😈 [ Jonny Johnson @jsecurity101 ]
Without further ado - here is EtwInspector!
This is a C++ tool to help users interact with ETW providers. This tool supports the enumeration of providers, their events, and capture events.
🔗 https://github.com/jsecurity101/ETWInspector
🐥 [ tweet ][ quote ]
Without further ado - here is EtwInspector!
This is a C++ tool to help users interact with ETW providers. This tool supports the enumeration of providers, their events, and capture events.
🔗 https://github.com/jsecurity101/ETWInspector
🐥 [ tweet ][ quote ]
👍5
😈 [ eversinc33 🩸🗡️ @eversinc33 ]
If you are facing an EDR with PEB protection/obf which makes Ldr inaccessible & want to inject shellcode, just pass the VA of LoadLibrary (which is consistent across processes) to the shellcode via egg-hunting from your injector, enabling lib resolution without touching the PEB.
🐥 [ tweet ]
If you are facing an EDR with PEB protection/obf which makes Ldr inaccessible & want to inject shellcode, just pass the VA of LoadLibrary (which is consistent across processes) to the shellcode via egg-hunting from your injector, enabling lib resolution without touching the PEB.
🐥 [ tweet ]
*смешной срач в треде*🔥7👍1
😈 [ NCV @nickvourd ]
This is my first article! Special thanks to @LAripping and @S1ckB0y1337 for the inspiration!
🔗 https://nickvourd.github.io/what-if-no-pkinit-still-the-same-fun/
🐥 [ tweet ]
#для_самых_маленьких
This is my first article! Special thanks to @LAripping and @S1ckB0y1337 for the inspiration!
🔗 https://nickvourd.github.io/what-if-no-pkinit-still-the-same-fun/
🐥 [ tweet ]
#для_самых_маленьких
👍2
Offensive Xwitter
*смешной срач в треде*
Как скрасить свой вечер: идем в https://x.com/studentofthings, открываем Ответы, читаем треды, рофлируем.
🔥4😁3🥱2👍1
😈 [ VirusTotal @virustotal ]
"YARA is dead, long live YARA-X!" 🎉
After 15 years, YARA gets a full rewrite in Rust, bringing enhanced performance, security, and user experience.
Dive into the details in latest blog post by @plusvic :
🔗 https://blog.virustotal.com/2024/05/yara-is-dead-long-live-yara-x.html
🐥 [ tweet ]
"YARA is dead, long live YARA-X!" 🎉
After 15 years, YARA gets a full rewrite in Rust, bringing enhanced performance, security, and user experience.
Dive into the details in latest blog post by @plusvic :
🔗 https://blog.virustotal.com/2024/05/yara-is-dead-long-live-yara-x.html
🐥 [ tweet ]
🔥8🤔1😢1
😈 [ Thomas Rinsma @thomasrinsma ]
Just released the write-up for CVE-2024-4367, a bug I found recently in PDF.js (and hence in Firefox), resulting in arbitrary JavaScript execution when opening a malicious PDF.
🔗 https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/
🐥 [ tweet ]
Just released the write-up for CVE-2024-4367, a bug I found recently in PDF.js (and hence in Firefox), resulting in arbitrary JavaScript execution when opening a malicious PDF.
🔗 https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/
🐥 [ tweet ]
👍4
😈 [ Amal Murali @amalmurali47 ]
Just published a blog post on reversing the Git RCE: CVE-2024-32002. It includes my thought process, a working exploit for Mac and Windows, and the PoC GitHub repositories.
🔗 https://amalmurali.me/posts/git-rce/
🐥 [ tweet ][ quote ]
Just published a blog post on reversing the Git RCE: CVE-2024-32002. It includes my thought process, a working exploit for Mac and Windows, and the PoC GitHub repositories.
🔗 https://amalmurali.me/posts/git-rce/
🐥 [ tweet ][ quote ]
Forwarded from PT SWARM
🧧 Our researcher Igor Sak-Sakovskiy has discovered an XXE in Chrome and Safari by ChatGPT!
Bounty: $28,000 💸
Here is the write-up 👉 https://swarm.ptsecurity.com/xxe-chrome-safari-chatgpt/
Bounty: $28,000 💸
Here is the write-up 👉 https://swarm.ptsecurity.com/xxe-chrome-safari-chatgpt/
🤯15👍4🥱2🤔1
😈 [ Lsec @lsecqt ]
I just uploaded a video where I weaponize the code from IconJector via process injection into more legit process than the exporer.exe itself. Hands down to this technique and all credit goes to its creator.
🔗 https://www.youtube.com/watch?v=2agrRX4fD_I
🐥 [ tweet ]
I just uploaded a video where I weaponize the code from IconJector via process injection into more legit process than the exporer.exe itself. Hands down to this technique and all credit goes to its creator.
🔗 https://www.youtube.com/watch?v=2agrRX4fD_I
🐥 [ tweet ]
👍3
😈 [ Ptrace Security GmbH @ptracesecurity ]
Nmap Dashboard with Grafana:
🔗 https://hackertarget.com/nmap-dashboard-with-grafana/
🐥 [ tweet ]
Nmap Dashboard with Grafana:
🔗 https://hackertarget.com/nmap-dashboard-with-grafana/
🐥 [ tweet ]
прикольная идея👍12🤔1
🔥9
😈 [ Slowerzs @slowerzs ]
I wrote a blogpost on injecting code into a PPL process on Windows 11, without abusing any vulnerable driver.
🔗 https://blog.slowerzs.net/posts/pplsystem/
🐥 [ tweet ]
I wrote a blogpost on injecting code into a PPL process on Windows 11, without abusing any vulnerable driver.
🔗 https://blog.slowerzs.net/posts/pplsystem/
🐥 [ tweet ]
👍5🥱1
😈 [ slonser @slonser_ ]
My new Research
Email attacks.
- C# 0day
- spoofing emails
e.t.c.
🔗 https://blog.slonser.info/posts/email-attacks/
🐥 [ tweet ]
My new Research
Email attacks.
- C# 0day
- spoofing emails
e.t.c.
🔗 https://blog.slonser.info/posts/email-attacks/
🐥 [ tweet ]
👍10🥱2
😈 [ spencer @techspence ]
I'm gonna start calling this THE FABULOUS FOUR! 😂
🔗 https://offsec.blog/hidden-menace-how-to-identify-misconfigured-and-dangerous-logon-noscripts/
🔗 https://www.linkedin.com/pulse/adeleg-active-directory-security-tool-youve-never-heard-alessi-lvqze
🔗 https://github.com/TrimarcJake/Locksmith
🔗 https://www.pingcastle.com/
🐥 [ tweet ]
I'm gonna start calling this THE FABULOUS FOUR! 😂
🔗 https://offsec.blog/hidden-menace-how-to-identify-misconfigured-and-dangerous-logon-noscripts/
🔗 https://www.linkedin.com/pulse/adeleg-active-directory-security-tool-youve-never-heard-alessi-lvqze
🔗 https://github.com/TrimarcJake/Locksmith
🔗 https://www.pingcastle.com/
🐥 [ tweet ]
🔥8
Offensive Xwitter
Лайфхак от моего хорошего друга, гуру админства этих ваших окон @DrunkF0x: закончилась лицуха на шиндовс серваке evaluation-версии (в лабе, например)? Пишем в консоли от админа, и пробный период продляется на 180 дней: Cmd > slmgr /rearm Cmd > shutdown -r…
Мое новое комбо для гига быстрого развертывания виндовируалок в лабе 👇🏻
Образы:
🔗 https://uupdump.net
Таблэтка:
🔗 https://github.com/massgravel/Microsoft-Activation-Scripts
Образы:
🔗 https://uupdump.net
Таблэтка:
🔗 https://github.com/massgravel/Microsoft-Activation-Scripts
irm https://get.activated.win | iex
🔥13👍4
Годнóта от @s0i37_channel, малютки:
🔗 https://xakep.ru/2020/06/17/windows-mitm/ (old but gold)
🔗 https://xakep.ru/2024/05/08/virtualization-for-pivoting/
🔗 https://xakep.ru/2024/05/16/virtualization-for-attacks/
🔗 https://xakep.ru/2020/06/17/windows-mitm/ (old but gold)
🔗 https://xakep.ru/2024/05/08/virtualization-for-pivoting/
🔗 https://xakep.ru/2024/05/16/virtualization-for-attacks/
👍10🥱2🔥1
😈 [ ap @decoder_it ]
Based on a recent finding, tried to understand on how to abuse the "SeRelabelPrivilege". Thanks to @tiraniddo post , I was able to perform an LPE in its simplest form. -> No security boundary violation ;)
🔗 https://www.tiraniddo.dev/2021/06/the-much-misunderstood.html
🐥 [ tweet ]
Based on a recent finding, tried to understand on how to abuse the "SeRelabelPrivilege". Thanks to @tiraniddo post , I was able to perform an LPE in its simplest form. -> No security boundary violation ;)
🔗 https://www.tiraniddo.dev/2021/06/the-much-misunderstood.html
🐥 [ tweet ]
👍4
😈 [ Aurélien Chalot @Defte_ ]
Wanna blindly check if the ADCS web enroll is installed on a domain ? Bruteforce the /certenroll endpoint without the trailing/ on all webservers. If you hit the ADCS web enroll you will get a location: /certenroll/ header in the response. Now enjoy blind ntlmrelayx ESC8 👀👀👀
Example. This webserver does not expose a ADCS web enroll endpoint but the Windows Admin Center panel. Yet your command will flag it as ADCS. While mine won't ;)
🐥 [ tweet ]
Wanna blindly check if the ADCS web enroll is installed on a domain ? Bruteforce the /certenroll endpoint without the trailing/ on all webservers. If you hit the ADCS web enroll you will get a location: /certenroll/ header in the response. Now enjoy blind ntlmrelayx ESC8 👀👀👀
Example. This webserver does not expose a ADCS web enroll endpoint but the Windows Admin Center panel. Yet your command will flag it as ADCS. While mine won't ;)
🐥 [ tweet ]
👍9🤔2🤯2