😈 [ Orange Cyberdefense's SensePost Team @sensepost ]
Decorrelate attack tool behaviour to avoid EDR interference. In this post, @Defte_ writes about how remote LSA secrets dumping works and retrieves a Windows computer's BOOTKEY using less common methods.
🔗 https://sensepost.com/blog/2024/dumping-lsa-secrets-a-story-about-task-decorrelation/
🐥 [ tweet ]
Decorrelate attack tool behaviour to avoid EDR interference. In this post, @Defte_ writes about how remote LSA secrets dumping works and retrieves a Windows computer's BOOTKEY using less common methods.
🔗 https://sensepost.com/blog/2024/dumping-lsa-secrets-a-story-about-task-decorrelation/
🐥 [ tweet ]
👍10🔥2
😈 [ Rayan Bouyaiche @rayanlecat ]
Hello everyone !
This weekend I participated at @_leHACK_ where I did the #NetExec workshop animated by @mpgn_x64. Here is my writeup for those of you that are interested
🔗 https://www.rayanle.cat/lehack-2024-netexec-workshop-writeup/
🐥 [ tweet ]
Hello everyone !
This weekend I participated at @_leHACK_ where I did the #NetExec workshop animated by @mpgn_x64. Here is my writeup for those of you that are interested
🔗 https://www.rayanle.cat/lehack-2024-netexec-workshop-writeup/
🐥 [ tweet ]
👍8
😈 [ Kuba Gretzky @mrgretzky ]
A covert and smart way of implanting Chrome extensions through direct modification of Chrome setting files 🤯🔥
🔗 https://syntax-err0r.github.io/Silently_Install_Chrome_Extension.html
🐥 [ tweet ]
A covert and smart way of implanting Chrome extensions through direct modification of Chrome setting files 🤯🔥
🔗 https://syntax-err0r.github.io/Silently_Install_Chrome_Extension.html
🐥 [ tweet ]
👍8
😈 [ Justin Elze @HackingLZ ]
Recent addition to the shelf
"This is just a simplified version of the following but written in C and and runs on both mac and linux."
🔗 https://github.com/its-a-feature/bifrost
🔗 https://github.com/trustedsec/The_Shelf/tree/main/Retired/KerberosDump
🐥 [ tweet ]
Recent addition to the shelf
"This is just a simplified version of the following but written in C and and runs on both mac and linux."
🔗 https://github.com/its-a-feature/bifrost
🔗 https://github.com/trustedsec/The_Shelf/tree/main/Retired/KerberosDump
🐥 [ tweet ]
👍5
Когда-то давно мы с моим хорошим другом @DrunkF0x на пентесте опробовали скрипт LDAPmonitor (как раз тогда он только вышел) - на тот момент все, что он делал, это
Поздравляю с релизом!
Blog:
🔗 https://habr.com/ru/companies/angarasecurity/articles/697938/
Code:
🔗 https://github.com/DrunkF0x/ADSpider
"(objectClass=*)" на все объекты каждые N секунд и сравнивал результаты. Разумеется, это было жутко неэффективно, создает кучу трафика в эфире, а на больших доменах я бы вообще не рискнул запускать… Тогда у Ромы и появилась идея опроса изменений по значениям USN (Update Sequence Number), на основе которой им был разработан ADSpider 🕷️Поздравляю с релизом!
Blog:
🔗 https://habr.com/ru/companies/angarasecurity/articles/697938/
Code:
🔗 https://github.com/DrunkF0x/ADSpider
🔥19👍6
😈 [ SEKTOR7 Institute @SEKTOR7net ]
Krbtgt password reset is dead aka Eternal Persistence, by Rindert Kramer of @huntandhackett
Part 1:
🔗 https://www.huntandhackett.com/blog/how-to-achieve-eternal-persistence
Part 2:
🔗 https://www.huntandhackett.com/blog/how-to-achieve-eternal-persistence-part-2
Part 3:
🔗 https://www.huntandhackett.com/blog/how-to-achieve-eternal-persistence-part-3
PoC:
🔗 https://github.com/huntandhackett/PassiveAggression
🐥 [ tweet ]
Krbtgt password reset is dead aka Eternal Persistence, by Rindert Kramer of @huntandhackett
Part 1:
🔗 https://www.huntandhackett.com/blog/how-to-achieve-eternal-persistence
Part 2:
🔗 https://www.huntandhackett.com/blog/how-to-achieve-eternal-persistence-part-2
Part 3:
🔗 https://www.huntandhackett.com/blog/how-to-achieve-eternal-persistence-part-3
PoC:
🔗 https://github.com/huntandhackett/PassiveAggression
🐥 [ tweet ]
👍8🔥2
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ chebuya @_chebuya ]
How I discovered and exploited an unauthenticated SSRF in the Havoc C2 teamserver, allowing attackers to leak origin IPs of teamservers behind redirectors and much more!
🔗 https://blog.chebuya.com/posts/server-side-request-forgery-on-havoc-c2/
🔗 https://github.com/chebuya/Havoc-C2-SSRF-poc
🐥 [ tweet ]
How I discovered and exploited an unauthenticated SSRF in the Havoc C2 teamserver, allowing attackers to leak origin IPs of teamservers behind redirectors and much more!
🔗 https://blog.chebuya.com/posts/server-side-request-forgery-on-havoc-c2/
🔗 https://github.com/chebuya/Havoc-C2-SSRF-poc
🐥 [ tweet ]
🔥6
😈 [ CICADA8Research @CICADA8Research ]
Process Injection is Dead. Long Live IHxHelpPaneServer
How can a user's session be abused without process injection, remotekrbrelay, tgsthief?
Read it in our new article:
🔗 https://cicada-8.medium.com/process-injection-is-dead-long-live-ihxhelppaneserver-af8f20431b5d
POC:
🔗 https://github.com/CICADA8-Research/IHxExec
🐥 [ tweet ]
Process Injection is Dead. Long Live IHxHelpPaneServer
How can a user's session be abused without process injection, remotekrbrelay, tgsthief?
Read it in our new article:
🔗 https://cicada-8.medium.com/process-injection-is-dead-long-live-ihxhelppaneserver-af8f20431b5d
POC:
🔗 https://github.com/CICADA8-Research/IHxExec
🐥 [ tweet ]
👍9🔥6
😈 [ Greg Darwin @gregdarwin ]
After months in development, Cobalt Strike 4.10 is now available for download. This release sees the introduction of BeaconGate, the Sleepmask-VS, postex kit, a new job browser and much, much more. Check out the blog post for details:
🔗 https://www.cobaltstrike.com/blog/cobalt-strike-410-through-the-beacongate
🐥 [ tweet ]
новая биба срак, как говорит @Acrono
After months in development, Cobalt Strike 4.10 is now available for download. This release sees the introduction of BeaconGate, the Sleepmask-VS, postex kit, a new job browser and much, much more. Check out the blog post for details:
🔗 https://www.cobaltstrike.com/blog/cobalt-strike-410-through-the-beacongate
🐥 [ tweet ]
новая биба срак, как говорит @Acrono
😁7🔥1
😈 [ Antonio Cocomazzi @splinter_code ]
Excited to share my latest research about FIN7 🔥
The discovery of a new abuse for the Windows built-in driver ProcLaunchMon.sys (TTD Monitor driver) to tamper with EDRs has been an interesting surprise.
Enjoy the read 👇
🔗 https://www.sentinelone.com/labs/fin7-reboot-cybercrime-gang-enhances-ops-with-new-edr-bypasses-and-automated-attacks/
🐥 [ tweet ]
Excited to share my latest research about FIN7 🔥
The discovery of a new abuse for the Windows built-in driver ProcLaunchMon.sys (TTD Monitor driver) to tamper with EDRs has been an interesting surprise.
Enjoy the read 👇
🔗 https://www.sentinelone.com/labs/fin7-reboot-cybercrime-gang-enhances-ops-with-new-edr-bypasses-and-automated-attacks/
🐥 [ tweet ]
👍5
😈 [ Zach Vorhies / Google Whistleblower @Perpetualmaniac ]
Crowdstrike Analysis:
It was a NULL pointer from the memory unsafe C++ language.
Since I am a professional C++ programmer, let me decode this stack trace dump for you.
🔗 https://threadreaderapp.com/thread/1814376668095754753.html
🐥 [ tweet ]
Crowdstrike Analysis:
It was a NULL pointer from the memory unsafe C++ language.
Since I am a professional C++ programmer, let me decode this stack trace dump for you.
🔗 https://threadreaderapp.com/thread/1814376668095754753.html
🐥 [ tweet ]
профессионал цпп программист все объяснил🔥11🍌1
Offensive Xwitter
😈 [ Zach Vorhies / Google Whistleblower @Perpetualmaniac ] Crowdstrike Analysis: It was a NULL pointer from the memory unsafe C++ language. Since I am a professional C++ programmer, let me decode this stack trace dump for you. 🔗 https://threadreaderap…
😈 [ Tavis Ormandy @taviso ]
This strange tweet got >25k retweets. The author sounds confident, and he uses lots of hex and jargon. There are red flags though... like what's up with the DEI stuff, and who says "stack trace dump"? Let's take a closer look... 🧵1/n
🔗 https://threadreaderapp.com/thread/1814762302337654829.html
🐥 [ tweet ]
This strange tweet got >25k retweets. The author sounds confident, and he uses lots of hex and jargon. There are red flags though... like what's up with the DEI stuff, and who says "stack trace dump"? Let's take a closer look... 🧵1/n
🔗 https://threadreaderapp.com/thread/1814762302337654829.html
🐥 [ tweet ]
(все равно больше ничего интересного не происходит)👍6🤔4🔥3😁1
😈 [ Max Harley @0xdab0 ]
Finally releasing a very beta version of my ADExplorerSnapshot Rust rewrite! There have been a ton of performance optimizations, edges added, and usability improvements since the quoted tweet. I'm really excited for people to start using and breaking it.
🔗 https://github.com/t94j0/adexplorersnapshot-rs
🐥 [ tweet ][ quote ]
Finally releasing a very beta version of my ADExplorerSnapshot Rust rewrite! There have been a ton of performance optimizations, edges added, and usability improvements since the quoted tweet. I'm really excited for people to start using and breaking it.
🔗 https://github.com/t94j0/adexplorersnapshot-rs
🐥 [ tweet ][ quote ]
👍7🥱3
😈 [ 5pider @C5pider ]
I haven't posted anything about Havoc in a while so imma share something I have been working on. Wrote a custom VM/Interpreter (based on the RISC-V instruction set) to execute exploits and other arbitrary code.
The client is now fully extendable and noscriptable via the Python API
🐥 [ tweet ]
I haven't posted anything about Havoc in a while so imma share something I have been working on. Wrote a custom VM/Interpreter (based on the RISC-V instruction set) to execute exploits and other arbitrary code.
The client is now fully extendable and noscriptable via the Python API
🐥 [ tweet ]
👍7