🔥9
😈 [ Slowerzs @slowerzs ]
I wrote a blogpost on injecting code into a PPL process on Windows 11, without abusing any vulnerable driver.
🔗 https://blog.slowerzs.net/posts/pplsystem/
🐥 [ tweet ]
I wrote a blogpost on injecting code into a PPL process on Windows 11, without abusing any vulnerable driver.
🔗 https://blog.slowerzs.net/posts/pplsystem/
🐥 [ tweet ]
👍5🥱1
😈 [ slonser @slonser_ ]
My new Research
Email attacks.
- C# 0day
- spoofing emails
e.t.c.
🔗 https://blog.slonser.info/posts/email-attacks/
🐥 [ tweet ]
My new Research
Email attacks.
- C# 0day
- spoofing emails
e.t.c.
🔗 https://blog.slonser.info/posts/email-attacks/
🐥 [ tweet ]
👍10🥱2
😈 [ spencer @techspence ]
I'm gonna start calling this THE FABULOUS FOUR! 😂
🔗 https://offsec.blog/hidden-menace-how-to-identify-misconfigured-and-dangerous-logon-noscripts/
🔗 https://www.linkedin.com/pulse/adeleg-active-directory-security-tool-youve-never-heard-alessi-lvqze
🔗 https://github.com/TrimarcJake/Locksmith
🔗 https://www.pingcastle.com/
🐥 [ tweet ]
I'm gonna start calling this THE FABULOUS FOUR! 😂
🔗 https://offsec.blog/hidden-menace-how-to-identify-misconfigured-and-dangerous-logon-noscripts/
🔗 https://www.linkedin.com/pulse/adeleg-active-directory-security-tool-youve-never-heard-alessi-lvqze
🔗 https://github.com/TrimarcJake/Locksmith
🔗 https://www.pingcastle.com/
🐥 [ tweet ]
🔥8
Offensive Xwitter
Лайфхак от моего хорошего друга, гуру админства этих ваших окон @DrunkF0x: закончилась лицуха на шиндовс серваке evaluation-версии (в лабе, например)? Пишем в консоли от админа, и пробный период продляется на 180 дней: Cmd > slmgr /rearm Cmd > shutdown -r…
Мое новое комбо для гига быстрого развертывания виндовируалок в лабе 👇🏻
Образы:
🔗 https://uupdump.net
Таблэтка:
🔗 https://github.com/massgravel/Microsoft-Activation-Scripts
Образы:
🔗 https://uupdump.net
Таблэтка:
🔗 https://github.com/massgravel/Microsoft-Activation-Scripts
irm https://get.activated.win | iex
🔥13👍4
Годнóта от @s0i37_channel, малютки:
🔗 https://xakep.ru/2020/06/17/windows-mitm/ (old but gold)
🔗 https://xakep.ru/2024/05/08/virtualization-for-pivoting/
🔗 https://xakep.ru/2024/05/16/virtualization-for-attacks/
🔗 https://xakep.ru/2020/06/17/windows-mitm/ (old but gold)
🔗 https://xakep.ru/2024/05/08/virtualization-for-pivoting/
🔗 https://xakep.ru/2024/05/16/virtualization-for-attacks/
👍10🥱2🔥1
😈 [ ap @decoder_it ]
Based on a recent finding, tried to understand on how to abuse the "SeRelabelPrivilege". Thanks to @tiraniddo post , I was able to perform an LPE in its simplest form. -> No security boundary violation ;)
🔗 https://www.tiraniddo.dev/2021/06/the-much-misunderstood.html
🐥 [ tweet ]
Based on a recent finding, tried to understand on how to abuse the "SeRelabelPrivilege". Thanks to @tiraniddo post , I was able to perform an LPE in its simplest form. -> No security boundary violation ;)
🔗 https://www.tiraniddo.dev/2021/06/the-much-misunderstood.html
🐥 [ tweet ]
👍4
😈 [ Aurélien Chalot @Defte_ ]
Wanna blindly check if the ADCS web enroll is installed on a domain ? Bruteforce the /certenroll endpoint without the trailing/ on all webservers. If you hit the ADCS web enroll you will get a location: /certenroll/ header in the response. Now enjoy blind ntlmrelayx ESC8 👀👀👀
Example. This webserver does not expose a ADCS web enroll endpoint but the Windows Admin Center panel. Yet your command will flag it as ADCS. While mine won't ;)
🐥 [ tweet ]
Wanna blindly check if the ADCS web enroll is installed on a domain ? Bruteforce the /certenroll endpoint without the trailing/ on all webservers. If you hit the ADCS web enroll you will get a location: /certenroll/ header in the response. Now enjoy blind ntlmrelayx ESC8 👀👀👀
Example. This webserver does not expose a ADCS web enroll endpoint but the Windows Admin Center panel. Yet your command will flag it as ADCS. While mine won't ;)
🐥 [ tweet ]
👍9🤔2🤯2
😈 [ BlackWasp @BlWasp_ ]
Last week I have presented a conference at @sth4ck about the SCCM infrastructures and how to exploit them during your internal pentests and Red Team missions to quickly become Domain Admin!
If you understand french or can use subnoscripts, go check it out ✌️
🔗 https://youtu.be/ibFQgsAMjwI?si=Su_WW3sKBjtf9IxV
🐥 [ tweet ]
Last week I have presented a conference at @sth4ck about the SCCM infrastructures and how to exploit them during your internal pentests and Red Team missions to quickly become Domain Admin!
If you understand french or can use subnoscripts, go check it out ✌️
🔗 https://youtu.be/ibFQgsAMjwI?si=Su_WW3sKBjtf9IxV
🐥 [ tweet ]
🔥4
Offensive Xwitter
😈 [ ap @decoder_it ] Based on a recent finding, tried to understand on how to abuse the "SeRelabelPrivilege". Thanks to @tiraniddo post , I was able to perform an LPE in its simplest form. -> No security boundary violation ;) 🔗 https://www.tiraniddo.dev/2021/06/the…
😈 [ ap @decoder_it ]
Just published a short blog post on abusing the SeRelabelPrivilege ;)
🔗 https://decoder.cloud/2024/05/30/abusing-the-serelabelprivilege/
🐥 [ tweet ]
Just published a short blog post on abusing the SeRelabelPrivilege ;)
🔗 https://decoder.cloud/2024/05/30/abusing-the-serelabelprivilege/
🐥 [ tweet ]
🔥5
😈 [ Synacktiv @Synacktiv ]
Did you enjoy the latest blogpost on PHP filter chains? Well, our ninja @_remsio_ strikes again with a new article detailing how you can abuse them to leak files from the targeted system, as well as a freshly developed tool to exploit it!
🔗 https://www.synacktiv.com/publications/php-filter-chains-file-read-from-error-based-oracle
🐥 [ tweet ]
Did you enjoy the latest blogpost on PHP filter chains? Well, our ninja @_remsio_ strikes again with a new article detailing how you can abuse them to leak files from the targeted system, as well as a freshly developed tool to exploit it!
🔗 https://www.synacktiv.com/publications/php-filter-chains-file-read-from-error-based-oracle
🐥 [ tweet ]
🔥6
😈 [ Octoberfest7 @Octoberfest73 ]
I have a vague memory of some research posted in the past year or two about a technique for executing encrypted shellcode by decrypting the next instruction, executing it, remasking it, etc. Ring any bells for anyone?
… answer …
🔗 https://github.com/lem0nSec/ShellGhost
🐥 [ tweet ]
I have a vague memory of some research posted in the past year or two about a technique for executing encrypted shellcode by decrypting the next instruction, executing it, remasking it, etc. Ring any bells for anyone?
… answer …
🔗 https://github.com/lem0nSec/ShellGhost
🐥 [ tweet ]
🔥4
Forwarded from 1N73LL1G3NC3
CookieKatz
Dump cookies directly from Chrome, Edge, or Msedgewebview2 process memory. Chromium-based browsers load all their cookies from the on-disk cookie database on startup.
The benefits of this approach are:
This solution consists of three projects:
Dump cookies directly from Chrome, Edge, or Msedgewebview2 process memory. Chromium-based browsers load all their cookies from the on-disk cookie database on startup.
The benefits of this approach are:
• Support dumping cookies from Chrome’s Incogntio and Edge’s In-Private processes
• Access cookies of other user’s browsers when running elevated
• Dump cookies from webview processes
• No need to touch on-disk database file
• DPAPI keys not needed to decrypt the cookies
• Parse cookies offline from a minidump file
This solution consists of three projects:
• CookieKatz - PE executable
• CookieKatz-BOF - Beacon Object File version
• CookieKatzMinidump - minidump parser.
🔥14👍3🥱2
😈 [ Rémi GASCOU (Podalirius) @podalirius_ ]
smbclient-ng is finally out! 🥳
Discover lots of features, additional modules, autocompletion, recursive get and recursive put, colors and progress bars!
🔗 https://github.com/p0dalirius/smbclient-ng
🐥 [ tweet ]
smbclient-ng is finally out! 🥳
Discover lots of features, additional modules, autocompletion, recursive get and recursive put, colors and progress bars!
🔗 https://github.com/p0dalirius/smbclient-ng
🐥 [ tweet ]
🔥9👍2
😈 [ Smukx.E @5mukx ]
My Nerdy work Releases (^^)
Obfuscation methods:
🔗 https://github.com/Whitecat18/Rust-for-Malware-Development/tree/main/obfuscation
Process Hollow:
🔗 https://github.com/Whitecat18/Rust-for-Malware-Development/blob/main/Process/remote_mapping_injection.rs
Remote Mapping Inject:
🔗 https://github.com/Whitecat18/Rust-for-Malware-Development/blob/main/shellcode_exec/Shell-Exec_fnPointer.rs
Shellcode Exec fn pnt:
🔗 https://github.com/Whitecat18/Rust-for-Malware-Development/blob/main/Process/process_hollowing.rs
DLL Unhooking:
🔗 https://github.com/Whitecat18/Rust-for-Malware-Development/blob/main/dll_injection/dll_unhooking.rs
🐥 [ tweet ]
My Nerdy work Releases (^^)
Obfuscation methods:
🔗 https://github.com/Whitecat18/Rust-for-Malware-Development/tree/main/obfuscation
Process Hollow:
🔗 https://github.com/Whitecat18/Rust-for-Malware-Development/blob/main/Process/remote_mapping_injection.rs
Remote Mapping Inject:
🔗 https://github.com/Whitecat18/Rust-for-Malware-Development/blob/main/shellcode_exec/Shell-Exec_fnPointer.rs
Shellcode Exec fn pnt:
🔗 https://github.com/Whitecat18/Rust-for-Malware-Development/blob/main/Process/process_hollowing.rs
DLL Unhooking:
🔗 https://github.com/Whitecat18/Rust-for-Malware-Development/blob/main/dll_injection/dll_unhooking.rs
🐥 [ tweet ]
🔥7
Forwarded from КиберТопор
В Твиттере официально разрешили публиковать порно
Теперь пользователи могут создавать и смотреть видео на сексуальную тематику, если они сделаны по обоюдному согласию
–Можно мне PorhHub?
–У нас есть PorhHub дома
PorhHub дома:
🕹КиберТопор — Подписаться
Теперь пользователи могут создавать и смотреть видео на сексуальную тематику, если они сделаны по обоюдному согласию
–Можно мне PorhHub?
–У нас есть PorhHub дома
PorhHub дома:
🕹КиберТопор — Подписаться
🍌8😁4
😈 [ Outflank @OutflankNL ]
It's not *always* about Windows - macOS and Linux #EDRs need attention, too! In our latest blog, @kyleavery_ explains more about the telemetry sources for these under-discussed endpoint products:
🔗 https://www.outflank.nl/blog/2024/06/03/edr-internals-macos-linux/
🐥 [ tweet ]
It's not *always* about Windows - macOS and Linux #EDRs need attention, too! In our latest blog, @kyleavery_ explains more about the telemetry sources for these under-discussed endpoint products:
🔗 https://www.outflank.nl/blog/2024/06/03/edr-internals-macos-linux/
🐥 [ tweet ]
🔥4
😈 [ James Forshaw @tiraniddo ]
Just because you get access denied accessing a folder, it doesn't mean you can't get access. A quick look at bypassing the security on the WindowsApps folder.
🔗 https://www.tiraniddo.dev/2024/06/working-your-way-around-acl.html
🐥 [ tweet ]
Just because you get access denied accessing a folder, it doesn't mean you can't get access. A quick look at bypassing the security on the WindowsApps folder.
🔗 https://www.tiraniddo.dev/2024/06/working-your-way-around-acl.html
🐥 [ tweet ]
👍5🔥1