😈 [ Lsec @lsecqt ]

My blog about executing shellcodes via Direct Pointer is live:

While this is something relatively simple as a concept, I felt like the Red Teaming Army needed such content.

🔗 https://lsecqt.github.io/Red-Teaming-Army/malware-development/leveraging-the-direct-pointer---a-stealthy-maneuver-in-evasion-tactics/

🐥 [ tweet ]

#для_самых_маленьких

😈 [ Pedro Gabaldon @PedroGabaldon ]

Just landed 2 PRs on Impacket:

🔗 https://github.com/fortra/impacket/pull/1719
🔗 https://github.com/fortra/impacket/pull/1719

🐥 [ tweet ]

SAM/LSA через shadow copy

😈 [ Zero Day Engineering @zerodaytraining ]

Release: VM Escape Exploit for Parallels Desktop Hypervisor (Pwn2Own 2021) (source code + video walkthrough)

A virtual machine escape exploit will typically require kernel privileges in the guest OS. In this exploit I chose to offload the reverse-engineered toolgate protocol implementation to a Python module, while keeping my low-level kernel code minimal, just enough to implement the attack interface - a nod to the principle of least privilege in systematic software engineering, which we miss a lot in non-trivial exploit development. -- @alisaesage

🔗 https://zerodayengineering.com/research/pwn2own-2021-vm-escape.html

🐥 [ tweet ]

😈 [ bakki @shubakki ]

Naively bypassing new memory scanning POCs

first chapter of two, stay tuned 🤠

🔗 https://sillywa.re/posts/flower-da-flowin-shc/

🐥 [ tweet ]

😈 [ Mayfly @M4yFly ]

New lab 🏰 for the GOAD project 🥳: SCCM
You can now test the SCCM/MECM attacks locally on Virtualbox or Vmware.

More information here:
🔗 https://mayfly277.github.io/posts/SCCM-LAB-part0x0/

Repository here:
🔗 https://github.com/Orange-Cyberdefense/GOAD

Thx again @KenjiEndo15 for your help to building this!

🐥 [ tweet ]

😈 [ eversinc33 🩸🗡️ @eversinc33 ]

New blogpost and small tool release: Wrote a naive anti-rootkit driver that detects mapped drivers, and talk about some bypasses for those detections in part I of my new (anti-)-anti-rootkit series.

More research on rootkit evasion coming soon : )

🔗 https://eversinc33.com/posts/anti-anti-rootkit-part-i/

🐥 [ tweet ]

😈 [ Melvin langvik @Flangvik ]

Had an absolute blast on stream today, thank you so much to everyone who showed up☺ VOD is on YouTube if you missed it👏 Allot of people came with input, so naturally I 100% blame chat for this now OFFICIAL OFFSEC EDR TIER LIST

🔗 https://youtube.com/live/2H-Wlxq1kpo

🐥 [ tweet ]

Kaspersky - B, вы поняли

CVE-2024-1086 Linux kernel LPE

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.

A full write-up of the exploit - including background information and loads of useful diagrams - can be found in the Flipping Pages blogpost.

😈 [ The Haag™ @M_haggis ]

Code blocks are free!!!

🔗 https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-spikedwine-wineloader

🐥 [ tweet ]

😈 [ Nettitude Labs @Nettitude_Labs ]

Introducing SharpConflux, a .NET tool built to facilitate Confluence exploration during Red Team engagements.

Find out more and download SharpConflux in our latest LRQA Nettitude Labs article.

🔗 https://labs.nettitude.com/blog/introducing-sharpconflux/

🐥 [ tweet ]

😈 [ Zoro @Evi1cg ]

atexec-pro

🔗 https://github.com/ridter/atexec-pro
🔗 https://www.zcgonvh.com/post/Advanced_Windows_Task_Scheduler_Playbook-Part.3_from_RPC_to_lateral_movement.html

🐥 [ tweet ]

люблю такой креатив

😈 [ Cody Thomas @its_a_feature_ ]

I created a draft blog post that goes over the general concepts for making changes to agents, Mythic, and even Mythic's UI. If there's something specific you're hoping to see though, let me know and I can probably add it!

🔗 https://medium.com/@its_a_feature_/agent-customization-in-mythic-tailoring-tools-for-red-team-needs-1746fd02177f

🐥 [ tweet ]

😈 [ Andrew Oliveau @AndrewOliveau ]

👀👀🫵💥 "SeeSeeYouExec: Windows Session Hijacking via CcmExec"

New @Mandiant Red Team blog explores how SCCM's CcmExec service can be utilized for session hijacking and introduces a new tool, CcmPwn, to weaponize this technique! Defense tips included 🔵

🔗 https://cloud.google.com/blog/topics/threat-intelligence/windows-session-hijacking-via-ccmexec

🐥 [ tweet ]

Пост-эксплуатация Windows с использованием виртуальных VPN-каналов / Обход NAT при пивотинге против Windows

NAT может создать проблемы для пентестера, когда он проводит пивотинг, особенно если мы говорим о скромпрометированных машинах на Windows. В этой статье я продолжу демонстрировать концепцию L2-туннелирования против скомпрометированных машин на Windows, но уже учитывая наличие NAT.

https://teletype.in/@casterbyte/witchhammer
https://teletype.in/@casterbyte/witchhammervip

Thx @casterwire

😈 [ Matt Creel @Tw1sm ]

Been working to improve my BOF/C dev skills, created some BOFs mimicking SQLRecon modules as a fun learning exercise

🔗 https://github.com/Tw1sm/SQL-BOF

🐥 [ tweet ]

😈 [ 0xdf @0xdf_ ]

I learned so much about Kerberos solving Rebound. It was very difficult, but such a great experience. There's Kerberoasting without auth, cross session with RemotePotato0, and abusing delegation, both constrained and RBCD!

🔗 https://0xdf.gitlab.io/2024/03/30/htb-rebound.html
🔗 https://youtu.be/oUIoH4yBT3k?si=EvookdfPJ6wMaCZK

🐥 [ tweet ]

миллион лет уже не был на хтб, но райтап прикольный, где-то выглядит даже жизненно для АДшечки

😈 [ Lsec @lsecqt ]

My blogpost about bypassing AVs via SMB staging is now LIVE:

🔗 https://lsecqt.github.io/Red-Teaming-Army/malware-development/beyond-detection-smb-staging-for-antivirus-evasion/

Let me know if you enjoy such content and if you would want to see more of that in future.

🐥 [ tweet ]

#для_самых_маленьких