😈 [ Alex neff @al3x_n3ff ]
A new Module by @Shad0wCntr0ller just got merged into NetExec.
You can now automatically query for all outdated operating systems in ldap🔥
Besides the OS and the name, you will also get the IP as well as the pwdLastSet attribute for that computer account.
🐥 [ tweet ]
A new Module by @Shad0wCntr0ller just got merged into NetExec.
You can now automatically query for all outdated operating systems in ldap🔥
Besides the OS and the name, you will also get the IP as well as the pwdLastSet attribute for that computer account.
🐥 [ tweet ]
🔥6👍4
😈 [ Justin Elze @HackingLZ ]
Speaking of LLVMs:
🔗 https://trustedsec.com/blog/behind-the-code-assessing-public-compile-time-obfuscators-for-enhanced-opsec
🐥 [ tweet ]
Speaking of LLVMs:
🔗 https://trustedsec.com/blog/behind-the-code-assessing-public-compile-time-obfuscators-for-enhanced-opsec
🐥 [ tweet ]
👍2
😈 [ Melvin langvik @Flangvik ]
FULLHD OFFICIAL OFFSEC C2 Tier List
🔗 https://www.youtube.com/live/iYKItfBbPoY?si=AoUAwkwdUS30lEwe
🐥 [ tweet ]
FULLHD OFFICIAL OFFSEC C2 Tier List
🔗 https://www.youtube.com/live/iYKItfBbPoY?si=AoUAwkwdUS30lEwe
🐥 [ tweet ]
👍4
Offensive Xwitter
😈 [ Melvin langvik @Flangvik ] FULLHD OFFICIAL OFFSEC C2 Tier List 🔗 https://www.youtube.com/live/iYKItfBbPoY?si=AoUAwkwdUS30lEwe 🐥 [ tweet ]
😈 [ Melvin langvik @Flangvik ]
List is complete😂 Thanks to all who joined live! I had a blast, and I hope you all did too🥳 Next week, same time, I'm apparently doing an EDR tier list... 🤡If u missed it, VOD is here:
🔗 https://youtu.be/iYKItfBbPoY
🐥 [ tweet ]
List is complete😂 Thanks to all who joined live! I had a blast, and I hope you all did too🥳 Next week, same time, I'm apparently doing an EDR tier list... 🤡If u missed it, VOD is here:
🔗 https://youtu.be/iYKItfBbPoY
🐥 [ tweet ]
🥱5👍4
😈 [ Red Siege Information Security @RedSiege ]
🛠 NEW TOOL 🛠
Introducing: Jigsaw
Developed by Principal Security Consultant @hardwaterhacker
Link:
🔗 https://redsiege.com/jigsaw
A Python tool that scrambles shellcode bytes, providing a possibly undetectable payload.
Start challenging traditional detection with this low-entropy, puzzle-like approach.
🐥 [ tweet ]
🛠 NEW TOOL 🛠
Introducing: Jigsaw
Developed by Principal Security Consultant @hardwaterhacker
Link:
🔗 https://redsiege.com/jigsaw
A Python tool that scrambles shellcode bytes, providing a possibly undetectable payload.
Start challenging traditional detection with this low-entropy, puzzle-like approach.
🐥 [ tweet ]
кринж, но больше ниче интересного нет👍8
😈 [ Adam Chester 🏴☠️ @_xpn_ ]
New blog post is up... Identity Providers for RedTeamers. This follows my #SOCON2024 talk, and provides the technicals behind the presentation, looking at other IdP's and what techniques are effective beyond Okta.
🔗 https://blog.xpnsec.com/identity-providers-redteamers/
🐥 [ tweet ]
New blog post is up... Identity Providers for RedTeamers. This follows my #SOCON2024 talk, and provides the technicals behind the presentation, looking at other IdP's and what techniques are effective beyond Okta.
🔗 https://blog.xpnsec.com/identity-providers-redteamers/
🐥 [ tweet ]
🔥5
😈 [ 📔 Michael Grafnetter @MGrafnetter ]
Extending Active Directory Users and Computers context menus with PowerShell
🔗 https://www.dsinternals.com/en/extending-active-directory-aduc-context-menu-powershell/
🐥 [ tweet ]
Extending Active Directory Users and Computers context menus with PowerShell
🔗 https://www.dsinternals.com/en/extending-active-directory-aduc-context-menu-powershell/
🐥 [ tweet ]
👍6
😈 [ Guillaume Caillé @OffenseTeacher ]
Just published my methodology for finding good DLL side-loading candidates while avoiding using DllMain for injection to bypass Loader Lock limitations.
If you have been struggling with this, I hope this saves you time in the future.
🔗 https://www.okiok.com/achieving-dll-side-loading-in-the-original-process/
🐥 [ tweet ]
Just published my methodology for finding good DLL side-loading candidates while avoiding using DllMain for injection to bypass Loader Lock limitations.
If you have been struggling with this, I hope this saves you time in the future.
🔗 https://www.okiok.com/achieving-dll-side-loading-in-the-original-process/
🐥 [ tweet ]
🔥6
😈 [ SapientFlow @sapientflow ]
My first ever blog post is out:
🔗 https://medium.com/@sapientflow/finding-pastures-new-an-alternate-approach-for-implant-design-644611c526ca
Happy for any constructive criticism or anyone that just wants to engage on the topic.
🐥 [ tweet ]
My first ever blog post is out:
🔗 https://medium.com/@sapientflow/finding-pastures-new-an-alternate-approach-for-implant-design-644611c526ca
Happy for any constructive criticism or anyone that just wants to engage on the topic.
🐥 [ tweet ]
🔥5
😈 [ Lsec @lsecqt ]
My blog about executing shellcodes via Direct Pointer is live:
While this is something relatively simple as a concept, I felt like the Red Teaming Army needed such content.
🔗 https://lsecqt.github.io/Red-Teaming-Army/malware-development/leveraging-the-direct-pointer---a-stealthy-maneuver-in-evasion-tactics/
🐥 [ tweet ]
#для_самых_маленьких
My blog about executing shellcodes via Direct Pointer is live:
While this is something relatively simple as a concept, I felt like the Red Teaming Army needed such content.
🔗 https://lsecqt.github.io/Red-Teaming-Army/malware-development/leveraging-the-direct-pointer---a-stealthy-maneuver-in-evasion-tactics/
🐥 [ tweet ]
#для_самых_маленьких
👍5😁2
😈 [ Pedro Gabaldon @PedroGabaldon ]
Just landed 2 PRs on Impacket:
🔗 https://github.com/fortra/impacket/pull/1719
🔗 https://github.com/fortra/impacket/pull/1719
🐥 [ tweet ]
Just landed 2 PRs on Impacket:
🔗 https://github.com/fortra/impacket/pull/1719
🔗 https://github.com/fortra/impacket/pull/1719
🐥 [ tweet ]
SAM/LSA через shadow copy🔥5
😈 [ Zero Day Engineering @zerodaytraining ]
Release: VM Escape Exploit for Parallels Desktop Hypervisor (Pwn2Own 2021) (source code + video walkthrough)
A virtual machine escape exploit will typically require kernel privileges in the guest OS. In this exploit I chose to offload the reverse-engineered toolgate protocol implementation to a Python module, while keeping my low-level kernel code minimal, just enough to implement the attack interface - a nod to the principle of least privilege in systematic software engineering, which we miss a lot in non-trivial exploit development. -- @alisaesage
🔗 https://zerodayengineering.com/research/pwn2own-2021-vm-escape.html
🐥 [ tweet ]
Release: VM Escape Exploit for Parallels Desktop Hypervisor (Pwn2Own 2021) (source code + video walkthrough)
A virtual machine escape exploit will typically require kernel privileges in the guest OS. In this exploit I chose to offload the reverse-engineered toolgate protocol implementation to a Python module, while keeping my low-level kernel code minimal, just enough to implement the attack interface - a nod to the principle of least privilege in systematic software engineering, which we miss a lot in non-trivial exploit development. -- @alisaesage
🔗 https://zerodayengineering.com/research/pwn2own-2021-vm-escape.html
🐥 [ tweet ]
🔥3👍1
😈 [ bakki @shubakki ]
Naively bypassing new memory scanning POCs
first chapter of two, stay tuned 🤠
🔗 https://sillywa.re/posts/flower-da-flowin-shc/
🐥 [ tweet ]
Naively bypassing new memory scanning POCs
first chapter of two, stay tuned 🤠
🔗 https://sillywa.re/posts/flower-da-flowin-shc/
🐥 [ tweet ]
🔥2🤯1
😈 [ Mayfly @M4yFly ]
New lab 🏰 for the GOAD project 🥳: SCCM
You can now test the SCCM/MECM attacks locally on Virtualbox or Vmware.
More information here:
🔗 https://mayfly277.github.io/posts/SCCM-LAB-part0x0/
Repository here:
🔗 https://github.com/Orange-Cyberdefense/GOAD
Thx again @KenjiEndo15 for your help to building this!
🐥 [ tweet ]
New lab 🏰 for the GOAD project 🥳: SCCM
You can now test the SCCM/MECM attacks locally on Virtualbox or Vmware.
More information here:
🔗 https://mayfly277.github.io/posts/SCCM-LAB-part0x0/
Repository here:
🔗 https://github.com/Orange-Cyberdefense/GOAD
Thx again @KenjiEndo15 for your help to building this!
🐥 [ tweet ]
👍2
😈 [ eversinc33 🩸🗡️ @eversinc33 ]
New blogpost and small tool release: Wrote a naive anti-rootkit driver that detects mapped drivers, and talk about some bypasses for those detections in part I of my new (anti-)-anti-rootkit series.
More research on rootkit evasion coming soon : )
🔗 https://eversinc33.com/posts/anti-anti-rootkit-part-i/
🐥 [ tweet ]
New blogpost and small tool release: Wrote a naive anti-rootkit driver that detects mapped drivers, and talk about some bypasses for those detections in part I of my new (anti-)-anti-rootkit series.
More research on rootkit evasion coming soon : )
🔗 https://eversinc33.com/posts/anti-anti-rootkit-part-i/
🐥 [ tweet ]
👍1🔥1
😈 [ Melvin langvik @Flangvik ]
Had an absolute blast on stream today, thank you so much to everyone who showed up☺ VOD is on YouTube if you missed it👏 Allot of people came with input, so naturally I 100% blame chat for this now OFFICIAL OFFSEC EDR TIER LIST
🔗 https://youtube.com/live/2H-Wlxq1kpo
🐥 [ tweet ]
Had an absolute blast on stream today, thank you so much to everyone who showed up☺ VOD is on YouTube if you missed it👏 Allot of people came with input, so naturally I 100% blame chat for this now OFFICIAL OFFSEC EDR TIER LIST
🔗 https://youtube.com/live/2H-Wlxq1kpo
🐥 [ tweet ]
Kaspersky - B, вы поняли🥱7
Forwarded from 1N73LL1G3NC3
This media is not supported in your browser
VIEW IN TELEGRAM
CVE-2024-1086 Linux kernel LPE
Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.
A full write-up of the exploit - including background information and loads of useful diagrams - can be found in the Flipping Pages blogpost.
Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.
A full write-up of the exploit - including background information and loads of useful diagrams - can be found in the Flipping Pages blogpost.
🔥18👍1
😈 [ The Haag™ @M_haggis ]
Code blocks are free!!!
🔗 https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-spikedwine-wineloader
🐥 [ tweet ]
Code blocks are free!!!
🔗 https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-spikedwine-wineloader
🐥 [ tweet ]
🔥1
😈 [ Nettitude Labs @Nettitude_Labs ]
Introducing SharpConflux, a .NET tool built to facilitate Confluence exploration during Red Team engagements.
Find out more and download SharpConflux in our latest LRQA Nettitude Labs article.
🔗 https://labs.nettitude.com/blog/introducing-sharpconflux/
🐥 [ tweet ]
Introducing SharpConflux, a .NET tool built to facilitate Confluence exploration during Red Team engagements.
Find out more and download SharpConflux in our latest LRQA Nettitude Labs article.
🔗 https://labs.nettitude.com/blog/introducing-sharpconflux/
🐥 [ tweet ]
🔥5👍1🥱1