This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ pfiatde @pfiatde ]
As ntlm leaking is still a thing, made a showcase for elevating via ldap relaying with some little tricks.
Relaying is done with a Win Client without admin privs and an active Windows firewall (default config), by using HTTP.SYS and SSH.
Details here:
🔗 https://badoption.eu/blog/2024/04/25/netntlm.html
🐥 [ tweet ]
As ntlm leaking is still a thing, made a showcase for elevating via ldap relaying with some little tricks.
Relaying is done with a Win Client without admin privs and an active Windows firewall (default config), by using HTTP.SYS and SSH.
Details here:
🔗 https://badoption.eu/blog/2024/04/25/netntlm.html
🐥 [ tweet ]
👍2🔥2
Ежегодная независимая премия для пентестеров — Pentest award возвращается!
Раз в году у этичных хакеров появляется шанс громко заявить о своих достижениях, показать свой вклад в развитие российского рынка ИБ и обменяться лучшими историями из практики на церемонии награждения Pentest award.
В этот раз вас ждут 6 номинаций, по три призовых места в каждой:
— Пробив WEB🆕
— Пробив инфраструктуры🆕
— Девайс🆕
— Hack the logic
— Раз bypass, два bypass
— Ловись рыбка
Главный приз — тяжеленная стеклянная именная статуэтка за первое место (у меня вот такая уже имеется). Не менее главные призы: макбуки, айфоны, смарт-часы, умные колонки, а также бесценные подарки от партнеров проекта BI.ZONE Bug Bounty и VK Bug Bounty.
Я в этом году участвовать не планировал, а всем остальным пожелаю удачи!
Сбор заявок уже открыт на сайте:
🔗 https://award.awillix.ru/
#pentestaward
Раз в году у этичных хакеров появляется шанс громко заявить о своих достижениях, показать свой вклад в развитие российского рынка ИБ и обменяться лучшими историями из практики на церемонии награждения Pentest award.
В этот раз вас ждут 6 номинаций, по три призовых места в каждой:
— Пробив WEB
— Пробив инфраструктуры
— Девайс
— Hack the logic
— Раз bypass, два bypass
— Ловись рыбка
Главный приз — тяжеленная стеклянная именная статуэтка за первое место (у меня вот такая уже имеется). Не менее главные призы: макбуки, айфоны, смарт-часы, умные колонки, а также бесценные подарки от партнеров проекта BI.ZONE Bug Bounty и VK Bug Bounty.
Я в этом году участвовать не планировал, а всем остальным пожелаю удачи!
Сбор заявок уже открыт на сайте:
🔗 https://award.awillix.ru/
#pentestaward
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥7👍4🥱3
😈 [ LLM Security @llm_sec ]
Remote Code Execution by Server-Side Template Injection in Model Metadata
CVSS 9.7 in llama_cpp_python
found by @retr0reg
🔗 https://github.com/abetlen/llama-cpp-python/security/advisories/GHSA-56xg-wfcc-g829
🐥 [ tweet ]
Remote Code Execution by Server-Side Template Injection in Model Metadata
CVSS 9.7 in llama_cpp_python
found by @retr0reg
🔗 https://github.com/abetlen/llama-cpp-python/security/advisories/GHSA-56xg-wfcc-g829
🐥 [ tweet ]
🔥3👍1
😈 [ Nicolas Krassas @Dinosn ]
PoC for using MS Windows printers for persistence / command and control via Internet Printing
🔗 https://github.com/Diverto/IPPrintC2
🐥 [ tweet ]
PoC for using MS Windows printers for persistence / command and control via Internet Printing
🔗 https://github.com/Diverto/IPPrintC2
🐥 [ tweet ]
🔥6👍2
😈 [ CravateRouge @rouge_cravate ]
Performing kerberos cross domain authentication with impacket is not straightforward!
If you want to authenticate on domain A (trusting domain B) with a userB you must ask a ST to domain B for krbtgt/domainA and then use this ST to request new ST to domainA, e.g.:
🐥 [ tweet ]
Performing kerberos cross domain authentication with impacket is not straightforward!
If you want to authenticate on domain A (trusting domain B) with a userB you must ask a ST to domain B for krbtgt/domainA and then use this ST to request new ST to domainA, e.g.:
🐥 [ tweet ]
Б for Баян🔥5
😈 [ sinusoid @the_bit_diddler ]
I'm intending to release an open-source Visual Studio Code extension to make writing BOFs easier for the community:
- Complete Nt/Zw function prototypes with tab completion (and correct typecasting for placeholder variables)
- MSDN header searching
PoC:
🔗 https://www.youtube.com/watch?v=oWss4Ac9Pl8
🐥 [ tweet ]
I'm intending to release an open-source Visual Studio Code extension to make writing BOFs easier for the community:
- Complete Nt/Zw function prototypes with tab completion (and correct typecasting for placeholder variables)
- MSDN header searching
PoC:
🔗 https://www.youtube.com/watch?v=oWss4Ac9Pl8
🐥 [ tweet ]
🔥3
😈 [ Steve S. @0xTriboulet ]
@vxunderground
BSides Talk on Writing malware in Nim w/o the Nim Runtime
🔗 https://github.com/m4ul3r/writing_nimless/blob/main/Writing%20Nimless%20nim.pdf
🐥 [ tweet ]
@vxunderground
BSides Talk on Writing malware in Nim w/o the Nim Runtime
🔗 https://github.com/m4ul3r/writing_nimless/blob/main/Writing%20Nimless%20nim.pdf
🐥 [ tweet ]
🤯3🔥2🤔1
😈 [ CravateRouge @rouge_cravate ]
Having an AD with trusts you can reach?
bloodyAD can now retrieve the trusts of the trusts where you can connect to and print them as a nice ascii tree
🐥 [ tweet ]
Having an AD with trusts you can reach?
bloodyAD can now retrieve the trusts of the trusts where you can connect to and print them as a nice ascii tree
🐥 [ tweet ]
🔥8
😈 [ Binni Shah @binitamshah ]
Hooking System Calls in Windows 11 22H2 like Avast Antivirus. Research, analysis and bypass : credits @Denis_Skvortcov
🔗 https://the-deniss.github.io/posts/2022/12/08/hooking-system-calls-in-windows-11-22h2-like-avast-antivirus.html
🐥 [ tweet ]
Hooking System Calls in Windows 11 22H2 like Avast Antivirus. Research, analysis and bypass : credits @Denis_Skvortcov
🔗 https://the-deniss.github.io/posts/2022/12/08/hooking-system-calls-in-windows-11-22h2-like-avast-antivirus.html
🐥 [ tweet ]
🔥5👍1
😈 [ Jonny Johnson @jsecurity101 ]
Without further ado - here is EtwInspector!
This is a C++ tool to help users interact with ETW providers. This tool supports the enumeration of providers, their events, and capture events.
🔗 https://github.com/jsecurity101/ETWInspector
🐥 [ tweet ][ quote ]
Without further ado - here is EtwInspector!
This is a C++ tool to help users interact with ETW providers. This tool supports the enumeration of providers, their events, and capture events.
🔗 https://github.com/jsecurity101/ETWInspector
🐥 [ tweet ][ quote ]
👍5
😈 [ eversinc33 🩸🗡️ @eversinc33 ]
If you are facing an EDR with PEB protection/obf which makes Ldr inaccessible & want to inject shellcode, just pass the VA of LoadLibrary (which is consistent across processes) to the shellcode via egg-hunting from your injector, enabling lib resolution without touching the PEB.
🐥 [ tweet ]
If you are facing an EDR with PEB protection/obf which makes Ldr inaccessible & want to inject shellcode, just pass the VA of LoadLibrary (which is consistent across processes) to the shellcode via egg-hunting from your injector, enabling lib resolution without touching the PEB.
🐥 [ tweet ]
*смешной срач в треде*🔥7👍1
😈 [ NCV @nickvourd ]
This is my first article! Special thanks to @LAripping and @S1ckB0y1337 for the inspiration!
🔗 https://nickvourd.github.io/what-if-no-pkinit-still-the-same-fun/
🐥 [ tweet ]
#для_самых_маленьких
This is my first article! Special thanks to @LAripping and @S1ckB0y1337 for the inspiration!
🔗 https://nickvourd.github.io/what-if-no-pkinit-still-the-same-fun/
🐥 [ tweet ]
#для_самых_маленьких
👍2
Offensive Xwitter
*смешной срач в треде*
Как скрасить свой вечер: идем в https://x.com/studentofthings, открываем Ответы, читаем треды, рофлируем.
🔥4😁3🥱2👍1
😈 [ VirusTotal @virustotal ]
"YARA is dead, long live YARA-X!" 🎉
After 15 years, YARA gets a full rewrite in Rust, bringing enhanced performance, security, and user experience.
Dive into the details in latest blog post by @plusvic :
🔗 https://blog.virustotal.com/2024/05/yara-is-dead-long-live-yara-x.html
🐥 [ tweet ]
"YARA is dead, long live YARA-X!" 🎉
After 15 years, YARA gets a full rewrite in Rust, bringing enhanced performance, security, and user experience.
Dive into the details in latest blog post by @plusvic :
🔗 https://blog.virustotal.com/2024/05/yara-is-dead-long-live-yara-x.html
🐥 [ tweet ]
🔥8🤔1😢1
😈 [ Thomas Rinsma @thomasrinsma ]
Just released the write-up for CVE-2024-4367, a bug I found recently in PDF.js (and hence in Firefox), resulting in arbitrary JavaScript execution when opening a malicious PDF.
🔗 https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/
🐥 [ tweet ]
Just released the write-up for CVE-2024-4367, a bug I found recently in PDF.js (and hence in Firefox), resulting in arbitrary JavaScript execution when opening a malicious PDF.
🔗 https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/
🐥 [ tweet ]
👍4
😈 [ Amal Murali @amalmurali47 ]
Just published a blog post on reversing the Git RCE: CVE-2024-32002. It includes my thought process, a working exploit for Mac and Windows, and the PoC GitHub repositories.
🔗 https://amalmurali.me/posts/git-rce/
🐥 [ tweet ][ quote ]
Just published a blog post on reversing the Git RCE: CVE-2024-32002. It includes my thought process, a working exploit for Mac and Windows, and the PoC GitHub repositories.
🔗 https://amalmurali.me/posts/git-rce/
🐥 [ tweet ][ quote ]
Forwarded from PT SWARM
🧧 Our researcher Igor Sak-Sakovskiy has discovered an XXE in Chrome and Safari by ChatGPT!
Bounty: $28,000 💸
Here is the write-up 👉 https://swarm.ptsecurity.com/xxe-chrome-safari-chatgpt/
Bounty: $28,000 💸
Here is the write-up 👉 https://swarm.ptsecurity.com/xxe-chrome-safari-chatgpt/
🤯15👍4🥱2🤔1
😈 [ Lsec @lsecqt ]
I just uploaded a video where I weaponize the code from IconJector via process injection into more legit process than the exporer.exe itself. Hands down to this technique and all credit goes to its creator.
🔗 https://www.youtube.com/watch?v=2agrRX4fD_I
🐥 [ tweet ]
I just uploaded a video where I weaponize the code from IconJector via process injection into more legit process than the exporer.exe itself. Hands down to this technique and all credit goes to its creator.
🔗 https://www.youtube.com/watch?v=2agrRX4fD_I
🐥 [ tweet ]
👍3
😈 [ Ptrace Security GmbH @ptracesecurity ]
Nmap Dashboard with Grafana:
🔗 https://hackertarget.com/nmap-dashboard-with-grafana/
🐥 [ tweet ]
Nmap Dashboard with Grafana:
🔗 https://hackertarget.com/nmap-dashboard-with-grafana/
🐥 [ tweet ]
прикольная идея👍12🤔1