😈 [ X-C3LL @TheXC3LL ]
You can find my slides for "Offensive VBA" talk here
🔗 https://github.com/X-C3LL/congresos-slides/blob/master/Offensive%20VBA.pdf
🐥 [ tweet ]
You can find my slides for "Offensive VBA" talk here
🔗 https://github.com/X-C3LL/congresos-slides/blob/master/Offensive%20VBA.pdf
🐥 [ tweet ]
👍7🔥1🍌1
😈 [ Daniel @0x64616e ]
Added support for LAPSv2 to BloodHound[.]py:
🔗 https://github.com/dirkjanm/BloodHound.py/pull/159
🐥 [ tweet ]
Added support for LAPSv2 to BloodHound[.]py:
🔗 https://github.com/dirkjanm/BloodHound.py/pull/159
🐥 [ tweet ]
🔥6
😈 [ Lsec @lsecqt ]
I created a blog-post about MSSQL relay attack. Hope you enjoy and find this useful:
🔗 https://lsecqt.github.io/Red-Teaming-Army/active-directory/compromising-mssql-databases-by-relaying/
🐥 [ tweet ]
I created a blog-post about MSSQL relay attack. Hope you enjoy and find this useful:
🔗 https://lsecqt.github.io/Red-Teaming-Army/active-directory/compromising-mssql-databases-by-relaying/
🐥 [ tweet ]
👍6🔥2
😈 [ S3cur3Th1sSh1t @ShitSecure ]
Didn't check the code yet, but looks like SilverPotato and CertifiedDCOM have a working public weaponized tool by now:
🔗 https://github.com/CICADA8-Research/RemoteKrbRelay
That's huge news from my perspective🔥
🐥 [ tweet ]
Didn't check the code yet, but looks like SilverPotato and CertifiedDCOM have a working public weaponized tool by now:
🔗 https://github.com/CICADA8-Research/RemoteKrbRelay
That's huge news from my perspective🔥
🐥 [ tweet ]
дежавю, где-то я это уже видел... whatever🔥9👍4🥱1
😈 [ HADESS @Hadess_security ]
64 Methods For Execute Mimikatz
🔗 https://redteamrecipe.com/64-methods-for-execute-mimikatzrtc0003
🐥 [ tweet ]
64 Methods For Execute Mimikatz
🔗 https://redteamrecipe.com/64-methods-for-execute-mimikatzrtc0003
🐥 [ tweet ]
🥱8👍6🔥1
😈 [ Balthasar @BalthasarMartin ]
Today at #Troopers24 we released Certiception – the ADCS honeypot we always wanted to have.
Blog:
🔗 https://srlabs.de/blog-post/certiception-the-adcs-honeypot-we-always-wanted
Source code:
🔗 https://github.com/srlabs/Certiception
Slide deck, including our guide to deception strategy:
🔗 https://github.com/srlabs/Certiception/blob/main/documentation/
🐥 [ tweet ]
Today at #Troopers24 we released Certiception – the ADCS honeypot we always wanted to have.
Blog:
🔗 https://srlabs.de/blog-post/certiception-the-adcs-honeypot-we-always-wanted
Source code:
🔗 https://github.com/srlabs/Certiception
Slide deck, including our guide to deception strategy:
🔗 https://github.com/srlabs/Certiception/blob/main/documentation/
🐥 [ tweet ]
👍1🔥1🤔1
😈 [ Nikhil Mittal @nikhil_mitt ]
"When the hunter becomes the hunted: Using custom callbacks to disable EDRs"
A fantastic blog post by @d1rkmtr that is full of knowledge and a teaser!
🔗 https://www.alteredsecurity.com/post/when-the-hunter-becomes-the-hunted-using-custom-callbacks-to-disable-edrs
🐥 [ tweet ]
"When the hunter becomes the hunted: Using custom callbacks to disable EDRs"
A fantastic blog post by @d1rkmtr that is full of knowledge and a teaser!
🔗 https://www.alteredsecurity.com/post/when-the-hunter-becomes-the-hunted-using-custom-callbacks-to-disable-edrs
🐥 [ tweet ]
🔥6👍1
😈 [ Daniel @0x64616e ]
My friend @mojeda_101 and I had the funny idea to leverage GPO item-level targeting for domain persistence.
🔗 https://pentest.party/posts/2024/persistence-with-wmi-filters/
🐥 [ tweet ]
My friend @mojeda_101 and I had the funny idea to leverage GPO item-level targeting for domain persistence.
🔗 https://pentest.party/posts/2024/persistence-with-wmi-filters/
🐥 [ tweet ]
кому тоже в первую очередь в голову пришло сравнение с port knocking?🔥4🥱1
😈 [ DSAS by INJECT @DevSecAS ]
Active Directory Dumper - ADFind on Python
🔗 https://blog.injectexp.dev/2024/06/30/active-directory-dumper/
🔗 https://blog.injectexp.dev/2024/06/30/active-directory-dumper-2/
🐥 [ tweet ]
Active Directory Dumper - ADFind on Python
🔗 https://blog.injectexp.dev/2024/06/30/active-directory-dumper/
🔗 https://blog.injectexp.dev/2024/06/30/active-directory-dumper-2/
🐥 [ tweet ]
🔥5🍌3
Forwarded from APT
The Qualys Threat Research Unit has discovered a Remote Unauthenticated Code Execution vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387.
The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems.
🔗 Research:
https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server
🔗 PoC:
https://github.com/7etsuo/cve-2024-6387-poc
#openssh #glibc #rce #cve
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥12
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ Ege Balcı @egeblc ]
New tool drop! 🔥🔥 de-optimizer uses several mathematical approaches for mutating machine code instructions to their functional equivalents. Very good for bypassing rule-based detection without using any RWE memory.
🔗 https://github.com/EgeBalci/deoptimizer
🐥 [ tweet ]
New tool drop! 🔥🔥 de-optimizer uses several mathematical approaches for mutating machine code instructions to their functional equivalents. Very good for bypassing rule-based detection without using any RWE memory.
🔗 https://github.com/EgeBalci/deoptimizer
🐥 [ tweet ]
👍7
😈 [ Diego Capriotti @naksyn ]
Recently, I wanted to quickly test some sleep obfuscation ideas against @jdu2600's EtwTi-FluctuationMonitor using Beacon, without dealing with UDRL debugging. At the end of the journey, I ended up with:
- A way to generate and load, via a PE loader, a UDRL-less Beacon payload.
- A way to generate and load, via a PE loader, a UDRL-less Beacon payload.
- A generic PE loader to hook Sleep and quickly prototype evasion ideas.
- Two different (though not necessarily novel) sleep obfuscation techniques, which allowed me to evade EtwTi-FluctuationMonitor and other scanners.
I dubbed these techniques MemoryBouncing and MemoryHopping. They both involve moving to another area of memory at every sleep and/or freeing the PE memory.
Here’s the blog post:
🔗 https://www.naksyn.com/cobalt%20strike/2024/07/02/raising-beacons-without-UDRLs-teaching-how-to-sleep.html
And the PE loader used, dubbed Dojoloader:
🔗 https://github.com/naksyn/DojoLoader
In his BH Asia presentation, @jdu2600 gave some hints on how the RX->RW detection could be bypassed. It sounded fun to test, and it was indeed a fascinating challenge for me. A huge thanks to him and his tools for sparking my curiosity.
🐥 [ tweet ]
Recently, I wanted to quickly test some sleep obfuscation ideas against @jdu2600's EtwTi-FluctuationMonitor using Beacon, without dealing with UDRL debugging. At the end of the journey, I ended up with:
- A way to generate and load, via a PE loader, a UDRL-less Beacon payload.
- A way to generate and load, via a PE loader, a UDRL-less Beacon payload.
- A generic PE loader to hook Sleep and quickly prototype evasion ideas.
- Two different (though not necessarily novel) sleep obfuscation techniques, which allowed me to evade EtwTi-FluctuationMonitor and other scanners.
I dubbed these techniques MemoryBouncing and MemoryHopping. They both involve moving to another area of memory at every sleep and/or freeing the PE memory.
Here’s the blog post:
🔗 https://www.naksyn.com/cobalt%20strike/2024/07/02/raising-beacons-without-UDRLs-teaching-how-to-sleep.html
And the PE loader used, dubbed Dojoloader:
🔗 https://github.com/naksyn/DojoLoader
In his BH Asia presentation, @jdu2600 gave some hints on how the RX->RW detection could be bypassed. It sounded fun to test, and it was indeed a fascinating challenge for me. A huge thanks to him and his tools for sparking my curiosity.
🐥 [ tweet ]
🔥6👍2
😈 [ Winslow @senzee1984 ]
Check out my new article - EDRPrison: Borrow a Legitimate Driver to Mute EDR Agent
Blog:
🔗 https://www.3nailsinfosec.com/post/edrprison-borrow-a-legitimate-driver-to-mute-edr-agent
Github:
🔗 https://github.com/senzee1984/EDRPrison
🐥 [ tweet ]
Check out my new article - EDRPrison: Borrow a Legitimate Driver to Mute EDR Agent
Blog:
🔗 https://www.3nailsinfosec.com/post/edrprison-borrow-a-legitimate-driver-to-mute-edr-agent
Github:
🔗 https://github.com/senzee1984/EDRPrison
🐥 [ tweet ]
🔥5🤯2
😈 [ Tyler Hudak @SecShoggoth ]
I recommend reading this thread as it gives some great insight and stories into incidents.
Also, the current top comment on there is freaking incredible!
🔗 https://www.reddit.com/r/sysadmin/comments/1dsgi6t/sysadmins_who_went_through_a_breach_how_did_the
🐥 [ tweet ]
I recommend reading this thread as it gives some great insight and stories into incidents.
Also, the current top comment on there is freaking incredible!
🔗 https://www.reddit.com/r/sysadmin/comments/1dsgi6t/sysadmins_who_went_through_a_breach_how_did_the
🐥 [ tweet ]
👍9
😈 [ ap @decoder_it ]
Cool finding from my colleague @cj_berlin detailed here: . PS remoting and SSH ignores "Deny Logon restrictions". So if you enable SSHd on a Domain Controller, every domain user can log in... and, for example, perform a #RemotePotato0 attack 😲
🔗 https://it-pro-berlin.de/2024/07/use-ssh-on-windows-they-said/
🐥 [ tweet ]
Cool finding from my colleague @cj_berlin detailed here: . PS remoting and SSH ignores "Deny Logon restrictions". So if you enable SSHd on a Domain Controller, every domain user can log in... and, for example, perform a #RemotePotato0 attack 😲
🔗 https://it-pro-berlin.de/2024/07/use-ssh-on-windows-they-said/
🐥 [ tweet ]
👍6🔥3🥱1
😈 [ Frey @Freyxfi ]
Rockyou2024[.]Zip Word list
🔗 https://s3.timeweb.cloud/fd51ce25-6f95e3f8-263a-4b13-92af-12bc265adb44/rockyou2024.zip
🔗 https://news.1rj.ru/str/frx3y/178
🐥 [ tweet ]
Rockyou2024[.]Zip Word list
🔗 https://s3.timeweb.cloud/fd51ce25-6f95e3f8-263a-4b13-92af-12bc265adb44/rockyou2024.zip
🔗 https://news.1rj.ru/str/frx3y/178
🐥 [ tweet ]
(45 Gb zip)👍13🔥4🥱1
😈 [ sh4dy @sh4dy_0011 ]
Wrote a short blog about running a simple LLVM pass. I’ll add even more cool stuff in upcoming posts :)
🔗 https://sh4dy.com/2024/06/29/learning_llvm_01/
Source code:
🔗 https://github.com/0xSh4dy/learning_llvm
🐥 [ tweet ]
Wrote a short blog about running a simple LLVM pass. I’ll add even more cool stuff in upcoming posts :)
🔗 https://sh4dy.com/2024/06/29/learning_llvm_01/
Source code:
🔗 https://github.com/0xSh4dy/learning_llvm
🐥 [ tweet ]
🔥5👍3