😈 [ Frey @Freyxfi ]
Rockyou2024[.]Zip Word list
🔗 https://s3.timeweb.cloud/fd51ce25-6f95e3f8-263a-4b13-92af-12bc265adb44/rockyou2024.zip
🔗 https://news.1rj.ru/str/frx3y/178
🐥 [ tweet ]
Rockyou2024[.]Zip Word list
🔗 https://s3.timeweb.cloud/fd51ce25-6f95e3f8-263a-4b13-92af-12bc265adb44/rockyou2024.zip
🔗 https://news.1rj.ru/str/frx3y/178
🐥 [ tweet ]
(45 Gb zip)👍13🔥4🥱1
😈 [ sh4dy @sh4dy_0011 ]
Wrote a short blog about running a simple LLVM pass. I’ll add even more cool stuff in upcoming posts :)
🔗 https://sh4dy.com/2024/06/29/learning_llvm_01/
Source code:
🔗 https://github.com/0xSh4dy/learning_llvm
🐥 [ tweet ]
Wrote a short blog about running a simple LLVM pass. I’ll add even more cool stuff in upcoming posts :)
🔗 https://sh4dy.com/2024/06/29/learning_llvm_01/
Source code:
🔗 https://github.com/0xSh4dy/learning_llvm
🐥 [ tweet ]
🔥5👍3
😈 [ sh4dy @sh4dy_0011 ]
Here’s the second part of my blog series on Compiler and LLVM internals, where I’ve explained the following concepts:
1. Basic blocks
2. Control flow graphs
3. Modules
4. Some applications of LLVM passes
🔗 https://sh4dy.com/2024/07/06/learning_llvm_02
Source code:
🔗 https://github.com/0xSh4dy/learning_llvm/tree/master/part_2
🐥 [ tweet ]
Here’s the second part of my blog series on Compiler and LLVM internals, where I’ve explained the following concepts:
1. Basic blocks
2. Control flow graphs
3. Modules
4. Some applications of LLVM passes
🔗 https://sh4dy.com/2024/07/06/learning_llvm_02
Source code:
🔗 https://github.com/0xSh4dy/learning_llvm/tree/master/part_2
🐥 [ tweet ]
🔥10👍1
😈 [ Orange Cyberdefense's SensePost Team @sensepost ]
Decorrelate attack tool behaviour to avoid EDR interference. In this post, @Defte_ writes about how remote LSA secrets dumping works and retrieves a Windows computer's BOOTKEY using less common methods.
🔗 https://sensepost.com/blog/2024/dumping-lsa-secrets-a-story-about-task-decorrelation/
🐥 [ tweet ]
Decorrelate attack tool behaviour to avoid EDR interference. In this post, @Defte_ writes about how remote LSA secrets dumping works and retrieves a Windows computer's BOOTKEY using less common methods.
🔗 https://sensepost.com/blog/2024/dumping-lsa-secrets-a-story-about-task-decorrelation/
🐥 [ tweet ]
👍10🔥2
😈 [ Rayan Bouyaiche @rayanlecat ]
Hello everyone !
This weekend I participated at @_leHACK_ where I did the #NetExec workshop animated by @mpgn_x64. Here is my writeup for those of you that are interested
🔗 https://www.rayanle.cat/lehack-2024-netexec-workshop-writeup/
🐥 [ tweet ]
Hello everyone !
This weekend I participated at @_leHACK_ where I did the #NetExec workshop animated by @mpgn_x64. Here is my writeup for those of you that are interested
🔗 https://www.rayanle.cat/lehack-2024-netexec-workshop-writeup/
🐥 [ tweet ]
👍8
😈 [ Kuba Gretzky @mrgretzky ]
A covert and smart way of implanting Chrome extensions through direct modification of Chrome setting files 🤯🔥
🔗 https://syntax-err0r.github.io/Silently_Install_Chrome_Extension.html
🐥 [ tweet ]
A covert and smart way of implanting Chrome extensions through direct modification of Chrome setting files 🤯🔥
🔗 https://syntax-err0r.github.io/Silently_Install_Chrome_Extension.html
🐥 [ tweet ]
👍8
😈 [ Justin Elze @HackingLZ ]
Recent addition to the shelf
"This is just a simplified version of the following but written in C and and runs on both mac and linux."
🔗 https://github.com/its-a-feature/bifrost
🔗 https://github.com/trustedsec/The_Shelf/tree/main/Retired/KerberosDump
🐥 [ tweet ]
Recent addition to the shelf
"This is just a simplified version of the following but written in C and and runs on both mac and linux."
🔗 https://github.com/its-a-feature/bifrost
🔗 https://github.com/trustedsec/The_Shelf/tree/main/Retired/KerberosDump
🐥 [ tweet ]
👍5
Когда-то давно мы с моим хорошим другом @DrunkF0x на пентесте опробовали скрипт LDAPmonitor (как раз тогда он только вышел) - на тот момент все, что он делал, это
Поздравляю с релизом!
Blog:
🔗 https://habr.com/ru/companies/angarasecurity/articles/697938/
Code:
🔗 https://github.com/DrunkF0x/ADSpider
"(objectClass=*)" на все объекты каждые N секунд и сравнивал результаты. Разумеется, это было жутко неэффективно, создает кучу трафика в эфире, а на больших доменах я бы вообще не рискнул запускать… Тогда у Ромы и появилась идея опроса изменений по значениям USN (Update Sequence Number), на основе которой им был разработан ADSpider 🕷️Поздравляю с релизом!
Blog:
🔗 https://habr.com/ru/companies/angarasecurity/articles/697938/
Code:
🔗 https://github.com/DrunkF0x/ADSpider
🔥19👍6
😈 [ SEKTOR7 Institute @SEKTOR7net ]
Krbtgt password reset is dead aka Eternal Persistence, by Rindert Kramer of @huntandhackett
Part 1:
🔗 https://www.huntandhackett.com/blog/how-to-achieve-eternal-persistence
Part 2:
🔗 https://www.huntandhackett.com/blog/how-to-achieve-eternal-persistence-part-2
Part 3:
🔗 https://www.huntandhackett.com/blog/how-to-achieve-eternal-persistence-part-3
PoC:
🔗 https://github.com/huntandhackett/PassiveAggression
🐥 [ tweet ]
Krbtgt password reset is dead aka Eternal Persistence, by Rindert Kramer of @huntandhackett
Part 1:
🔗 https://www.huntandhackett.com/blog/how-to-achieve-eternal-persistence
Part 2:
🔗 https://www.huntandhackett.com/blog/how-to-achieve-eternal-persistence-part-2
Part 3:
🔗 https://www.huntandhackett.com/blog/how-to-achieve-eternal-persistence-part-3
PoC:
🔗 https://github.com/huntandhackett/PassiveAggression
🐥 [ tweet ]
👍8🔥2
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ chebuya @_chebuya ]
How I discovered and exploited an unauthenticated SSRF in the Havoc C2 teamserver, allowing attackers to leak origin IPs of teamservers behind redirectors and much more!
🔗 https://blog.chebuya.com/posts/server-side-request-forgery-on-havoc-c2/
🔗 https://github.com/chebuya/Havoc-C2-SSRF-poc
🐥 [ tweet ]
How I discovered and exploited an unauthenticated SSRF in the Havoc C2 teamserver, allowing attackers to leak origin IPs of teamservers behind redirectors and much more!
🔗 https://blog.chebuya.com/posts/server-side-request-forgery-on-havoc-c2/
🔗 https://github.com/chebuya/Havoc-C2-SSRF-poc
🐥 [ tweet ]
🔥6
😈 [ CICADA8Research @CICADA8Research ]
Process Injection is Dead. Long Live IHxHelpPaneServer
How can a user's session be abused without process injection, remotekrbrelay, tgsthief?
Read it in our new article:
🔗 https://cicada-8.medium.com/process-injection-is-dead-long-live-ihxhelppaneserver-af8f20431b5d
POC:
🔗 https://github.com/CICADA8-Research/IHxExec
🐥 [ tweet ]
Process Injection is Dead. Long Live IHxHelpPaneServer
How can a user's session be abused without process injection, remotekrbrelay, tgsthief?
Read it in our new article:
🔗 https://cicada-8.medium.com/process-injection-is-dead-long-live-ihxhelppaneserver-af8f20431b5d
POC:
🔗 https://github.com/CICADA8-Research/IHxExec
🐥 [ tweet ]
👍9🔥6
😈 [ Greg Darwin @gregdarwin ]
After months in development, Cobalt Strike 4.10 is now available for download. This release sees the introduction of BeaconGate, the Sleepmask-VS, postex kit, a new job browser and much, much more. Check out the blog post for details:
🔗 https://www.cobaltstrike.com/blog/cobalt-strike-410-through-the-beacongate
🐥 [ tweet ]
новая биба срак, как говорит @Acrono
After months in development, Cobalt Strike 4.10 is now available for download. This release sees the introduction of BeaconGate, the Sleepmask-VS, postex kit, a new job browser and much, much more. Check out the blog post for details:
🔗 https://www.cobaltstrike.com/blog/cobalt-strike-410-through-the-beacongate
🐥 [ tweet ]
новая биба срак, как говорит @Acrono
😁7🔥1
😈 [ Antonio Cocomazzi @splinter_code ]
Excited to share my latest research about FIN7 🔥
The discovery of a new abuse for the Windows built-in driver ProcLaunchMon.sys (TTD Monitor driver) to tamper with EDRs has been an interesting surprise.
Enjoy the read 👇
🔗 https://www.sentinelone.com/labs/fin7-reboot-cybercrime-gang-enhances-ops-with-new-edr-bypasses-and-automated-attacks/
🐥 [ tweet ]
Excited to share my latest research about FIN7 🔥
The discovery of a new abuse for the Windows built-in driver ProcLaunchMon.sys (TTD Monitor driver) to tamper with EDRs has been an interesting surprise.
Enjoy the read 👇
🔗 https://www.sentinelone.com/labs/fin7-reboot-cybercrime-gang-enhances-ops-with-new-edr-bypasses-and-automated-attacks/
🐥 [ tweet ]
👍5
😈 [ Zach Vorhies / Google Whistleblower @Perpetualmaniac ]
Crowdstrike Analysis:
It was a NULL pointer from the memory unsafe C++ language.
Since I am a professional C++ programmer, let me decode this stack trace dump for you.
🔗 https://threadreaderapp.com/thread/1814376668095754753.html
🐥 [ tweet ]
Crowdstrike Analysis:
It was a NULL pointer from the memory unsafe C++ language.
Since I am a professional C++ programmer, let me decode this stack trace dump for you.
🔗 https://threadreaderapp.com/thread/1814376668095754753.html
🐥 [ tweet ]
профессионал цпп программист все объяснил🔥11🍌1