😈 [ Matt Creel @Tw1sm ]
Been working to improve my BOF/C dev skills, created some BOFs mimicking SQLRecon modules as a fun learning exercise
🔗 https://github.com/Tw1sm/SQL-BOF
🐥 [ tweet ]
Been working to improve my BOF/C dev skills, created some BOFs mimicking SQLRecon modules as a fun learning exercise
🔗 https://github.com/Tw1sm/SQL-BOF
🐥 [ tweet ]
👍4
😈 [ 0xdf @0xdf_ ]
I learned so much about Kerberos solving Rebound. It was very difficult, but such a great experience. There's Kerberoasting without auth, cross session with RemotePotato0, and abusing delegation, both constrained and RBCD!
🔗 https://0xdf.gitlab.io/2024/03/30/htb-rebound.html
🔗 https://youtu.be/oUIoH4yBT3k?si=EvookdfPJ6wMaCZK
🐥 [ tweet ]
I learned so much about Kerberos solving Rebound. It was very difficult, but such a great experience. There's Kerberoasting without auth, cross session with RemotePotato0, and abusing delegation, both constrained and RBCD!
🔗 https://0xdf.gitlab.io/2024/03/30/htb-rebound.html
🔗 https://youtu.be/oUIoH4yBT3k?si=EvookdfPJ6wMaCZK
🐥 [ tweet ]
миллион лет уже не был на хтб, но райтап прикольный, где-то выглядит даже жизненно для АДшечки🔥8👍1
😈 [ Lsec @lsecqt ]
My blogpost about bypassing AVs via SMB staging is now LIVE:
🔗 https://lsecqt.github.io/Red-Teaming-Army/malware-development/beyond-detection-smb-staging-for-antivirus-evasion/
Let me know if you enjoy such content and if you would want to see more of that in future.
🐥 [ tweet ]
#для_самых_маленьких
My blogpost about bypassing AVs via SMB staging is now LIVE:
🔗 https://lsecqt.github.io/Red-Teaming-Army/malware-development/beyond-detection-smb-staging-for-antivirus-evasion/
Let me know if you enjoy such content and if you would want to see more of that in future.
🐥 [ tweet ]
#для_самых_маленьких
🔥6👍5
Offensive Xwitter
😈 [ Kali Linux @kalilinux ] The xz package, starting from version 5.6.0 to 5.6.1, was found to contain a backdoor. The impact of this vulnerability affected Kali between March 26th to March 29th. If you updated your Kali installation on or after March 26th…
Схема работы бэкдора, составленная специалистом Microsoft Томасом Рочча (Thomas Roccia)
🔥5🤯3👍1
😈 [ Octoberfest7 @Octoberfest73 ]
This April Fools Day, I'm excited to release my latest research and blog post from my time at @RedSiege: SSHishing. The name might be a joke, but the technique isn't!
Read the details here:
🔗 https://redsiege.com/sshishing
🐥 [ tweet ]
This April Fools Day, I'm excited to release my latest research and blog post from my time at @RedSiege: SSHishing. The name might be a joke, but the technique isn't!
Read the details here:
🔗 https://redsiege.com/sshishing
🐥 [ tweet ]
🤔2
😈 [ Cipher007 @xCipher007 ]
It's my first payload Loader with my learnings from @MalDevAcademy ! Check it out:
🔗 https://github.com/Cipher7/ChaiLdr
🐥 [ tweet ]
It's my first payload Loader with my learnings from @MalDevAcademy ! Check it out:
🔗 https://github.com/Cipher7/ChaiLdr
🐥 [ tweet ]
👍4
😈 [ Alex Plaskett @alexjplaskett ]
A blog on reversing Dark Souls 3 networking by Tim Leonard:
Connection:
🔗 https://timleonard.uk/2022/05/29/reverse-engineering-dark-souls-3-networking
Packets:
🔗 https://timleonard.uk/2022/06/02/reverse-engineering-dark-souls-3-networking-part-2
Key Exchange:
🔗 https://timleonard.uk/2022/06/03/reverse-engineering-dark-souls-3-networking-part-3
Reliable UDP:
🔗 https://timleonard.uk/2022/06/09/reverse-engineering-dark-souls-3-networking-part-4
More:
🔗 https://timleonard.uk/2022/06/18/reverse-engineering-dark-souls-3-networking-part-5
🔗 https://timleonard.uk/2022/06/18/reverse-engineering-dark-souls-3-networking-part-6
🔗 https://timleonard.uk/2022/06/20/reverse-engineering-dark-souls-3-networking-part-7
🐥 [ tweet ]
A blog on reversing Dark Souls 3 networking by Tim Leonard:
Connection:
🔗 https://timleonard.uk/2022/05/29/reverse-engineering-dark-souls-3-networking
Packets:
🔗 https://timleonard.uk/2022/06/02/reverse-engineering-dark-souls-3-networking-part-2
Key Exchange:
🔗 https://timleonard.uk/2022/06/03/reverse-engineering-dark-souls-3-networking-part-3
Reliable UDP:
🔗 https://timleonard.uk/2022/06/09/reverse-engineering-dark-souls-3-networking-part-4
More:
🔗 https://timleonard.uk/2022/06/18/reverse-engineering-dark-souls-3-networking-part-5
🔗 https://timleonard.uk/2022/06/18/reverse-engineering-dark-souls-3-networking-part-6
🔗 https://timleonard.uk/2022/06/20/reverse-engineering-dark-souls-3-networking-part-7
🐥 [ tweet ]
🔥5👍3
😈 [ taha @lordx64 ]
Imagine you are the threat actor behind xz backdoor and you have to explain to your boss why did you spent 6+months building something this complex that a single dude, reversed, documented exploited repurposed honeypoted dockerized in 24hours. This is a W
🔗 https://github.com/amlweems/xzbot
🐥 [ tweet ]
Imagine you are the threat actor behind xz backdoor and you have to explain to your boss why did you spent 6+months building something this complex that a single dude, reversed, documented exploited repurposed honeypoted dockerized in 24hours. This is a W
🔗 https://github.com/amlweems/xzbot
🐥 [ tweet ]
😁12🥱3😢2👍1🔥1
😈 [ Mayfly @M4yFly ]
SCCM Lab write up 📝part 0x3 is out:
🔗 https://mayfly277.github.io/posts/SCCM-LAB-part0x3/
- Exploit as client admin
- Exploit as sccm admin
Find all the articles about the SCCM laboratory exploitation here:
🔗 https://mayfly277.github.io/categories/sccm/
🐥 [ tweet ]
SCCM Lab write up 📝part 0x3 is out:
🔗 https://mayfly277.github.io/posts/SCCM-LAB-part0x3/
- Exploit as client admin
- Exploit as sccm admin
Find all the articles about the SCCM laboratory exploitation here:
🔗 https://mayfly277.github.io/categories/sccm/
🐥 [ tweet ]
👍6
Forwarded from Just Security
Media is too big
VIEW IN TELEGRAM
Судя по всему, статуэтка победителя #pentestaward не только радует глаз, но и пригождается в хозяйстве у наших призеров. Если хотите также, не пропустите анонс нового сезона премии для этичных хакеров!
Уже скоро опубликуем подробности😉
* обязательно со звуком
Уже скоро опубликуем подробности
* обязательно со звуком
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥5👍3🥱3
😈 [ Mark Baggett @MarkBaggett ]
Kerberoasting was discovered more than 8 years ago. But it’s still effective today. Do you know how it works and how it was discovered? Check out @TimMedin of @RedSiege in this episode.
🔗 https://youtu.be/KHkYd81wHTg?si=Hy_sJN_YjQqSnL6J
🐥 [ tweet ]
Kerberoasting was discovered more than 8 years ago. But it’s still effective today. Do you know how it works and how it was discovered? Check out @TimMedin of @RedSiege in this episode.
🔗 https://youtu.be/KHkYd81wHTg?si=Hy_sJN_YjQqSnL6J
🐥 [ tweet ]
🔥4🤯3👍1
😈 [ Mark Baggett @MarkBaggett ]
Do you know the history of Metasploit? How did it grow from a small project to a game changer for Infosec? Check out this episode of Infosec. Toolshed featuring @hdmoore
🔗 https://youtu.be/Dl6qNRCiPgo?si=-zKticbSGYqlL6H7
🐥 [ tweet ]
Do you know the history of Metasploit? How did it grow from a small project to a game changer for Infosec? Check out this episode of Infosec. Toolshed featuring @hdmoore
🔗 https://youtu.be/Dl6qNRCiPgo?si=-zKticbSGYqlL6H7
🐥 [ tweet ]
👍4
😈 [ Ido Veltzman @Idov31 ]
After a long time, the 6th and final part of Lord Of The Ring0 is here:
In this part, the focus will be on kernel mode and user mode memory interaction, look into how attaching process work, and writing an AMSI bypass driver:
🔗 https://idov31.github.io/posts/lord-of-the-ring0-p6
🐥 [ tweet ]
After a long time, the 6th and final part of Lord Of The Ring0 is here:
In this part, the focus will be on kernel mode and user mode memory interaction, look into how attaching process work, and writing an AMSI bypass driver:
🔗 https://idov31.github.io/posts/lord-of-the-ring0-p6
🐥 [ tweet ]
🔥5
😈 [ Diego Capriotti @naksyn ]
One thing I always look for when starting in a network without AD creds is user enumeration with RPC null sessions.
impacket SAMR (samrdump) and LSARPC (lookupsid) tools will give you only a small part of the story. Here's my minimal RID cycling noscript that outplayed everything else, enabling me to find some crackable ASREP-roastable DA accounts hiding with RID > 50000 that were unable to be found using other tools.
I am using chunks to avoid DoS and getting NT_STATUS_INSUFFICIENT_RESOURCES, ofc you can tweak it according to your YOLO level.
there will be a new RPC connection for every chunk, it's a bit better than cycling and using rpcclient every time and always starting RPC connections from scratch. However, RID cycling with rpcclient will generate a ton of STATUS_NO_SUCH_USER responses that are sus, if someone is looking and knows what to look for ofc
🔗 https://gist.github.com/naksyn/8204c76cda2541e72668fa065ba94c09
🐥 [ tweet ]
One thing I always look for when starting in a network without AD creds is user enumeration with RPC null sessions.
impacket SAMR (samrdump) and LSARPC (lookupsid) tools will give you only a small part of the story. Here's my minimal RID cycling noscript that outplayed everything else, enabling me to find some crackable ASREP-roastable DA accounts hiding with RID > 50000 that were unable to be found using other tools.
I am using chunks to avoid DoS and getting NT_STATUS_INSUFFICIENT_RESOURCES, ofc you can tweak it according to your YOLO level.
there will be a new RPC connection for every chunk, it's a bit better than cycling and using rpcclient every time and always starting RPC connections from scratch. However, RID cycling with rpcclient will generate a ton of STATUS_NO_SUCH_USER responses that are sus, if someone is looking and knows what to look for ofc
🔗 https://gist.github.com/naksyn/8204c76cda2541e72668fa065ba94c09
🐥 [ tweet ]
🔥4
😈 [ Ricardo Ruiz @RicardoJoseRF ]
Last week I made public NativeDump, a tool to dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!). Check it out here:
🔗 https://github.com/ricardojoserf/NativeDump
🐥 [ tweet ]
Last week I made public NativeDump, a tool to dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!). Check it out here:
🔗 https://github.com/ricardojoserf/NativeDump
🐥 [ tweet ]
🔥9
😈 [ Filip Dragovic @filip_dragovic ]
I published my PoC for CVE-2023-36047 as MSRC fixed the bypass today tracked as CVE-2024-21447. With some modification can be ported for CVE-2024-21447.
🔗 https://github.com/Wh04m1001/UserManagerEoP
🔗 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36047
🔗 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21447
🐥 [ tweet ]
I published my PoC for CVE-2023-36047 as MSRC fixed the bypass today tracked as CVE-2024-21447. With some modification can be ported for CVE-2024-21447.
🔗 https://github.com/Wh04m1001/UserManagerEoP
🔗 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36047
🔗 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21447
🐥 [ tweet ]
👍4
😈 [ TrustedSec @TrustedSec ]
TAC Practice Lead @mega_spl0it and co-author @4ndr3w6S are back with the final installment of A Hitch-Hacker’s Guide to DACL-Based Detections. Read about the additional attributes they found on our blog!
🔗 https://trustedsec.com/blog/a-hitch-hackers-guide-to-dacl-based-detections-the-addendum
🐥 [ tweet ]
TAC Practice Lead @mega_spl0it and co-author @4ndr3w6S are back with the final installment of A Hitch-Hacker’s Guide to DACL-Based Detections. Read about the additional attributes they found on our blog!
🔗 https://trustedsec.com/blog/a-hitch-hackers-guide-to-dacl-based-detections-the-addendum
🐥 [ tweet ]
🔥3
😈 [ Octoberfest7 @Octoberfest73 ]
I spent the past couple days playing with and contributing to @R0h1rr1m's Shoggoth project, which can turn PE's and BOF's into PIC. Super cool project, and one that opens up some interesting possibilities 😉
🔗 https://github.com/frkngksl/Shoggoth
🐥 [ tweet ]
I spent the past couple days playing with and contributing to @R0h1rr1m's Shoggoth project, which can turn PE's and BOF's into PIC. Super cool project, and one that opens up some interesting possibilities 😉
🔗 https://github.com/frkngksl/Shoggoth
🐥 [ tweet ]
🔥5