Forwarded from 1N73LL1G3NC3
CookieKatz
Dump cookies directly from Chrome, Edge, or Msedgewebview2 process memory. Chromium-based browsers load all their cookies from the on-disk cookie database on startup.
The benefits of this approach are:
This solution consists of three projects:
Dump cookies directly from Chrome, Edge, or Msedgewebview2 process memory. Chromium-based browsers load all their cookies from the on-disk cookie database on startup.
The benefits of this approach are:
• Support dumping cookies from Chrome’s Incogntio and Edge’s In-Private processes
• Access cookies of other user’s browsers when running elevated
• Dump cookies from webview processes
• No need to touch on-disk database file
• DPAPI keys not needed to decrypt the cookies
• Parse cookies offline from a minidump file
This solution consists of three projects:
• CookieKatz - PE executable
• CookieKatz-BOF - Beacon Object File version
• CookieKatzMinidump - minidump parser.
🔥14👍3🥱2
😈 [ Rémi GASCOU (Podalirius) @podalirius_ ]
smbclient-ng is finally out! 🥳
Discover lots of features, additional modules, autocompletion, recursive get and recursive put, colors and progress bars!
🔗 https://github.com/p0dalirius/smbclient-ng
🐥 [ tweet ]
smbclient-ng is finally out! 🥳
Discover lots of features, additional modules, autocompletion, recursive get and recursive put, colors and progress bars!
🔗 https://github.com/p0dalirius/smbclient-ng
🐥 [ tweet ]
🔥9👍2
😈 [ Smukx.E @5mukx ]
My Nerdy work Releases (^^)
Obfuscation methods:
🔗 https://github.com/Whitecat18/Rust-for-Malware-Development/tree/main/obfuscation
Process Hollow:
🔗 https://github.com/Whitecat18/Rust-for-Malware-Development/blob/main/Process/remote_mapping_injection.rs
Remote Mapping Inject:
🔗 https://github.com/Whitecat18/Rust-for-Malware-Development/blob/main/shellcode_exec/Shell-Exec_fnPointer.rs
Shellcode Exec fn pnt:
🔗 https://github.com/Whitecat18/Rust-for-Malware-Development/blob/main/Process/process_hollowing.rs
DLL Unhooking:
🔗 https://github.com/Whitecat18/Rust-for-Malware-Development/blob/main/dll_injection/dll_unhooking.rs
🐥 [ tweet ]
My Nerdy work Releases (^^)
Obfuscation methods:
🔗 https://github.com/Whitecat18/Rust-for-Malware-Development/tree/main/obfuscation
Process Hollow:
🔗 https://github.com/Whitecat18/Rust-for-Malware-Development/blob/main/Process/remote_mapping_injection.rs
Remote Mapping Inject:
🔗 https://github.com/Whitecat18/Rust-for-Malware-Development/blob/main/shellcode_exec/Shell-Exec_fnPointer.rs
Shellcode Exec fn pnt:
🔗 https://github.com/Whitecat18/Rust-for-Malware-Development/blob/main/Process/process_hollowing.rs
DLL Unhooking:
🔗 https://github.com/Whitecat18/Rust-for-Malware-Development/blob/main/dll_injection/dll_unhooking.rs
🐥 [ tweet ]
🔥7
Forwarded from КиберТопор
В Твиттере официально разрешили публиковать порно
Теперь пользователи могут создавать и смотреть видео на сексуальную тематику, если они сделаны по обоюдному согласию
–Можно мне PorhHub?
–У нас есть PorhHub дома
PorhHub дома:
🕹КиберТопор — Подписаться
Теперь пользователи могут создавать и смотреть видео на сексуальную тематику, если они сделаны по обоюдному согласию
–Можно мне PorhHub?
–У нас есть PorhHub дома
PorhHub дома:
🕹КиберТопор — Подписаться
🍌8😁4
😈 [ Outflank @OutflankNL ]
It's not *always* about Windows - macOS and Linux #EDRs need attention, too! In our latest blog, @kyleavery_ explains more about the telemetry sources for these under-discussed endpoint products:
🔗 https://www.outflank.nl/blog/2024/06/03/edr-internals-macos-linux/
🐥 [ tweet ]
It's not *always* about Windows - macOS and Linux #EDRs need attention, too! In our latest blog, @kyleavery_ explains more about the telemetry sources for these under-discussed endpoint products:
🔗 https://www.outflank.nl/blog/2024/06/03/edr-internals-macos-linux/
🐥 [ tweet ]
🔥4
😈 [ James Forshaw @tiraniddo ]
Just because you get access denied accessing a folder, it doesn't mean you can't get access. A quick look at bypassing the security on the WindowsApps folder.
🔗 https://www.tiraniddo.dev/2024/06/working-your-way-around-acl.html
🐥 [ tweet ]
Just because you get access denied accessing a folder, it doesn't mean you can't get access. A quick look at bypassing the security on the WindowsApps folder.
🔗 https://www.tiraniddo.dev/2024/06/working-your-way-around-acl.html
🐥 [ tweet ]
👍5🔥1
😈 [ V❄️ @vincenzosantuc1 ]
In-memory sleeping technique using threads created in suspended state and timers that work with the ResumeThread function in order to adapt SWAPPALA to the Reflective DLL context.
🔗 https://oldboy21.github.io/posts/2024/06/sleaping-issues-swappala-and-reflective-dll-friends-forever/
🐥 [ tweet ]
In-memory sleeping technique using threads created in suspended state and timers that work with the ResumeThread function in order to adapt SWAPPALA to the Reflective DLL context.
🔗 https://oldboy21.github.io/posts/2024/06/sleaping-issues-swappala-and-reflective-dll-friends-forever/
🐥 [ tweet ]
🔥2
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ Tim McGuffin @NotMedic ]
Powershell and DNS was my jam forever. I built entire attack frameworks around it. nslookup one TXT record, copy/paste it into a PS window, and bring in a ton of tools. AES encrypted, B64 encoded TXT records. It's noisy if they're looking, but most aren't looking.
🐥 [ tweet ][ reply ]
Powershell and DNS was my jam forever. I built entire attack frameworks around it. nslookup one TXT record, copy/paste it into a PS window, and bring in a ton of tools. AES encrypted, B64 encoded TXT records. It's noisy if they're looking, but most aren't looking.
🐥 [ tweet ][ reply ]
🔥11
Offensive Xwitter
😈 [ Tim McGuffin @NotMedic ] Powershell and DNS was my jam forever. I built entire attack frameworks around it. nslookup one TXT record, copy/paste it into a PS window, and bring in a ton of tools. AES encrypted, B64 encoded TXT records. It's noisy if they're…
Фигею с того, насколько сильно люди могут заморочиться с выгрузкой поше-скриптов через статические TXT-записи - это уже второй фреймворк, который я увидел на просторах Твиттера (первый был тут). Но это напомнило мне один старый прикол 😁
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥14
😈 [ Orange Tsai 🍊 @orange_8361 ]
PHP just fixed one of my RCE vulnerabilities, which affects XAMPP by default. Check to see if you are affected and update now! 🔥
🔗 https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html
🐥 [ tweet ]
PHP just fixed one of my RCE vulnerabilities, which affects XAMPP by default. Check to see if you are affected and update now! 🔥
🔗 https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html
🐥 [ tweet ]
🔥6
😈 [ 𝙻𝚊𝚠𝚛𝚎𝚗𝚌𝚎 @zux0x3a ]
Released .NET tool for extracting Windows Defender exclusions & ASR rules! 🌟
🔹 Works from low user context .
🔹 Supports local & remote queries
🔹 Extracts paths from Event ID 5007 and ASR from Event ID 1121 using regex
🔹 Enumerates ASR rules from MSFT_MpPreference WMI class(works perfectly from low user context as well).
🔹 Displays results in a clean, tabulated format
works smoothly with inline-assembly!
🔗 https://github.com/0xsp-SRD/MDE_Enum
🐥 [ tweet ]
Released .NET tool for extracting Windows Defender exclusions & ASR rules! 🌟
🔹 Works from low user context .
🔹 Supports local & remote queries
🔹 Extracts paths from Event ID 5007 and ASR from Event ID 1121 using regex
🔹 Enumerates ASR rules from MSFT_MpPreference WMI class(works perfectly from low user context as well).
🔹 Displays results in a clean, tabulated format
works smoothly with inline-assembly!
🔗 https://github.com/0xsp-SRD/MDE_Enum
🐥 [ tweet ]
🔥5👍2
Forwarded from PT SWARM
😀 Simple way to bypass a WAF in Command Injections!
Also helps with length restrictions! 🚀
Source code
Also helps with length restrictions! 🚀
Source code
🔥4🥱4👍1
Offensive Xwitter
😈 [ Kleiton Kurti @kleiton0x7e ] Created a PoC for loading DLLs without LoadLibraryA. Instead we'll leverage the VEH (Vectored Exception Handler) to modify the context, especially RIP and RCX to hold the LoadLibraryA address and it's argument. 🔗 https:/…
😈 [ Kleiton Kurti @kleiton0x7e ]
Improved the DLL-Load proxying by adding CFG bypass. As Tp* function techniques are ROP-based, a CFG bypass is likely to be needed. A way of neutralizing CFG is marking the ROP gadget stub as CFG_CALL_TARGET_VALID. Thanks @snovvcrash for the suggestion!
🔗 https://github.com/kleiton0x00/Proxy-DLL-Loads/tree/cfg-bypass/CFG.c
🐥 [ tweet ]
Improved the DLL-Load proxying by adding CFG bypass. As Tp* function techniques are ROP-based, a CFG bypass is likely to be needed. A way of neutralizing CFG is marking the ROP gadget stub as CFG_CALL_TARGET_VALID. Thanks @snovvcrash for the suggestion!
🔗 https://github.com/kleiton0x00/Proxy-DLL-Loads/tree/cfg-bypass/CFG.c
🐥 [ tweet ]
👍5🔥1
Пересматривал я под сон фильм Сквозь снег 2013 года и неожиданно захотелось выдать народу #офтоп базу про киберпанк, хоть кино и не является представителем этого жанра (скорее, классическим вариантом антиутопии).
Имхо, здешний «специалист по безопасности дверей» азиатского происхождения является классическим героем киберпанковой культуры — вечно обдолбанный фрик, которого заботит лишь свое ремесло и (такая же обдолбанная) таинственная экстрасенс-подруга, владеющий портсигаром с давно канувшими в лету Мальборо Лайтс (к которым он относится довольно небрежно), неспроста стал символом этой картины. К сожалению, текущее поколение молодежи, познакомившееся с «киберпанком» через Cyberpunk 2077, имеет мало представления об истинном происхождении этого удивительного жанра / целого пласта культуры и мироощущения для ряда людей. Ниже я приведу несколько ключевых, на мой взгляд, произведений из разных творческих миров, рекомендуемых к ознакомлению для тех, кто хочет окунуться в True киберпанк.
Литература:
🔋 Сожжение Хром (1982), Нейромант (1984) — Уильям Гибсон;
🔋 Лавина (1992) — Нил Стивенсон;
🔋 Лабиринт отражений (1997) — Сергей Лукьяненко;
🔋 Вирт (1993) — Джефф Нун;
🔋 Киберпанк (1983) — Брюс Бетке.
Кинематограф:
🔋 Странные дни (1995);
🔋 Джонни Мнемоник (1995);
🔋 Версия 1.0 (2003);
🔋 Киберпанк: Бегущие по краю (2022);
🔋 Призрак в доспехах (1995).
Музыка:
🔋 Holy Cities (2016) — Zen Mechanics;
🔋 Portal Stories: Mel, OST (2015) — Harry Callaghan;
🔋 Cryounit (все).
(вичуху, фонк, техно и другое танцевально музло тоже иногда можно отнести к этой тематике)
И да, ведьмакоделы просто захотели похайпить на слове «киберпанк», 2077 это хуита (наболело).
Имхо, здешний «специалист по безопасности дверей» азиатского происхождения является классическим героем киберпанковой культуры — вечно обдолбанный фрик, которого заботит лишь свое ремесло и (такая же обдолбанная) таинственная экстрасенс-подруга, владеющий портсигаром с давно канувшими в лету Мальборо Лайтс (к которым он относится довольно небрежно), неспроста стал символом этой картины. К сожалению, текущее поколение молодежи, познакомившееся с «киберпанком» через Cyberpunk 2077, имеет мало представления об истинном происхождении этого удивительного жанра / целого пласта культуры и мироощущения для ряда людей. Ниже я приведу несколько ключевых, на мой взгляд, произведений из разных творческих миров, рекомендуемых к ознакомлению для тех, кто хочет окунуться в True киберпанк.
Литература:
🔋 Сожжение Хром (1982), Нейромант (1984) — Уильям Гибсон;
🔋 Лавина (1992) — Нил Стивенсон;
🔋 Лабиринт отражений (1997) — Сергей Лукьяненко;
🔋 Вирт (1993) — Джефф Нун;
🔋 Киберпанк (1983) — Брюс Бетке.
Кинематограф:
🔋 Странные дни (1995);
🔋 Джонни Мнемоник (1995);
🔋 Версия 1.0 (2003);
🔋 Киберпанк: Бегущие по краю (2022);
🔋 Призрак в доспехах (1995).
Музыка:
🔋 Holy Cities (2016) — Zen Mechanics;
🔋 Portal Stories: Mel, OST (2015) — Harry Callaghan;
🔋 Cryounit (все).
(вичуху, фонк, техно и другое танцевально музло тоже иногда можно отнести к этой тематике)
И да, ведьмакоделы просто захотели похайпить на слове «киберпанк», 2077 это хуита (наболело).
👍14🥱6🤔2😁1🍌1
😈 [ Daniel Mayer @dan__mayer ]
Tired of having to write your payload to disk to move laterally? Make a .NET Profiler DLL and load it straight from a webDAV server!
Hook functions, monitor assembly loads and more as lagniappe.
🔗 https://posts.specterops.io/lateral-movement-with-the-net-profiler-8772c86f9523
🐥 [ tweet ]
Tired of having to write your payload to disk to move laterally? Make a .NET Profiler DLL and load it straight from a webDAV server!
Hook functions, monitor assembly loads and more as lagniappe.
🔗 https://posts.specterops.io/lateral-movement-with-the-net-profiler-8772c86f9523
🐥 [ tweet ]
👍7
😈 [ Andrey Konovalov @andreyknvl ]
Revamped my collection of USB hacking–related links:
🧰 Added more hardware and tools;
🗄 Reorganized into sections;
🗃 Added a table of contents.
Enjoy! 🎉
🔗 https://github.com/xairy/usb-hacking/blob/master/LINKS.md
🐥 [ tweet ]
Revamped my collection of USB hacking–related links:
🧰 Added more hardware and tools;
🗄 Reorganized into sections;
🗃 Added a table of contents.
Enjoy! 🎉
🔗 https://github.com/xairy/usb-hacking/blob/master/LINKS.md
🐥 [ tweet ]
кринжово, когда твою дипломную работу включают в какие-то подборки с гитхаба 😂😂😁3🍌3🥱1
😈 [ retr0reg @retr0reg ]
This is a blog about how I exploited Tenda Ac8's 0day remote overflow into RCE via mipsel ROPing with multi-regs.
It includes experience that I learn from 2 weeks of gdb-multiarch-ing, mipsrop-ing, QEMU-ing, IDA-ing, ifconfig-ing from scratch to CVE.
🔗 https://0reg.dev/blog/tenda-ac8-rop
🐥 [ tweet ]
This is a blog about how I exploited Tenda Ac8's 0day remote overflow into RCE via mipsel ROPing with multi-regs.
It includes experience that I learn from 2 weeks of gdb-multiarch-ing, mipsrop-ing, QEMU-ing, IDA-ing, ifconfig-ing from scratch to CVE.
🔗 https://0reg.dev/blog/tenda-ac8-rop
🐥 [ tweet ]
Offensive Xwitter
😈 [ 5pider @C5pider ] Modern implant design: position independent malware development. A small blog post on how to design "modern" malware with features like global variables, raw strings, and compile-time hashing. 🔗 https://5pider.net/blog/2024/01/27/modern…
😈 [ Shashwat Shah 🇮🇳 @0xEr3bus ]
I have created a project called “RdpStrike.” The goal is to extract clear text creds from mstsc. The aim is to dive into the Positional Independent Code, a blog post by @C5pider and the original implementation by @0x09AL.
🔗 https://github.com/0xEr3bus/RdpStrike
🐥 [ tweet ]
I have created a project called “RdpStrike.” The goal is to extract clear text creds from mstsc. The aim is to dive into the Positional Independent Code, a blog post by @C5pider and the original implementation by @0x09AL.
🔗 https://github.com/0xEr3bus/RdpStrike
🐥 [ tweet ]
🔥2🥱2
Offensive Xwitter
Как скрасить свой вечер: идем в https://x.com/studentofthings, открываем Ответы, читаем треды, рофлируем.
😈 [ Nathan Landon 🛡️ @studentofthings ]
(Modern Shellcode Implant Design) - More advanced shellcode hashing includes inserting hashing entropy.
It’s more difficult but we have something for that as well. 👍🛡️☠️
🔗 https://karma-x.io/blog/post/31/
🐥 [ tweet ]
(Modern Shellcode Implant Design) - More advanced shellcode hashing includes inserting hashing entropy.
It’s more difficult but we have something for that as well. 👍🛡️☠️
🔗 https://karma-x.io/blog/post/31/
🐥 [ tweet ]
хотел было сказать, что новая порция кринжа, но идея довольно интересная - добавлять в экспорт таблицы системных библиотек строки, которые вызывают коллизии в известных алгоритмах хеширования, используемых в малвари для резолва методов винапи👍5
😈 [ Marc-André Moreau @awakecoding ]
New blog post! 📰 Mac RDP Client: Kerberos and Protected Users Guide 🍎 Are you trying to harden your Active Directory environment by eliminating NTLM usage, but RDP from Macs stands in the way? Read this! ☀️💻👇
🔗 https://awakecoding.com/posts/mac-rdp-client-kerberos-and-protected-users-guide/
🐥 [ tweet ]
New blog post! 📰 Mac RDP Client: Kerberos and Protected Users Guide 🍎 Are you trying to harden your Active Directory environment by eliminating NTLM usage, but RDP from Macs stands in the way? Read this! ☀️💻👇
🔗 https://awakecoding.com/posts/mac-rdp-client-kerberos-and-protected-users-guide/
🐥 [ tweet ]
👍6