😈 [ soka @pentest_soka ]
I just released a series of 2 blog posts about increasing your stealth capabilities during offensive operations. I hope you will find something useful!
🔗 https://sokarepo.github.io/redteam/2024/01/04/increase-your-stealth-capabilities-part1.html
🔗 https://sokarepo.github.io/redteam/2024/01/04/increase-your-stealth-capabilities-part2.html
🐥 [ tweet ]
I just released a series of 2 blog posts about increasing your stealth capabilities during offensive operations. I hope you will find something useful!
🔗 https://sokarepo.github.io/redteam/2024/01/04/increase-your-stealth-capabilities-part1.html
🔗 https://sokarepo.github.io/redteam/2024/01/04/increase-your-stealth-capabilities-part2.html
🐥 [ tweet ]
🔥6👍1
😈 [ Florian @floesen_ ]
Did you know that LSASS has the ability to execute arbitrary kernel-mode addresses? I wrote a small proof of concept that allows administrators to execute unsigned code in the kernel if LSA Protection is disabled.
🔗 https://github.com/floesen/KExecDD
🐥 [ tweet ]
Did you know that LSASS has the ability to execute arbitrary kernel-mode addresses? I wrote a small proof of concept that allows administrators to execute unsigned code in the kernel if LSA Protection is disabled.
🔗 https://github.com/floesen/KExecDD
🐥 [ tweet ]
🔥7👍1
Forwarded from Red Team Alerts
EvilLsassTwin - PPL Bypass, Fast 12MB In-Memory Dumps
https://ift.tt/N9k5LwS
Discuss on Reddit : https://ift.tt/4bZIEqa
@redteamalerts
https://ift.tt/N9k5LwS
Discuss on Reddit : https://ift.tt/4bZIEqa
@redteamalerts
GitHub
Nimperiments/EvilLsassTwin at main · RePRGM/Nimperiments
Various one-off pentesting projects written in Nim. Updates happen on a whim. - RePRGM/Nimperiments
🔥3
Спасибо за круглое число 🤝
10к и правда много для канала, куда я складываю свой «список для чтения», всех обнимаю❤️
10к и правда много для канала, куда я складываю свой «список для чтения», всех обнимаю
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥18👍3
😈 [ Justin Elze @HackingLZ ]
Talking about lack of public bat builders last week this one has been going for a while
🔗 https://github.com/KDot227/SomalifuscatorV2
🐥 [ tweet ]
Talking about lack of public bat builders last week this one has been going for a while
🔗 https://github.com/KDot227/SomalifuscatorV2
🐥 [ tweet ]
👍2
😈 [ PELock @PELock ]
Most advanced code mutation, obfuscation & reverse engineering resources I have seen in my life, jaw dropped, deserve more recognition @BackEngineerLab @_xeroxz
🔗 https://blog.back.engineering/
🐥 [ tweet ]
Most advanced code mutation, obfuscation & reverse engineering resources I have seen in my life, jaw dropped, deserve more recognition @BackEngineerLab @_xeroxz
🔗 https://blog.back.engineering/
🐥 [ tweet ]
🔥6
😈 [ spencer @techspence ]
Active Directory hardening blog post series, like a boss, by Jerry Devore. Posting this so I can reference it later!
Disabling NTLMv1
🔗 https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/active-directory-hardening-series-part-1-disabling-ntlmv1/ba-p/3934787
Removing SMBv1
🔗 https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/active-directory-hardening-series-part-2-removing-smbv1/ba-p/3988317
Enforcing LDAP Signing
🔗 https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/active-directory-hardening-series-part-3-enforcing-ldap-signing/ba-p/4066233
Enforcing AES for Kerberos
🔗 https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/active-directory-hardening-series-part-4-enforcing-aes-for/ba-p/4114965
🐥 [ tweet ]
Active Directory hardening blog post series, like a boss, by Jerry Devore. Posting this so I can reference it later!
Disabling NTLMv1
🔗 https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/active-directory-hardening-series-part-1-disabling-ntlmv1/ba-p/3934787
Removing SMBv1
🔗 https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/active-directory-hardening-series-part-2-removing-smbv1/ba-p/3988317
Enforcing LDAP Signing
🔗 https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/active-directory-hardening-series-part-3-enforcing-ldap-signing/ba-p/4066233
Enforcing AES for Kerberos
🔗 https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/active-directory-hardening-series-part-4-enforcing-aes-for/ba-p/4114965
🐥 [ tweet ]
🔥5
😈 [ Soumyani1 @reveng007 ]
Just like LinkedIn, posting the same here too (tradition :))
Those who attended my demo at @BlackHatEvents , if have any questions and stuff please let me know.
Reach out to me in here, my DMs are open! I have uploaded V2 of my DarkWidow at:
🔗 https://github.com/reveng007/DarkWidow
🐥 [ tweet ]
Just like LinkedIn, posting the same here too (tradition :))
Those who attended my demo at @BlackHatEvents , if have any questions and stuff please let me know.
Reach out to me in here, my DMs are open! I have uploaded V2 of my DarkWidow at:
🔗 https://github.com/reveng007/DarkWidow
🐥 [ tweet ]
🔥6👍2
😈 [ Thorsten E. @endi24 ]
The only PowerShell Command you will ever need to find out who did what in Active Directory
by @PrzemyslawKlys
🔗 https://evotec.pl/the-only-powershell-command-you-will-ever-need-to-find-out-who-did-what-in-active-directory/
🐥 [ tweet ]
The only PowerShell Command you will ever need to find out who did what in Active Directory
by @PrzemyslawKlys
🔗 https://evotec.pl/the-only-powershell-command-you-will-ever-need-to-find-out-who-did-what-in-active-directory/
🐥 [ tweet ]
🔥4👍2
😈 [ ap @decoder_it ]
"Hello: I'm your Domain Administrator and I want to authenticate against you". My #SilverPotato is out, check the blog post: 😃
🔗 https://decoder.cloud/2024/04/24/hello-im-your-domain-admin-and-i-want-to-authenticate-against-you/
🐥 [ tweet ]
"Hello: I'm your Domain Administrator and I want to authenticate against you". My #SilverPotato is out, check the blog post: 😃
🔗 https://decoder.cloud/2024/04/24/hello-im-your-domain-admin-and-i-want-to-authenticate-against-you/
🐥 [ tweet ]
🔥4
😈 [ Jord @0xLegacyy ]
ETW-ByeBye: Disabling ETW-TI Without PPL
🔗 https://www.legacyy.xyz/defenseevasion/windows/2024/04/24/disabling-etw-ti-without-ppl.html
🐥 [ tweet ]
ETW-ByeBye: Disabling ETW-TI Without PPL
🔗 https://www.legacyy.xyz/defenseevasion/windows/2024/04/24/disabling-etw-ti-without-ppl.html
🐥 [ tweet ]
🔥3
😈 [ MDSec @MDSecLabs ]
New post on the blog… Exploiting CVE-2024-21111 : Local Privilege Escalation in Oracle VirtualBox by @filip_dragovic
🔗 https://www.mdsec.co.uk/2024/04/cve-2024-21111-local-privilege-escalation-in-oracle-virtualbox/
🐥 [ tweet ]
New post on the blog… Exploiting CVE-2024-21111 : Local Privilege Escalation in Oracle VirtualBox by @filip_dragovic
🔗 https://www.mdsec.co.uk/2024/04/cve-2024-21111-local-privilege-escalation-in-oracle-virtualbox/
🐥 [ tweet ]
👍4🔥1
😈 [ Lsec @lsecqt ]
Recently, I created a YT video on how to utilize Discord as C2 traffic broker:
Amazing job by @checkymander and the whole Mythic C2 team!
Great work guys!
🔗 https://youtu.be/YluiBE_E4ts
🐥 [ tweet ]
Recently, I created a YT video on how to utilize Discord as C2 traffic broker:
Amazing job by @checkymander and the whole Mythic C2 team!
Great work guys!
🔗 https://youtu.be/YluiBE_E4ts
🐥 [ tweet ]
👍6🥱3
😈 [ Viking @Vikingfr ]
How named pipes and Powershell could be used for creating Windows bind / reverse shell re-using Windows SMB port ? I show you in this blog post 😉
🔗 https://v1k1ngfr.github.io/fuegoshell/
🐥 [ tweet ]
How named pipes and Powershell could be used for creating Windows bind / reverse shell re-using Windows SMB port ? I show you in this blog post 😉
🔗 https://v1k1ngfr.github.io/fuegoshell/
🐥 [ tweet ]
👍10
😈 [ ap @decoder_it ]
#SilverPotato works also with Kerberos using @tiraniddo I mentioned in my latest post trick.
You will get an AP-REQ with SPN of the desired target server. Relaying is now just one step away..
🐥 [ tweet ]
#SilverPotato works also with Kerberos using @tiraniddo I mentioned in my latest post trick.
You will get an AP-REQ with SPN of the desired target server. Relaying is now just one step away..
🐥 [ tweet ]
👍5
😈 [ Raphael DUCOM @rducom ]
@techspence Or even better, use our automated loop:
🔗 https://github.com/LuccaSA/PingCastle-Notify
Credits: @mpgn_x64
🐥 [ tweet ]
This is such an awesome writeup, but it's missing one thing - remediation steps
Some AD admins may know how to fix these issues, but it's fair to assume some do not.
I'd also highly recommend using PingCastle by @mysmartlogon as it audits most of this and more.
@techspence Or even better, use our automated loop:
🔗 https://github.com/LuccaSA/PingCastle-Notify
Credits: @mpgn_x64
🐥 [ tweet ]
никогда не пользовался пингкаслом, но выглядит как то, что можно рекомендовать в роли бомж-чекапа ад на регулярной основе🔥2👍1🥱1
😈 [ Elliot @ElliotKillick ]
Reverse engineering the Windows 10 parallel loader is challenging but interesting work. I recently fully reversed the pivotal LdrpDrainWorkQueue function and I'm just now working on LdrpLoadDllInternal plus others
🔗 https://github.com/ElliotKillick/windows-vs-linux-loader-architecture#reverse-engineered-windows-loader-functions
🐥 [ tweet ]
Reverse engineering the Windows 10 parallel loader is challenging but interesting work. I recently fully reversed the pivotal LdrpDrainWorkQueue function and I'm just now working on LdrpLoadDllInternal plus others
🔗 https://github.com/ElliotKillick/windows-vs-linux-loader-architecture#reverse-engineered-windows-loader-functions
🐥 [ tweet ]
🔥4