😈 [ Justin Elze @HackingLZ ]
Talking about lack of public bat builders last week this one has been going for a while
🔗 https://github.com/KDot227/SomalifuscatorV2
🐥 [ tweet ]
Talking about lack of public bat builders last week this one has been going for a while
🔗 https://github.com/KDot227/SomalifuscatorV2
🐥 [ tweet ]
👍2
😈 [ PELock @PELock ]
Most advanced code mutation, obfuscation & reverse engineering resources I have seen in my life, jaw dropped, deserve more recognition @BackEngineerLab @_xeroxz
🔗 https://blog.back.engineering/
🐥 [ tweet ]
Most advanced code mutation, obfuscation & reverse engineering resources I have seen in my life, jaw dropped, deserve more recognition @BackEngineerLab @_xeroxz
🔗 https://blog.back.engineering/
🐥 [ tweet ]
🔥6
😈 [ spencer @techspence ]
Active Directory hardening blog post series, like a boss, by Jerry Devore. Posting this so I can reference it later!
Disabling NTLMv1
🔗 https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/active-directory-hardening-series-part-1-disabling-ntlmv1/ba-p/3934787
Removing SMBv1
🔗 https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/active-directory-hardening-series-part-2-removing-smbv1/ba-p/3988317
Enforcing LDAP Signing
🔗 https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/active-directory-hardening-series-part-3-enforcing-ldap-signing/ba-p/4066233
Enforcing AES for Kerberos
🔗 https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/active-directory-hardening-series-part-4-enforcing-aes-for/ba-p/4114965
🐥 [ tweet ]
Active Directory hardening blog post series, like a boss, by Jerry Devore. Posting this so I can reference it later!
Disabling NTLMv1
🔗 https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/active-directory-hardening-series-part-1-disabling-ntlmv1/ba-p/3934787
Removing SMBv1
🔗 https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/active-directory-hardening-series-part-2-removing-smbv1/ba-p/3988317
Enforcing LDAP Signing
🔗 https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/active-directory-hardening-series-part-3-enforcing-ldap-signing/ba-p/4066233
Enforcing AES for Kerberos
🔗 https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/active-directory-hardening-series-part-4-enforcing-aes-for/ba-p/4114965
🐥 [ tweet ]
🔥5
😈 [ Soumyani1 @reveng007 ]
Just like LinkedIn, posting the same here too (tradition :))
Those who attended my demo at @BlackHatEvents , if have any questions and stuff please let me know.
Reach out to me in here, my DMs are open! I have uploaded V2 of my DarkWidow at:
🔗 https://github.com/reveng007/DarkWidow
🐥 [ tweet ]
Just like LinkedIn, posting the same here too (tradition :))
Those who attended my demo at @BlackHatEvents , if have any questions and stuff please let me know.
Reach out to me in here, my DMs are open! I have uploaded V2 of my DarkWidow at:
🔗 https://github.com/reveng007/DarkWidow
🐥 [ tweet ]
🔥6👍2
😈 [ Thorsten E. @endi24 ]
The only PowerShell Command you will ever need to find out who did what in Active Directory
by @PrzemyslawKlys
🔗 https://evotec.pl/the-only-powershell-command-you-will-ever-need-to-find-out-who-did-what-in-active-directory/
🐥 [ tweet ]
The only PowerShell Command you will ever need to find out who did what in Active Directory
by @PrzemyslawKlys
🔗 https://evotec.pl/the-only-powershell-command-you-will-ever-need-to-find-out-who-did-what-in-active-directory/
🐥 [ tweet ]
🔥4👍2
😈 [ ap @decoder_it ]
"Hello: I'm your Domain Administrator and I want to authenticate against you". My #SilverPotato is out, check the blog post: 😃
🔗 https://decoder.cloud/2024/04/24/hello-im-your-domain-admin-and-i-want-to-authenticate-against-you/
🐥 [ tweet ]
"Hello: I'm your Domain Administrator and I want to authenticate against you". My #SilverPotato is out, check the blog post: 😃
🔗 https://decoder.cloud/2024/04/24/hello-im-your-domain-admin-and-i-want-to-authenticate-against-you/
🐥 [ tweet ]
🔥4
😈 [ Jord @0xLegacyy ]
ETW-ByeBye: Disabling ETW-TI Without PPL
🔗 https://www.legacyy.xyz/defenseevasion/windows/2024/04/24/disabling-etw-ti-without-ppl.html
🐥 [ tweet ]
ETW-ByeBye: Disabling ETW-TI Without PPL
🔗 https://www.legacyy.xyz/defenseevasion/windows/2024/04/24/disabling-etw-ti-without-ppl.html
🐥 [ tweet ]
🔥3
😈 [ MDSec @MDSecLabs ]
New post on the blog… Exploiting CVE-2024-21111 : Local Privilege Escalation in Oracle VirtualBox by @filip_dragovic
🔗 https://www.mdsec.co.uk/2024/04/cve-2024-21111-local-privilege-escalation-in-oracle-virtualbox/
🐥 [ tweet ]
New post on the blog… Exploiting CVE-2024-21111 : Local Privilege Escalation in Oracle VirtualBox by @filip_dragovic
🔗 https://www.mdsec.co.uk/2024/04/cve-2024-21111-local-privilege-escalation-in-oracle-virtualbox/
🐥 [ tweet ]
👍4🔥1
😈 [ Lsec @lsecqt ]
Recently, I created a YT video on how to utilize Discord as C2 traffic broker:
Amazing job by @checkymander and the whole Mythic C2 team!
Great work guys!
🔗 https://youtu.be/YluiBE_E4ts
🐥 [ tweet ]
Recently, I created a YT video on how to utilize Discord as C2 traffic broker:
Amazing job by @checkymander and the whole Mythic C2 team!
Great work guys!
🔗 https://youtu.be/YluiBE_E4ts
🐥 [ tweet ]
👍6🥱3
😈 [ Viking @Vikingfr ]
How named pipes and Powershell could be used for creating Windows bind / reverse shell re-using Windows SMB port ? I show you in this blog post 😉
🔗 https://v1k1ngfr.github.io/fuegoshell/
🐥 [ tweet ]
How named pipes and Powershell could be used for creating Windows bind / reverse shell re-using Windows SMB port ? I show you in this blog post 😉
🔗 https://v1k1ngfr.github.io/fuegoshell/
🐥 [ tweet ]
👍10
😈 [ ap @decoder_it ]
#SilverPotato works also with Kerberos using @tiraniddo I mentioned in my latest post trick.
You will get an AP-REQ with SPN of the desired target server. Relaying is now just one step away..
🐥 [ tweet ]
#SilverPotato works also with Kerberos using @tiraniddo I mentioned in my latest post trick.
You will get an AP-REQ with SPN of the desired target server. Relaying is now just one step away..
🐥 [ tweet ]
👍5
😈 [ Raphael DUCOM @rducom ]
@techspence Or even better, use our automated loop:
🔗 https://github.com/LuccaSA/PingCastle-Notify
Credits: @mpgn_x64
🐥 [ tweet ]
This is such an awesome writeup, but it's missing one thing - remediation steps
Some AD admins may know how to fix these issues, but it's fair to assume some do not.
I'd also highly recommend using PingCastle by @mysmartlogon as it audits most of this and more.
@techspence Or even better, use our automated loop:
🔗 https://github.com/LuccaSA/PingCastle-Notify
Credits: @mpgn_x64
🐥 [ tweet ]
никогда не пользовался пингкаслом, но выглядит как то, что можно рекомендовать в роли бомж-чекапа ад на регулярной основе🔥2👍1🥱1
😈 [ Elliot @ElliotKillick ]
Reverse engineering the Windows 10 parallel loader is challenging but interesting work. I recently fully reversed the pivotal LdrpDrainWorkQueue function and I'm just now working on LdrpLoadDllInternal plus others
🔗 https://github.com/ElliotKillick/windows-vs-linux-loader-architecture#reverse-engineered-windows-loader-functions
🐥 [ tweet ]
Reverse engineering the Windows 10 parallel loader is challenging but interesting work. I recently fully reversed the pivotal LdrpDrainWorkQueue function and I'm just now working on LdrpLoadDllInternal plus others
🔗 https://github.com/ElliotKillick/windows-vs-linux-loader-architecture#reverse-engineered-windows-loader-functions
🐥 [ tweet ]
🔥4
I’ve missed the moment when the Ascension Endgame has been retired on @hackthebox_eu, but finally, here’s my write-up:
🔗 https://snovvcrash.rocks/2024/04/30/htb-ascension.html
This blog has been waiting its time in my drafts for almost 3 years now, and for me, this Endgame is still the best advanced lab on #HackTheBox. Many thanks to @egre55, @0_trx and all the @hackthebox_eu team!
P. S. It’s so cringe to read your own 3-year-old notes 🤦🏻♂️😅
🐥 [ tweet ]
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
👍11🥱2🔥1
Offensive Xwitter
😈 [ ap @decoder_it ] #SilverPotato works also with Kerberos using @tiraniddo I mentioned in my latest post trick. You will get an AP-REQ with SPN of the desired target server. Relaying is now just one step away.. 🐥 [ tweet ]
😈 [ James Forshaw @tiraniddo ]
Taking a cue from @D1iv3 and @decoder_it's work on inducing authentication out of remote DCOM I thought I'd quickly write up a post about getting Kerberos authentication out of the initial OXID resolving call.
🔗 https://www.tiraniddo.dev/2024/04/relaying-kerberos-authentication-from.html
🐥 [ tweet ]
Taking a cue from @D1iv3 and @decoder_it's work on inducing authentication out of remote DCOM I thought I'd quickly write up a post about getting Kerberos authentication out of the initial OXID resolving call.
🔗 https://www.tiraniddo.dev/2024/04/relaying-kerberos-authentication-from.html
🐥 [ tweet ]
👍2🤯1
😈 [ Hope Walker @Icemoonhsv ]
Published part 2 of Manual LDAP Querying. This blog covers additional topics like user account control, password attributes, domain trusts, and more.
🔗 https://posts.specterops.io/manual-ldap-querying-part-2-8a65099e12e3
🐥 [ tweet ]
Published part 2 of Manual LDAP Querying. This blog covers additional topics like user account control, password attributes, domain trusts, and more.
🔗 https://posts.specterops.io/manual-ldap-querying-part-2-8a65099e12e3
🐥 [ tweet ]
👍4