😈 [ Chris Thompson @_Mayyhem ]
Great blog post on detecting SCCM app/noscript execution and cred dumping techniques from @TrentonTait and @snapattackHQ:
🔗 https://blog.snapattack.com/a-detection-engineers-guide-to-sccm-misconfiguration-abuse-50fa059a446e
🐥 [ tweet ]
Great blog post on detecting SCCM app/noscript execution and cred dumping techniques from @TrentonTait and @snapattackHQ:
🔗 https://blog.snapattack.com/a-detection-engineers-guide-to-sccm-misconfiguration-abuse-50fa059a446e
🐥 [ tweet ]
👍4🔥2
😈 [ OtterHacker @OtterHacker ]
I spent some time fighting with the #DPAPI to decipher data offline. Majority of the tools are all in one package and do not play well with EDR. I needed to do all of this offline, from #SCCM decryption to Chrome cloning. I hope it will help someone !
🔗 https://otterhacker.github.io/Pentest/Techniques/DPAPI.html
🐥 [ tweet ]
I spent some time fighting with the #DPAPI to decipher data offline. Majority of the tools are all in one package and do not play well with EDR. I needed to do all of this offline, from #SCCM decryption to Chrome cloning. I hope it will help someone !
🔗 https://otterhacker.github.io/Pentest/Techniques/DPAPI.html
🐥 [ tweet ]
🔥6
😈 [ NVISO @NVISOsecurity ]
We've expanded our #RedTeam arsenal with a new awesome Windows LPE BOF for #CobaltStrike and #BruteRatel thanks to the original exploit author @varwara.
Get your copy here!
🔗 https://github.com/NVISOsecurity/CVE-2024-26229-BOF
🐥 [ tweet ]
We've expanded our #RedTeam arsenal with a new awesome Windows LPE BOF for #CobaltStrike and #BruteRatel thanks to the original exploit author @varwara.
Get your copy here!
🔗 https://github.com/NVISOsecurity/CVE-2024-26229-BOF
🐥 [ tweet ]
🔥4🥱3
😈 [ BC Security @bcsecurity ]
ScriptBlock Smuggling is a new technique, developed by @_Hubbl3 & @Cx01N_ that allows that allows for the spoofing of PowerShell security logs & bypasses AMSI without the need for reflection or memory patching. Learn all about in our new blog post!
🔗 https://bc-security.org/noscriptblock-smuggling/
🐥 [ tweet ]
ScriptBlock Smuggling is a new technique, developed by @_Hubbl3 & @Cx01N_ that allows that allows for the spoofing of PowerShell security logs & bypasses AMSI without the need for reflection or memory patching. Learn all about in our new blog post!
🔗 https://bc-security.org/noscriptblock-smuggling/
🐥 [ tweet ]
🔥7
😈 [ Hors @horsicq ]
PE-LiteScan (or PELS) is a simple heuristic analyzer for common PE-anomalies, specifically focusing on the detection of packers and protectors. Designed for Windows and Linux.
🔗 https://github.com/DosX-dev/PE-LiteScan
🐥 [ tweet ]
PE-LiteScan (or PELS) is a simple heuristic analyzer for common PE-anomalies, specifically focusing on the detection of packers and protectors. Designed for Windows and Linux.
🔗 https://github.com/DosX-dev/PE-LiteScan
🐥 [ tweet ]
👍3🔥2
😈 [ Alex Neff @al3x_n3ff ]
Did you know that since v1.2.0 you can do raw ldap queries with NetExec?
I never got used to the syntax of ldapsearch, so I added the ability to query ldap to NetExec. Just use the new
🐥 [ tweet ]
Did you know that since v1.2.0 you can do raw ldap queries with NetExec?
I never got used to the syntax of ldapsearch, so I added the ability to query ldap to NetExec. Just use the new
--query "(attribute)" filter option 🎉🐥 [ tweet ]
👍5
Forwarded from Just Security
Дедлайн близко 😱
Продолжаем поиск самых выдающихся работ, относящихся к разным стадиям имитации хакерских атак. Браво, всем, кто уже прислал заявки: форма и содержание, креативная подача, мемные иллюстрации и точные метафоры — все это божественно прекрасно. Не зря мы твердим, что пентест самая творческая ИБ-профессия. Гордимся всеми участниками за ум, инициативность и смелость!
Не упускайте шанс побороться за звание лучшего этичного хакера, получить призы и потусить с единомышленниками в камерной атмосфере на церемонии награждения.
Делитесь своими наработками — https://award.awillix.ru/
#pentestaward
Продолжаем поиск самых выдающихся работ, относящихся к разным стадиям имитации хакерских атак. Браво, всем, кто уже прислал заявки: форма и содержание, креативная подача, мемные иллюстрации и точные метафоры — все это божественно прекрасно. Не зря мы твердим, что пентест самая творческая ИБ-профессия. Гордимся всеми участниками за ум, инициативность и смелость!
Не упускайте шанс побороться за звание лучшего этичного хакера, получить призы и потусить с единомышленниками в камерной атмосфере на церемонии награждения.
Делитесь своими наработками — https://award.awillix.ru/
#pentestaward
👍6🔥2🥱1🍌1
😈 [ an0n @an0n_r0 ]
Quickly built a @pdnuclei template for easy scanning against this fresh vCenter (potential) RCE (+privesc) tagged with VMSA-2024-0012, CVE-2024-37079, CVE-2024-37080, CVE-2024-37081: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453
Here it is:
🔗 https://gist.github.com/tothi/0ff034b254aca527c3a1283ff854592a
🐥 [ tweet ][ quote ]
Quickly built a @pdnuclei template for easy scanning against this fresh vCenter (potential) RCE (+privesc) tagged with VMSA-2024-0012, CVE-2024-37079, CVE-2024-37080, CVE-2024-37081: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453
Here it is:
🔗 https://gist.github.com/tothi/0ff034b254aca527c3a1283ff854592a
🐥 [ tweet ][ quote ]
🔥4
😈 [ Daniel Bohannon @danielhbohannon ]
I'm humbled & truly excited to share that @sabi_elezi & I will be releasing our latest LDAP research & open-source tool at @defcon!
Fun fact - our noscript is a fully-functioning LDAP search filter 😎
🐥 [ tweet ]
I'm humbled & truly excited to share that @sabi_elezi & I will be releasing our latest LDAP research & open-source tool at @defcon!
Fun fact - our noscript is a fully-functioning LDAP search filter 😎
(|(MaLDAPtive:¯\_(LDAP)_/¯=ObFUsc8t10n) (De-Obfuscation &:=De*te)(!c=tion))
🐥 [ tweet ]
👍3😁2
Offensive Xwitter
📢 Команда PT SWARM в поисках своего оффенсив-разработчика! Заниматься будем поддержкой существующего внутреннего инструментария команды, а также разрабатывать новый для закрытия проектов, важным аспектом которых является уклонения от систем обнаружения и…
Мое направление разработки для редтим-проектов в Positive Technologies постепенно укомплектовывается спецами по "среднеуровневым" языкам (СИшники, привет), однако потребность в разработчике под .NET Framework/Core (+Mono) и Python все еще есть. Люди в чате, которые понимают CLR, прогают на Offensive C#, хорошо ориентируются в кодовой базе Impacket и хорошо умеют в питухон в целом, welcome на собес, у нас много печенек 😉
Оригинальная вакуха вот туть (будет правиться с учетом новых потребностей выше) 👉🏻 https://hh.ru/vacancy/91158970
ТАКЖЕ у нас не хватает крутых социальных инженеров, поэтому если больше нравится не писать уклонения от АВ, а пентестить человеческий фактор под руководством Константина, милости просим сюда 👉🏻 https://hh.ru/vacancy/101255681
По первой вакухе писать можно мне (@snovvcrash) или Артему (@Gorefield), по второй - Артему
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥4🥱1
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ Samir @SBousseaden ]
Elastic Security Labs has discovered a new method for initial access and evasion in the wild, termed #GrimResource, which involves arbitrary execution in mmc.exe through a crafted MSC file.
🔗 https://www.elastic.co/security-labs/grimresource
🔗 https://gist.github.com/joe-desimone/2b0bbee382c9bdfcac53f2349a379fa4
🐥 [ tweet ]
Elastic Security Labs has discovered a new method for initial access and evasion in the wild, termed #GrimResource, which involves arbitrary execution in mmc.exe through a crafted MSC file.
🔗 https://www.elastic.co/security-labs/grimresource
🔗 https://gist.github.com/joe-desimone/2b0bbee382c9bdfcac53f2349a379fa4
🐥 [ tweet ]
👍6🔥4😁1🥱1
😈 [ @guidepointsec @GuidePointSec ]
[BLOG] Marshall Price, @GuidePointSec, digs into the risks of compromised #SCCM admin accounts. Learn how attackers can use these privileges to compromise entire networks and best practices to protect your infrastructure.
🔗 https://www.guidepointsecurity.com/blog/sccm-exploitation-evading-defenses-and-moving-laterally-with-sccm-application-deployment/
🐥 [ tweet ]
[BLOG] Marshall Price, @GuidePointSec, digs into the risks of compromised #SCCM admin accounts. Learn how attackers can use these privileges to compromise entire networks and best practices to protect your infrastructure.
🔗 https://www.guidepointsecurity.com/blog/sccm-exploitation-evading-defenses-and-moving-laterally-with-sccm-application-deployment/
🐥 [ tweet ]
🔥5
Offensive Xwitter pinned «⚠️ "Tonight, Gehrman joins snovvcrash continues the hunt..." Мое направление разработки для редтим-проектов в Positive Technologies постепенно укомплектовывается спецами по "среднеуровневым" языкам (СИшники, привет), однако потребность в разработчике под…»
😈 [ Alisa Esage Шевченко @alisaesage ]
Everyone who doesn’t like me sucks and is a bad person
🐥 [ tweet ]
Everyone who doesn’t like me sucks and is a bad person
🐥 [ tweet ]
current mood😁11🔥3🥱3🤯2
😈 [ NULL @NUL0x4C ]
FetchPayloadFromDummyFile: A tool to obfuscate your payload while reducing entropy by converting the payload to arrays of offsets.
🔗 https://github.com/NUL0x4C/FetchPayloadFromDummyFile
🐥 [ tweet ]
FetchPayloadFromDummyFile: A tool to obfuscate your payload while reducing entropy by converting the payload to arrays of offsets.
🔗 https://github.com/NUL0x4C/FetchPayloadFromDummyFile
🐥 [ tweet ]
🔥7👍1
😈 [ X-C3LL @TheXC3LL ]
You can find my slides for "Offensive VBA" talk here
🔗 https://github.com/X-C3LL/congresos-slides/blob/master/Offensive%20VBA.pdf
🐥 [ tweet ]
You can find my slides for "Offensive VBA" talk here
🔗 https://github.com/X-C3LL/congresos-slides/blob/master/Offensive%20VBA.pdf
🐥 [ tweet ]
👍7🔥1🍌1
😈 [ Daniel @0x64616e ]
Added support for LAPSv2 to BloodHound[.]py:
🔗 https://github.com/dirkjanm/BloodHound.py/pull/159
🐥 [ tweet ]
Added support for LAPSv2 to BloodHound[.]py:
🔗 https://github.com/dirkjanm/BloodHound.py/pull/159
🐥 [ tweet ]
🔥6