you are ready to go. Cool Blogpost!
🔗 https://neodyme.io/en/blog/github_secrets/
🐥 [ tweet ]
😁5👍1🔥1
😈 [ Garrett @garrfoster ]
SCCM hierarchy takeover by abusing site server high availability. In this blog, I walkthrough what active and passive site servers are and share multiple abusable scenarios that come bundled in.
🔗 https://posts.specterops.io/sccm-hierarchy-takeover-with-high-availability-7dcbd3696b43
🐥 [ tweet ]
SCCM hierarchy takeover by abusing site server high availability. In this blog, I walkthrough what active and passive site servers are and share multiple abusable scenarios that come bundled in.
🔗 https://posts.specterops.io/sccm-hierarchy-takeover-with-high-availability-7dcbd3696b43
🐥 [ tweet ]
🔥2👍1
Раз у нас канал чутка завязан на Твиттере, давайте все вместе порадуемся за мои 10к 🤗
🔥44👍2
😈 [ Justin Ibarra @br0k3ns0und ]
Just updated with a few more entries.
Also, let me know if there are any others that should be added
🔗 http://lolol.farm
🐥 [ tweet ]
Just updated with a few more entries.
Also, let me know if there are any others that should be added
🔗 http://lolol.farm
🐥 [ tweet ]
👍5
😈 [ 0xdf @0xdf_ ]
In Visual from @hackthebox_eu I'll exploit a Visual Studio build service. The most interesting part is recovering SeImpersonate for the local service account using FullPower so that I can run a Potato exploit.
🔗 https://0xdf.gitlab.io/2024/02/24/htb-visual.html
🐥 [ tweet ]
In Visual from @hackthebox_eu I'll exploit a Visual Studio build service. The most interesting part is recovering SeImpersonate for the local service account using FullPower so that I can run a Potato exploit.
🔗 https://0xdf.gitlab.io/2024/02/24/htb-visual.html
🐥 [ tweet ]
давно уже не читал htbшные врайтапы, но этот прикольный👍4
😈 [ 𝕯𝖒𝖎𝖙𝖗𝖞 𝕾𝖒𝖎𝖑𝖞𝖆𝖓𝖊𝖙𝖘 @ddd1ms ]
#LockBit releases a long read of what happened. Full text below.
🔗 https://samples.vx-underground.org/tmp/Lockbit_Statement_2024-02-24.txt
🐥 [ tweet ]
#LockBit releases a long read of what happened. Full text below.
🔗 https://samples.vx-underground.org/tmp/Lockbit_Statement_2024-02-24.txt
🐥 [ tweet ]
😁13🤔4
😈 [ spencer @techspence ]
👀Well that is interesting...i've never heard of this before
🔗 https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
🐥 [ tweet ]
👀Well that is interesting...i've never heard of this before
🔗 https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
🐥 [ tweet ]
👍8🔥3😁1
😈 [ Matthew @embee_research ]
New Record for My Longest CyberChef Recipe Ever... 😅
A 22 operation configuration extractor in CyberChef. Utilising Regex, AES, Registers and Flow Control to decode as 3 stage malware sample 🕵️♂️
🔗 https://youtu.be/CIg4TXFJRK0?feature=shared
🔗 https://embee-research.ghost.io/advanced-cyberchef-operations-netsupport/
🐥 [ tweet ]
New Record for My Longest CyberChef Recipe Ever... 😅
A 22 operation configuration extractor in CyberChef. Utilising Regex, AES, Registers and Flow Control to decode as 3 stage malware sample 🕵️♂️
🔗 https://youtu.be/CIg4TXFJRK0?feature=shared
🔗 https://embee-research.ghost.io/advanced-cyberchef-operations-netsupport/
🐥 [ tweet ]
👍6
😈 [ ap @decoder_it ]
Hello: I'm your ADCS server and I want to authenticate against you. My latest Post and PoC are out. You can read it here: Enjoy :)
🔗 https://decoder.cloud/2024/02/26/hello-im-your-adcs-server-and-i-want-to-authenticate-against-you/
🐥 [ tweet ]
Hello: I'm your ADCS server and I want to authenticate against you. My latest Post and PoC are out. You can read it here: Enjoy :)
🔗 https://decoder.cloud/2024/02/26/hello-im-your-adcs-server-and-i-want-to-authenticate-against-you/
🐥 [ tweet ]
👍2
😈 [ eversinc33 🩸🗡️ @eversinc33 ]
Wrote a short blog post about implementing stealthy keylogging in the kernel with gafAsyncKeyState, inspired by @chompie1337's & @FuzzySec's blackhat talk
🔗 https://eversinc33.com/posts/kernel-mode-keylogging/
🐥 [ tweet ]
Wrote a short blog post about implementing stealthy keylogging in the kernel with gafAsyncKeyState, inspired by @chompie1337's & @FuzzySec's blackhat talk
🔗 https://eversinc33.com/posts/kernel-mode-keylogging/
🐥 [ tweet ]
🔥1
Forwarded from Внутрянка
Материал про пентест 1С
Ardent101
Еще 1 раз про пентест 1С
Введение Настоящий материал по большей части состоит из общедоступных наработок других людей. Целью было проверить указанные наработки на практике и собрать получившиеся результаты в одном месте. Именно этим объясняется название статьи.
Продолжу рассуждение…
Продолжу рассуждение…
🔥4
😈 [ Grzegorz Tworek @0gtweet ]
Eliminate huge part of lateral movement scenarios with one command:
It will make Service Control Manager deaf to remote management. Everything else works properly.
🐥 [ tweet ]
Eliminate huge part of lateral movement scenarios with one command:
reg.exe add HKLM\SYSTEM\CurrentControlSet\Control /v DisableRemoteScmEndpoints /t REG_DWORD /d 1
It will make Service Control Manager deaf to remote management. Everything else works properly.
🐥 [ tweet ]
👍10🔥1😁1😢1
😈 [ Winslow @senzee1984 ]
MutationGate is a new approach to bypass EDR's inline hooking by replacing an unhooked NTAPI's SSN with a hooked NTAPI's SSN at run time with hardware breakpoint.
🔗 https://winslow1984.com/books/malware/page/mutationgate
🔗 https://github.com/senzee1984/MutationGate
🐥 [ tweet ]
MutationGate is a new approach to bypass EDR's inline hooking by replacing an unhooked NTAPI's SSN with a hooked NTAPI's SSN at run time with hardware breakpoint.
🔗 https://winslow1984.com/books/malware/page/mutationgate
🔗 https://github.com/senzee1984/MutationGate
🐥 [ tweet ]
🔥9👍1
😈 [ Jonas Bülow Knudsen @Jonas_B_K ]
Wrote another blog post about yet another ADCS abuse technique. This one is about explicit certificate mapping 📌📃🗺️
🔗 https://medium.com/specter-ops-posts/adcs-esc14-abuse-technique-333a004dc2b9
🐥 [ tweet ]
Wrote another blog post about yet another ADCS abuse technique. This one is about explicit certificate mapping 📌📃🗺️
🔗 https://medium.com/specter-ops-posts/adcs-esc14-abuse-technique-333a004dc2b9
🐥 [ tweet ]
🔥3👍1
😈 [ Austin Hudson @ilove2pwn_ ]
"A Summary of Memory Obuscation & Building Chains": A simple blogpost that highlights the two concepts that I utilize to my advantage.
🔗 https://suspicious.actor/misc/2024/02/29/memory-obfuscation-tldr.html
🐥 [ tweet ]
"A Summary of Memory Obuscation & Building Chains": A simple blogpost that highlights the two concepts that I utilize to my advantage.
🔗 https://suspicious.actor/misc/2024/02/29/memory-obfuscation-tldr.html
🐥 [ tweet ]
🔥5🤔2👍1
😈 [ blackorbird @blackorbird ]
#Lazarus exploited a flaw in the Windows AppLocker driver (appid.sys) as a zero-day to gain kernel-level access and turn off security tools.CVE-2024-21338
Beyond BYOVD with an Admin-to-Kernel Zero-Day
🔗 https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/
🐥 [ tweet ]
#Lazarus exploited a flaw in the Windows AppLocker driver (appid.sys) as a zero-day to gain kernel-level access and turn off security tools.CVE-2024-21338
Beyond BYOVD with an Admin-to-Kernel Zero-Day
🔗 https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/
🐥 [ tweet ]
👍7🔥3
😈 [ CODE WHITE GmbH @codewhitesec ]
Struggeling to get those precious certificates with #certipy and AD CS instances that do not support web enrollment and do not expose CertSvc via RPC? @qtc_de has you covered and added functionality to use DCOM instead of good old RPC #redteaming
🔗 https://github.com/ly4k/Certipy/pull/201
🐥 [ tweet ]
Struggeling to get those precious certificates with #certipy and AD CS instances that do not support web enrollment and do not expose CertSvc via RPC? @qtc_de has you covered and added functionality to use DCOM instead of good old RPC #redteaming
🔗 https://github.com/ly4k/Certipy/pull/201
🐥 [ tweet ]
🔥7
😈 [ Grzegorz Tworek @0gtweet ]
Writable SYSVOL --> Domain Admin:
🔗 http://x.com/i/article/1763673505873240064
🐥 [ tweet ]
Writable SYSVOL --> Domain Admin:
🔗 http://x.com/i/article/1763673505873240064
🐥 [ tweet ]
👍3🔥1🤔1