😈 [ CICADA8Research @CICADA8Research ]
Process Injection is Dead. Long Live IHxHelpPaneServer
How can a user's session be abused without process injection, remotekrbrelay, tgsthief?
Read it in our new article:
🔗 https://cicada-8.medium.com/process-injection-is-dead-long-live-ihxhelppaneserver-af8f20431b5d
POC:
🔗 https://github.com/CICADA8-Research/IHxExec
🐥 [ tweet ]
Process Injection is Dead. Long Live IHxHelpPaneServer
How can a user's session be abused without process injection, remotekrbrelay, tgsthief?
Read it in our new article:
🔗 https://cicada-8.medium.com/process-injection-is-dead-long-live-ihxhelppaneserver-af8f20431b5d
POC:
🔗 https://github.com/CICADA8-Research/IHxExec
🐥 [ tweet ]
👍9🔥6
😈 [ Greg Darwin @gregdarwin ]
After months in development, Cobalt Strike 4.10 is now available for download. This release sees the introduction of BeaconGate, the Sleepmask-VS, postex kit, a new job browser and much, much more. Check out the blog post for details:
🔗 https://www.cobaltstrike.com/blog/cobalt-strike-410-through-the-beacongate
🐥 [ tweet ]
новая биба срак, как говорит @Acrono
After months in development, Cobalt Strike 4.10 is now available for download. This release sees the introduction of BeaconGate, the Sleepmask-VS, postex kit, a new job browser and much, much more. Check out the blog post for details:
🔗 https://www.cobaltstrike.com/blog/cobalt-strike-410-through-the-beacongate
🐥 [ tweet ]
новая биба срак, как говорит @Acrono
😁7🔥1
😈 [ Antonio Cocomazzi @splinter_code ]
Excited to share my latest research about FIN7 🔥
The discovery of a new abuse for the Windows built-in driver ProcLaunchMon.sys (TTD Monitor driver) to tamper with EDRs has been an interesting surprise.
Enjoy the read 👇
🔗 https://www.sentinelone.com/labs/fin7-reboot-cybercrime-gang-enhances-ops-with-new-edr-bypasses-and-automated-attacks/
🐥 [ tweet ]
Excited to share my latest research about FIN7 🔥
The discovery of a new abuse for the Windows built-in driver ProcLaunchMon.sys (TTD Monitor driver) to tamper with EDRs has been an interesting surprise.
Enjoy the read 👇
🔗 https://www.sentinelone.com/labs/fin7-reboot-cybercrime-gang-enhances-ops-with-new-edr-bypasses-and-automated-attacks/
🐥 [ tweet ]
👍5
😈 [ Zach Vorhies / Google Whistleblower @Perpetualmaniac ]
Crowdstrike Analysis:
It was a NULL pointer from the memory unsafe C++ language.
Since I am a professional C++ programmer, let me decode this stack trace dump for you.
🔗 https://threadreaderapp.com/thread/1814376668095754753.html
🐥 [ tweet ]
Crowdstrike Analysis:
It was a NULL pointer from the memory unsafe C++ language.
Since I am a professional C++ programmer, let me decode this stack trace dump for you.
🔗 https://threadreaderapp.com/thread/1814376668095754753.html
🐥 [ tweet ]
профессионал цпп программист все объяснил🔥11🍌1
Offensive Xwitter
😈 [ Zach Vorhies / Google Whistleblower @Perpetualmaniac ] Crowdstrike Analysis: It was a NULL pointer from the memory unsafe C++ language. Since I am a professional C++ programmer, let me decode this stack trace dump for you. 🔗 https://threadreaderap…
😈 [ Tavis Ormandy @taviso ]
This strange tweet got >25k retweets. The author sounds confident, and he uses lots of hex and jargon. There are red flags though... like what's up with the DEI stuff, and who says "stack trace dump"? Let's take a closer look... 🧵1/n
🔗 https://threadreaderapp.com/thread/1814762302337654829.html
🐥 [ tweet ]
This strange tweet got >25k retweets. The author sounds confident, and he uses lots of hex and jargon. There are red flags though... like what's up with the DEI stuff, and who says "stack trace dump"? Let's take a closer look... 🧵1/n
🔗 https://threadreaderapp.com/thread/1814762302337654829.html
🐥 [ tweet ]
(все равно больше ничего интересного не происходит)👍6🤔4🔥3😁1
😈 [ Max Harley @0xdab0 ]
Finally releasing a very beta version of my ADExplorerSnapshot Rust rewrite! There have been a ton of performance optimizations, edges added, and usability improvements since the quoted tweet. I'm really excited for people to start using and breaking it.
🔗 https://github.com/t94j0/adexplorersnapshot-rs
🐥 [ tweet ][ quote ]
Finally releasing a very beta version of my ADExplorerSnapshot Rust rewrite! There have been a ton of performance optimizations, edges added, and usability improvements since the quoted tweet. I'm really excited for people to start using and breaking it.
🔗 https://github.com/t94j0/adexplorersnapshot-rs
🐥 [ tweet ][ quote ]
👍7🥱3
😈 [ 5pider @C5pider ]
I haven't posted anything about Havoc in a while so imma share something I have been working on. Wrote a custom VM/Interpreter (based on the RISC-V instruction set) to execute exploits and other arbitrary code.
The client is now fully extendable and noscriptable via the Python API
🐥 [ tweet ]
I haven't posted anything about Havoc in a while so imma share something I have been working on. Wrote a custom VM/Interpreter (based on the RISC-V instruction set) to execute exploits and other arbitrary code.
The client is now fully extendable and noscriptable via the Python API
🐥 [ tweet ]
👍7
😈 [ Aurélien Chalot @Defte_ ]
Super interesting way of blinding EDR's consoles!!
🔗 https://tierzerosecurity.co.nz/2024/07/23/edr-telemetry-blocker.html
🐥 [ tweet ]
Super interesting way of blinding EDR's consoles!!
🔗 https://tierzerosecurity.co.nz/2024/07/23/edr-telemetry-blocker.html
🐥 [ tweet ]
🔥6👍2
😈 [ Print3M @Print3M_ ]
I wrote my first calc.exe "shellcode" in NASM. I find it a little strange that a lot of people write about malware development but almost no one talks about writing your own shellcode. I decided to write something on my own. (good comments, easy readable)
🔗 https://github.com/Print3M/shellcodes/blob/main/calc-exe.asm
🐥 [ tweet ]
#для_самых_маленьких
I wrote my first calc.exe "shellcode" in NASM. I find it a little strange that a lot of people write about malware development but almost no one talks about writing your own shellcode. I decided to write something on my own. (good comments, easy readable)
🔗 https://github.com/Print3M/shellcodes/blob/main/calc-exe.asm
🐥 [ tweet ]
#для_самых_маленьких
👍7🔥1
😈 [ Alex Neff @al3x_n3ff ]
A new module just got merged into NetExec, which extracts the security Questions for local users 🚀
Made by @Adamkadaban
If you want to know the details, you can read his blog post here:
🔗 https://hackback.zip/2024/05/08/Remotely-Dumping-Windows-Security-Questions-With-Impacket.html
🐥 [ tweet ]
A new module just got merged into NetExec, which extracts the security Questions for local users 🚀
Made by @Adamkadaban
If you want to know the details, you can read his blog post here:
🔗 https://hackback.zip/2024/05/08/Remotely-Dumping-Windows-Security-Questions-With-Impacket.html
🐥 [ tweet ]
🔥12👍2
😈 [ Kaspersky @kaspersky ]
A zero-day vulnerability actively exploited by attackers has been discovered in Internet Explorer — the browser that Microsoft supposedly laid to rest over a year ago.
Full story:
🔗 https://www.kaspersky.com/blog/zero-day-in-internet-explorer/51698/
🐥 [ tweet ]
A zero-day vulnerability actively exploited by attackers has been discovered in Internet Explorer — the browser that Microsoft supposedly laid to rest over a year ago.
Full story:
🔗 https://www.kaspersky.com/blog/zero-day-in-internet-explorer/51698/
🐥 [ tweet ]
👍7🔥3😁3
😈 [ Check Point Research @_CPResearch_ ]
In this blog we introduce Thread-Name Calling - A new process injection technique using Thread Name. We also discuss various scenarios in which this not widely-known API can be used for offense.
Blog:
🔗 https://research.checkpoint.com/2024/thread-name-calling-using-thread-name-for-offense/
PoC:
🔗 https://github.com/hasherezade/thread_namecalling
🐥 [ tweet ]
In this blog we introduce Thread-Name Calling - A new process injection technique using Thread Name. We also discuss various scenarios in which this not widely-known API can be used for offense.
Blog:
🔗 https://research.checkpoint.com/2024/thread-name-calling-using-thread-name-for-offense/
PoC:
🔗 https://github.com/hasherezade/thread_namecalling
🐥 [ tweet ]
🔥4👍1🥱1
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ ☣️ @0x6rss ]
My first blog post: Creating a PDF Dropper by Injecting Malicious JavaScript into a PDF with a Cobalt Strike Payload
For the source code and PoC, check out my blog post:👇
🔗 https://cti.monster/blog/2024/07/25/pdfdropper.html
🐥 [ tweet ]
My first blog post: Creating a PDF Dropper by Injecting Malicious JavaScript into a PDF with a Cobalt Strike Payload
For the source code and PoC, check out my blog post:👇
🔗 https://cti.monster/blog/2024/07/25/pdfdropper.html
🐥 [ tweet ]
👍9😁5🥱5🔥2🍌2
😈 [ Daniel @0x64616e ]
Session Takeover via Pass the Challenge powered by @mcbroom_evan's lsa-whisperer and @ly4k_'s impacket fork.
More details:
🔗 https://research.ifcr.dk/pass-the-challenge-defeating-windows-defender-credential-guard-31a892eee22
🔗 https://github.com/EvanMcBroom/lsa-whisperer/wiki/msv1_0#lm20getchallengeresponse
🔗 https://github.com/ly4k/Impacket/blob/d45afb4bbeaa5b5257a448074ac9e76bf556f080/impacket/ntlm.py#L900
🐥 [ tweet ]
Session Takeover via Pass the Challenge powered by @mcbroom_evan's lsa-whisperer and @ly4k_'s impacket fork.
More details:
🔗 https://research.ifcr.dk/pass-the-challenge-defeating-windows-defender-credential-guard-31a892eee22
🔗 https://github.com/EvanMcBroom/lsa-whisperer/wiki/msv1_0#lm20getchallengeresponse
🔗 https://github.com/ly4k/Impacket/blob/d45afb4bbeaa5b5257a448074ac9e76bf556f080/impacket/ntlm.py#L900
🐥 [ tweet ]
👍6😁1
😈 [ Alisa Esage Шевченко @alisaesage ]
Nice little-known writeup on WhatsApp exploitation: < technically interesting for more than one reason
🔗 https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
🐥 [ tweet ]
Nice little-known writeup on WhatsApp exploitation: < technically interesting for more than one reason
🔗 https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
🐥 [ tweet ]
👍6🍌3