😈 [ Viking @Vikingfr ]
"SuperFetchQuery" can be useful for some scenarios like Red Team, Exploit Dev or Maldev. Let’s take a look!
🔗 https://v1k1ngfr.github.io/superfetchquery-superpower/
🐥 [ tweet ]
"SuperFetchQuery" can be useful for some scenarios like Red Team, Exploit Dev or Maldev. Let’s take a look!
🔗 https://v1k1ngfr.github.io/superfetchquery-superpower/
🐥 [ tweet ]
🔥6
😈 [ S3cur3Th1sSh1t @ShitSecure ]
Want to reflectively load MSVC compiled rust binaries e.G. from Powershell, C# or similar?
You have two options from my current perspective:
1) Adjust your PE-Loader to do "something" (unknown yet) for proper execution
2) Remove default main as shown:
🔗 https://gist.github.com/S3cur3Th1sSh1t/bbde56e01d7440ee97b69f4eb179f4cb
🐥 [ tweet ][ quote ]
Want to reflectively load MSVC compiled rust binaries e.G. from Powershell, C# or similar?
You have two options from my current perspective:
1) Adjust your PE-Loader to do "something" (unknown yet) for proper execution
2) Remove default main as shown:
🔗 https://gist.github.com/S3cur3Th1sSh1t/bbde56e01d7440ee97b69f4eb179f4cb
🐥 [ tweet ][ quote ]
👍9🔥1
😈 [ CICADA8Research @CICADA8Research ]
Our new article about privilege escalation via vulnerable MSI files. All roads lead to NT AUTHORIRTY\SYSTEM :)
🔗 https://cicada-8.medium.com/evil-msi-a-long-story-about-vulnerabilities-in-msi-files-1a2a1acaf01c
🔗 https://github.com/CICADA8-Research/MyMSIAnalyzer
🐥 [ tweet ]
Our new article about privilege escalation via vulnerable MSI files. All roads lead to NT AUTHORIRTY\SYSTEM :)
🔗 https://cicada-8.medium.com/evil-msi-a-long-story-about-vulnerabilities-in-msi-files-1a2a1acaf01c
🔗 https://github.com/CICADA8-Research/MyMSIAnalyzer
🐥 [ tweet ]
👍13🔥7🤯2🥱1
😈 [ Jason Lang @curi0usJack ]
It's been a while since I've gotten to modify a GPO through a proxy as part of a red team. Fun and terrifying! If you're in that scenario now, this might help:
🔗 https://trustedsec.com/blog/weaponizing-group-policy-objects-access
🐥 [ tweet ]
It's been a while since I've gotten to modify a GPO through a proxy as part of a red team. Fun and terrifying! If you're in that scenario now, this might help:
🔗 https://trustedsec.com/blog/weaponizing-group-policy-objects-access
🐥 [ tweet ]
👍5🔥2🥱1
😈 [ Grzegorz Tworek @0gtweet ]
Listing all processes keeping particular file open is not a trivial task but since Vista we have a special syscall parameter for such purpose. Microsoft says "reserved for system use" but I was brave enough to wrap it into PowerShell function. Enjoy!
🔗 https://github.com/gtworek/PSBits/blob/master/Misc2/Get-PidsForOpenFile.ps1
🐥 [ tweet ]
Listing all processes keeping particular file open is not a trivial task but since Vista we have a special syscall parameter for such purpose. Microsoft says "reserved for system use" but I was brave enough to wrap it into PowerShell function. Enjoy!
🔗 https://github.com/gtworek/PSBits/blob/master/Misc2/Get-PidsForOpenFile.ps1
🐥 [ tweet ]
🔥15👍2
Offensive Xwitter
😈 [ Grzegorz Tworek @0gtweet ] Listing all processes keeping particular file open is not a trivial task but since Vista we have a special syscall parameter for such purpose. Microsoft says "reserved for system use" but I was brave enough to wrap it into PowerShell…
😈 [ Octoberfest7 @Octoberfest73 ]
Here is the full tool. Small and quick but still learned some things 🙂 Enjoy!
🔗 https://github.com/Octoberfest7/enumhandles_BOF
🐥 [ tweet ][ quote ]
Here is the full tool. Small and quick but still learned some things 🙂 Enjoy!
🔗 https://github.com/Octoberfest7/enumhandles_BOF
🐥 [ tweet ][ quote ]
👍5🤔1🥱1
😈 [ DSAS by INJECT @DevSecAS ]
🆕 Most cryptographers and packers use various methods to unpack and run a PE file from memory.
The most common techniques to this day are RunPE and LoadPE 👨💻
🔗 https://injectexp.dev/b/LoadLibraryReloaded
🔗 https://news.1rj.ru/str/INJECTCRYPT/156
🐥 [ tweet ]
🆕 Most cryptographers and packers use various methods to unpack and run a PE file from memory.
The most common techniques to this day are RunPE and LoadPE 👨💻
🔗 https://injectexp.dev/b/LoadLibraryReloaded
🔗 https://news.1rj.ru/str/INJECTCRYPT/156
🐥 [ tweet ]
🔥6👍3🍌1
😈 [ Alice Climent-Pommeret @AliceCliment ]
Hi there!
My latest article on the @harfanglab blog has just been published!
I'm talking about unpacking, XMRig, R77 and FIN7 (or not 🤓)
A special S/O to @splinter_code @JusticeRage and @securechicken
To check it out ⬇️
🔗 https://harfanglab.io/insidethelab/unpacking-packxor/
🐥 [ tweet ][ quote ]
Hi there!
My latest article on the @harfanglab blog has just been published!
I'm talking about unpacking, XMRig, R77 and FIN7 (or not 🤓)
A special S/O to @splinter_code @JusticeRage and @securechicken
To check it out ⬇️
🔗 https://harfanglab.io/insidethelab/unpacking-packxor/
🐥 [ tweet ][ quote ]
🔥3
😈 [ William Burgess @joehowwolf ]
New CS Blog - Revisiting the UDRL Part 3: If you like the idea of loading a custom c2 channel in your UDRL then this blog may be of interest 👀
🔗 https://www.cobaltstrike.com/blog/revisiting-the-udrl-part-3-beacon-user-data
🐥 [ tweet ]
New CS Blog - Revisiting the UDRL Part 3: If you like the idea of loading a custom c2 channel in your UDRL then this blog may be of interest 👀
🔗 https://www.cobaltstrike.com/blog/revisiting-the-udrl-part-3-beacon-user-data
🐥 [ tweet ]
👍3
😈 [ Praetorian @praetorianlabs ]
🔥 Bypassing fully patched endpoint detection with Goffloader
We’re excited to introduce Goffloader, an open-source Golang COFFLoader. Compatible with Cobalt Strike BOFs 😉
Read more on our blog here:
🔗 https://www.praetorian.com/blog/introducing-goffloader-a-pure-go-implementation-of-an-in-memory-coffloader-and-pe-loader/
🐥 [ tweet ]
🔥 Bypassing fully patched endpoint detection with Goffloader
We’re excited to introduce Goffloader, an open-source Golang COFFLoader. Compatible with Cobalt Strike BOFs 😉
Read more on our blog here:
🔗 https://www.praetorian.com/blog/introducing-goffloader-a-pure-go-implementation-of-an-in-memory-coffloader-and-pe-loader/
🐥 [ tweet ]
🔥11👍1
😈 [ CoreLabs Research @CoreAdvisories ]
In his latest blog, Core Labs' @ricnar456 takes a deep dive into CVE-2024-30051, reversing this Windows #vulnerability to create a functional #PoC.
🔗 https://www.coresecurity.com/core-labs/articles/windows-dwm-core-library-elevation-privilege-vulnerability-cve-2024-30051
🐥 [ tweet ]
In his latest blog, Core Labs' @ricnar456 takes a deep dive into CVE-2024-30051, reversing this Windows #vulnerability to create a functional #PoC.
🔗 https://www.coresecurity.com/core-labs/articles/windows-dwm-core-library-elevation-privilege-vulnerability-cve-2024-30051
🐥 [ tweet ]
🔥7👍1
😈 [ Maurice Heumann @momo5502 ]
I have finished my blog post about my journey through KiUserExceptionDispatcher and how I added exception support to my emulator :D
🔗 https://momo5502.com/posts/2024-09-07-a-journey-through-kiuserexceptiondispatcher/
🐥 [ tweet ]
I have finished my blog post about my journey through KiUserExceptionDispatcher and how I added exception support to my emulator :D
🔗 https://momo5502.com/posts/2024-09-07-a-journey-through-kiuserexceptiondispatcher/
🐥 [ tweet ]
👍3🤯1
😈 [ Cas van Cooten @chvancooten ]
I just published the pre-recorded video version of my Nimplant demonstration for @BlackHatEvents Arsenal 2024! Check it out if you're interested in Nimplant and its new features, such as the Rust implant.
📽️ Recording available here:
🔗 https://youtu.be/9xQGjdPyDJc
🐥 [ tweet ]
I just published the pre-recorded video version of my Nimplant demonstration for @BlackHatEvents Arsenal 2024! Check it out if you're interested in Nimplant and its new features, such as the Rust implant.
📽️ Recording available here:
🔗 https://youtu.be/9xQGjdPyDJc
🐥 [ tweet ]
👍2🔥1
Forwarded from Just Security
This media is not supported in your browser
VIEW IN TELEGRAM
Опубликовали видеоролик о том, как прошла ежегодная независимая премия Pentest award 2024!
Радостные лица, толпа заряженных специалистов, и, конечно, счастливые победители с наградами в руках — настоящий праздник этичного хакинга.
Здорово было встретится в офлайне со старыми друзьями и коллегами, познакомиться с новыми людьми, обменяться знаниями и идеями, поговорить о важном, профессиональном, наболевшем.
До встречи в 2025 году 👋
Отдельная благодарность партнерам проекта: BI.ZONE Bug Bounty, VK Bug Bounty, OFFZONE и CyberED.
📺 Полное видео
🔗 Pentest award (архив)
❤ @justsecurity
Радостные лица, толпа заряженных специалистов, и, конечно, счастливые победители с наградами в руках — настоящий праздник этичного хакинга.
Здорово было встретится в офлайне со старыми друзьями и коллегами, познакомиться с новыми людьми, обменяться знаниями и идеями, поговорить о важном, профессиональном, наболевшем.
До встречи в 2025 году 👋
Отдельная благодарность партнерам проекта: BI.ZONE Bug Bounty, VK Bug Bounty, OFFZONE и CyberED.
Please open Telegram to view this post
VIEW IN TELEGRAM
👍7😢2🥱2🔥1
😈 [ Daniel @0x64616e ]
Do you like ZSH, SOCKS proxies and Impacket? Then you might want to check this out:
🔗 https://github.com/dadevel/impacket-zsh-integration
🐥 [ tweet ]
Интересно посмотреть на подходы других людей к вопросу менеджерства конфигами проксичейнс, я, например, делаю это так:
🔗 https://github.com/snovvcrash/dotfiles-linux/blob/2c4ab52c09749190c63a8e05187c28800e196f0a/system/funcs#L62-L74
Do you like ZSH, SOCKS proxies and Impacket? Then you might want to check this out:
🔗 https://github.com/dadevel/impacket-zsh-integration
🐥 [ tweet ]
Интересно посмотреть на подходы других людей к вопросу менеджерства конфигами проксичейнс, я, например, делаю это так:
🔗 https://github.com/snovvcrash/dotfiles-linux/blob/2c4ab52c09749190c63a8e05187c28800e196f0a/system/funcs#L62-L74
👍4
😈 [ Antonio Cocomazzi @splinter_code ]
Great talk by my friend @decoder_it at Troopers 🔥
10 Years of Windows Privilege Escalation that includes the last iteration of the Potato exploits. Worth a watch! 👇
🔗 https://www.youtube.com/watch?v=rPZx1zbKJnI
🐥 [ tweet ]
Great talk by my friend @decoder_it at Troopers 🔥
10 Years of Windows Privilege Escalation that includes the last iteration of the Potato exploits. Worth a watch! 👇
🔗 https://www.youtube.com/watch?v=rPZx1zbKJnI
🐥 [ tweet ]
👍4
😈 [ Scott Sutherland @_nullbind ]
[BLOG] Hijacking SQL Server Credentials using Agent Jobs for Domain Privilege Escalation
🔗 https://www.netspi.com/blog/technical-blog/network-pentesting/hijacking-sql-server-credentials-with-agent-jobs-for-domain-privilege-escalation/
🐥 [ tweet ]
[BLOG] Hijacking SQL Server Credentials using Agent Jobs for Domain Privilege Escalation
🔗 https://www.netspi.com/blog/technical-blog/network-pentesting/hijacking-sql-server-credentials-with-agent-jobs-for-domain-privilege-escalation/
🐥 [ tweet ]
🔥5🥱1
😈 [ lazarusholic @lazarusholic ]
"Fake recruiter coding tests target devs with malicious Python packages" published by ReversingLabs.
🔗 https://www.reversinglabs.com/blog/fake-recruiter-coding-tests-target-devs-with-malicious-python-packages
🐥 [ tweet ]
"Fake recruiter coding tests target devs with malicious Python packages" published by ReversingLabs.
🔗 https://www.reversinglabs.com/blog/fake-recruiter-coding-tests-target-devs-with-malicious-python-packages
🐥 [ tweet ]
X (formerly Twitter)
lazarusholic (@lazarusholic) on X
a big fan of lazarus.
😁3🤔2
😈 [ Pen Test Partners @PenTestPartners ]
Discover how our @_EthicalChaos_ edited Group Policy Objects (GPOs) without being tied to a domain-joined system 🔍 This technical blog explores the challenges of manipulating GPOs from non-domain environments using native Windows tools — minimising IOCs and maximising stealth in your red teaming efforts 🔴
@_EthicalChaos_ details the process of manipulating the Group Policy Manager MMC snap-in, diving into debugging techniques, function manipulation, and the strategic use of hooks to bypass typical domain checks.
Discover how to intercept and modify critical functions like GetUserNameExW to bypass domain checks and tackle further complexities in the Group Policy Editor using hooks with the DGPOEdit tool, which @_EthicalChaos_ has put on GitHub for free.
This blog covers the technical barriers, API call modifications, and the challenges in creating a seamless experience with native tooling—without compromising operational security. Perfect for those looking to leverage native Windows tools in their red teaming arsenal, this guide provides detailed insights into pushing beyond the limitations of standard approaches.
🛠️ Look at @_EthicalChaos_ methods and get access to the free DGPOEdit tool from the full blog now.
Read it here:
🔗 https://www.pentestpartners.com/security-blog/living-off-the-land-gpo-style/
🐥 [ tweet ]
Discover how our @_EthicalChaos_ edited Group Policy Objects (GPOs) without being tied to a domain-joined system 🔍 This technical blog explores the challenges of manipulating GPOs from non-domain environments using native Windows tools — minimising IOCs and maximising stealth in your red teaming efforts 🔴
@_EthicalChaos_ details the process of manipulating the Group Policy Manager MMC snap-in, diving into debugging techniques, function manipulation, and the strategic use of hooks to bypass typical domain checks.
Discover how to intercept and modify critical functions like GetUserNameExW to bypass domain checks and tackle further complexities in the Group Policy Editor using hooks with the DGPOEdit tool, which @_EthicalChaos_ has put on GitHub for free.
This blog covers the technical barriers, API call modifications, and the challenges in creating a seamless experience with native tooling—without compromising operational security. Perfect for those looking to leverage native Windows tools in their red teaming arsenal, this guide provides detailed insights into pushing beyond the limitations of standard approaches.
🛠️ Look at @_EthicalChaos_ methods and get access to the free DGPOEdit tool from the full blog now.
Read it here:
🔗 https://www.pentestpartners.com/security-blog/living-off-the-land-gpo-style/
🐥 [ tweet ]
🔥6👍4😁1
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ konrad @konradgajdus ]
I made a donut using the C standard library:
🔗 https://github.com/konrad-gajdus/donut
🐥 [ tweet ]
I made a donut using the C standard library:
🔗 https://github.com/konrad-gajdus/donut
🐥 [ tweet ]
красивое🍌15🥱6👍4🤯2🔥1
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ Jiří Vinopal @vinopaljiri ]
Inspired by @0gtweet, I created PoC: EXE-or-DLL-or-ShellCode that can be:
Executed as a normal #exe
Loaded as #dll + export function can be invoked
Run via "rundll32.exe"
Executed as #shellcode right from the DOS (MZ) header that works as polyglot stub
🔗 https://github.com/Dump-GUY/EXE-or-DLL-or-ShellCode
🐥 [ tweet ]
Inspired by @0gtweet, I created PoC: EXE-or-DLL-or-ShellCode that can be:
Executed as a normal #exe
Loaded as #dll + export function can be invoked
Run via "rundll32.exe"
Executed as #shellcode right from the DOS (MZ) header that works as polyglot stub
🔗 https://github.com/Dump-GUY/EXE-or-DLL-or-ShellCode
🐥 [ tweet ]
👍5🤔1