😈 [ eversinc33 🩸🗡️ @eversinc33 ]
If you are facing an EDR with PEB protection/obf which makes Ldr inaccessible & want to inject shellcode, just pass the VA of LoadLibrary (which is consistent across processes) to the shellcode via egg-hunting from your injector, enabling lib resolution without touching the PEB.
🐥 [ tweet ]
If you are facing an EDR with PEB protection/obf which makes Ldr inaccessible & want to inject shellcode, just pass the VA of LoadLibrary (which is consistent across processes) to the shellcode via egg-hunting from your injector, enabling lib resolution without touching the PEB.
🐥 [ tweet ]
*смешной срач в треде*🔥7👍1
😈 [ NCV @nickvourd ]
This is my first article! Special thanks to @LAripping and @S1ckB0y1337 for the inspiration!
🔗 https://nickvourd.github.io/what-if-no-pkinit-still-the-same-fun/
🐥 [ tweet ]
#для_самых_маленьких
This is my first article! Special thanks to @LAripping and @S1ckB0y1337 for the inspiration!
🔗 https://nickvourd.github.io/what-if-no-pkinit-still-the-same-fun/
🐥 [ tweet ]
#для_самых_маленьких
👍2
Offensive Xwitter
*смешной срач в треде*
Как скрасить свой вечер: идем в https://x.com/studentofthings, открываем Ответы, читаем треды, рофлируем.
🔥4😁3🥱2👍1
😈 [ VirusTotal @virustotal ]
"YARA is dead, long live YARA-X!" 🎉
After 15 years, YARA gets a full rewrite in Rust, bringing enhanced performance, security, and user experience.
Dive into the details in latest blog post by @plusvic :
🔗 https://blog.virustotal.com/2024/05/yara-is-dead-long-live-yara-x.html
🐥 [ tweet ]
"YARA is dead, long live YARA-X!" 🎉
After 15 years, YARA gets a full rewrite in Rust, bringing enhanced performance, security, and user experience.
Dive into the details in latest blog post by @plusvic :
🔗 https://blog.virustotal.com/2024/05/yara-is-dead-long-live-yara-x.html
🐥 [ tweet ]
🔥8🤔1😢1
😈 [ Thomas Rinsma @thomasrinsma ]
Just released the write-up for CVE-2024-4367, a bug I found recently in PDF.js (and hence in Firefox), resulting in arbitrary JavaScript execution when opening a malicious PDF.
🔗 https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/
🐥 [ tweet ]
Just released the write-up for CVE-2024-4367, a bug I found recently in PDF.js (and hence in Firefox), resulting in arbitrary JavaScript execution when opening a malicious PDF.
🔗 https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/
🐥 [ tweet ]
👍4
😈 [ Amal Murali @amalmurali47 ]
Just published a blog post on reversing the Git RCE: CVE-2024-32002. It includes my thought process, a working exploit for Mac and Windows, and the PoC GitHub repositories.
🔗 https://amalmurali.me/posts/git-rce/
🐥 [ tweet ][ quote ]
Just published a blog post on reversing the Git RCE: CVE-2024-32002. It includes my thought process, a working exploit for Mac and Windows, and the PoC GitHub repositories.
🔗 https://amalmurali.me/posts/git-rce/
🐥 [ tweet ][ quote ]
Forwarded from PT SWARM
🧧 Our researcher Igor Sak-Sakovskiy has discovered an XXE in Chrome and Safari by ChatGPT!
Bounty: $28,000 💸
Here is the write-up 👉 https://swarm.ptsecurity.com/xxe-chrome-safari-chatgpt/
Bounty: $28,000 💸
Here is the write-up 👉 https://swarm.ptsecurity.com/xxe-chrome-safari-chatgpt/
🤯15👍4🥱2🤔1
😈 [ Lsec @lsecqt ]
I just uploaded a video where I weaponize the code from IconJector via process injection into more legit process than the exporer.exe itself. Hands down to this technique and all credit goes to its creator.
🔗 https://www.youtube.com/watch?v=2agrRX4fD_I
🐥 [ tweet ]
I just uploaded a video where I weaponize the code from IconJector via process injection into more legit process than the exporer.exe itself. Hands down to this technique and all credit goes to its creator.
🔗 https://www.youtube.com/watch?v=2agrRX4fD_I
🐥 [ tweet ]
👍3
😈 [ Ptrace Security GmbH @ptracesecurity ]
Nmap Dashboard with Grafana:
🔗 https://hackertarget.com/nmap-dashboard-with-grafana/
🐥 [ tweet ]
Nmap Dashboard with Grafana:
🔗 https://hackertarget.com/nmap-dashboard-with-grafana/
🐥 [ tweet ]
прикольная идея👍12🤔1
🔥9
😈 [ Slowerzs @slowerzs ]
I wrote a blogpost on injecting code into a PPL process on Windows 11, without abusing any vulnerable driver.
🔗 https://blog.slowerzs.net/posts/pplsystem/
🐥 [ tweet ]
I wrote a blogpost on injecting code into a PPL process on Windows 11, without abusing any vulnerable driver.
🔗 https://blog.slowerzs.net/posts/pplsystem/
🐥 [ tweet ]
👍5🥱1
😈 [ slonser @slonser_ ]
My new Research
Email attacks.
- C# 0day
- spoofing emails
e.t.c.
🔗 https://blog.slonser.info/posts/email-attacks/
🐥 [ tweet ]
My new Research
Email attacks.
- C# 0day
- spoofing emails
e.t.c.
🔗 https://blog.slonser.info/posts/email-attacks/
🐥 [ tweet ]
👍10🥱2
😈 [ spencer @techspence ]
I'm gonna start calling this THE FABULOUS FOUR! 😂
🔗 https://offsec.blog/hidden-menace-how-to-identify-misconfigured-and-dangerous-logon-noscripts/
🔗 https://www.linkedin.com/pulse/adeleg-active-directory-security-tool-youve-never-heard-alessi-lvqze
🔗 https://github.com/TrimarcJake/Locksmith
🔗 https://www.pingcastle.com/
🐥 [ tweet ]
I'm gonna start calling this THE FABULOUS FOUR! 😂
🔗 https://offsec.blog/hidden-menace-how-to-identify-misconfigured-and-dangerous-logon-noscripts/
🔗 https://www.linkedin.com/pulse/adeleg-active-directory-security-tool-youve-never-heard-alessi-lvqze
🔗 https://github.com/TrimarcJake/Locksmith
🔗 https://www.pingcastle.com/
🐥 [ tweet ]
🔥8
Offensive Xwitter
Лайфхак от моего хорошего друга, гуру админства этих ваших окон @DrunkF0x: закончилась лицуха на шиндовс серваке evaluation-версии (в лабе, например)? Пишем в консоли от админа, и пробный период продляется на 180 дней: Cmd > slmgr /rearm Cmd > shutdown -r…
Мое новое комбо для гига быстрого развертывания виндовируалок в лабе 👇🏻
Образы:
🔗 https://uupdump.net
Таблэтка:
🔗 https://github.com/massgravel/Microsoft-Activation-Scripts
Образы:
🔗 https://uupdump.net
Таблэтка:
🔗 https://github.com/massgravel/Microsoft-Activation-Scripts
irm https://get.activated.win | iex
🔥13👍4
Годнóта от @s0i37_channel, малютки:
🔗 https://xakep.ru/2020/06/17/windows-mitm/ (old but gold)
🔗 https://xakep.ru/2024/05/08/virtualization-for-pivoting/
🔗 https://xakep.ru/2024/05/16/virtualization-for-attacks/
🔗 https://xakep.ru/2020/06/17/windows-mitm/ (old but gold)
🔗 https://xakep.ru/2024/05/08/virtualization-for-pivoting/
🔗 https://xakep.ru/2024/05/16/virtualization-for-attacks/
👍10🥱2🔥1
😈 [ ap @decoder_it ]
Based on a recent finding, tried to understand on how to abuse the "SeRelabelPrivilege". Thanks to @tiraniddo post , I was able to perform an LPE in its simplest form. -> No security boundary violation ;)
🔗 https://www.tiraniddo.dev/2021/06/the-much-misunderstood.html
🐥 [ tweet ]
Based on a recent finding, tried to understand on how to abuse the "SeRelabelPrivilege". Thanks to @tiraniddo post , I was able to perform an LPE in its simplest form. -> No security boundary violation ;)
🔗 https://www.tiraniddo.dev/2021/06/the-much-misunderstood.html
🐥 [ tweet ]
👍4
😈 [ Aurélien Chalot @Defte_ ]
Wanna blindly check if the ADCS web enroll is installed on a domain ? Bruteforce the /certenroll endpoint without the trailing/ on all webservers. If you hit the ADCS web enroll you will get a location: /certenroll/ header in the response. Now enjoy blind ntlmrelayx ESC8 👀👀👀
Example. This webserver does not expose a ADCS web enroll endpoint but the Windows Admin Center panel. Yet your command will flag it as ADCS. While mine won't ;)
🐥 [ tweet ]
Wanna blindly check if the ADCS web enroll is installed on a domain ? Bruteforce the /certenroll endpoint without the trailing/ on all webservers. If you hit the ADCS web enroll you will get a location: /certenroll/ header in the response. Now enjoy blind ntlmrelayx ESC8 👀👀👀
Example. This webserver does not expose a ADCS web enroll endpoint but the Windows Admin Center panel. Yet your command will flag it as ADCS. While mine won't ;)
🐥 [ tweet ]
👍9🤔2🤯2
😈 [ BlackWasp @BlWasp_ ]
Last week I have presented a conference at @sth4ck about the SCCM infrastructures and how to exploit them during your internal pentests and Red Team missions to quickly become Domain Admin!
If you understand french or can use subnoscripts, go check it out ✌️
🔗 https://youtu.be/ibFQgsAMjwI?si=Su_WW3sKBjtf9IxV
🐥 [ tweet ]
Last week I have presented a conference at @sth4ck about the SCCM infrastructures and how to exploit them during your internal pentests and Red Team missions to quickly become Domain Admin!
If you understand french or can use subnoscripts, go check it out ✌️
🔗 https://youtu.be/ibFQgsAMjwI?si=Su_WW3sKBjtf9IxV
🐥 [ tweet ]
🔥4