😈 [ Daniel @0x64616e ]
Do you like ZSH, SOCKS proxies and Impacket? Then you might want to check this out:
🔗 https://github.com/dadevel/impacket-zsh-integration
🐥 [ tweet ]
Интересно посмотреть на подходы других людей к вопросу менеджерства конфигами проксичейнс, я, например, делаю это так:
🔗 https://github.com/snovvcrash/dotfiles-linux/blob/2c4ab52c09749190c63a8e05187c28800e196f0a/system/funcs#L62-L74
Do you like ZSH, SOCKS proxies and Impacket? Then you might want to check this out:
🔗 https://github.com/dadevel/impacket-zsh-integration
🐥 [ tweet ]
Интересно посмотреть на подходы других людей к вопросу менеджерства конфигами проксичейнс, я, например, делаю это так:
🔗 https://github.com/snovvcrash/dotfiles-linux/blob/2c4ab52c09749190c63a8e05187c28800e196f0a/system/funcs#L62-L74
👍4
😈 [ Antonio Cocomazzi @splinter_code ]
Great talk by my friend @decoder_it at Troopers 🔥
10 Years of Windows Privilege Escalation that includes the last iteration of the Potato exploits. Worth a watch! 👇
🔗 https://www.youtube.com/watch?v=rPZx1zbKJnI
🐥 [ tweet ]
Great talk by my friend @decoder_it at Troopers 🔥
10 Years of Windows Privilege Escalation that includes the last iteration of the Potato exploits. Worth a watch! 👇
🔗 https://www.youtube.com/watch?v=rPZx1zbKJnI
🐥 [ tweet ]
👍4
😈 [ Scott Sutherland @_nullbind ]
[BLOG] Hijacking SQL Server Credentials using Agent Jobs for Domain Privilege Escalation
🔗 https://www.netspi.com/blog/technical-blog/network-pentesting/hijacking-sql-server-credentials-with-agent-jobs-for-domain-privilege-escalation/
🐥 [ tweet ]
[BLOG] Hijacking SQL Server Credentials using Agent Jobs for Domain Privilege Escalation
🔗 https://www.netspi.com/blog/technical-blog/network-pentesting/hijacking-sql-server-credentials-with-agent-jobs-for-domain-privilege-escalation/
🐥 [ tweet ]
🔥5🥱1
😈 [ lazarusholic @lazarusholic ]
"Fake recruiter coding tests target devs with malicious Python packages" published by ReversingLabs.
🔗 https://www.reversinglabs.com/blog/fake-recruiter-coding-tests-target-devs-with-malicious-python-packages
🐥 [ tweet ]
"Fake recruiter coding tests target devs with malicious Python packages" published by ReversingLabs.
🔗 https://www.reversinglabs.com/blog/fake-recruiter-coding-tests-target-devs-with-malicious-python-packages
🐥 [ tweet ]
X (formerly Twitter)
lazarusholic (@lazarusholic) on X
a big fan of lazarus.
😁3🤔2
😈 [ Pen Test Partners @PenTestPartners ]
Discover how our @_EthicalChaos_ edited Group Policy Objects (GPOs) without being tied to a domain-joined system 🔍 This technical blog explores the challenges of manipulating GPOs from non-domain environments using native Windows tools — minimising IOCs and maximising stealth in your red teaming efforts 🔴
@_EthicalChaos_ details the process of manipulating the Group Policy Manager MMC snap-in, diving into debugging techniques, function manipulation, and the strategic use of hooks to bypass typical domain checks.
Discover how to intercept and modify critical functions like GetUserNameExW to bypass domain checks and tackle further complexities in the Group Policy Editor using hooks with the DGPOEdit tool, which @_EthicalChaos_ has put on GitHub for free.
This blog covers the technical barriers, API call modifications, and the challenges in creating a seamless experience with native tooling—without compromising operational security. Perfect for those looking to leverage native Windows tools in their red teaming arsenal, this guide provides detailed insights into pushing beyond the limitations of standard approaches.
🛠️ Look at @_EthicalChaos_ methods and get access to the free DGPOEdit tool from the full blog now.
Read it here:
🔗 https://www.pentestpartners.com/security-blog/living-off-the-land-gpo-style/
🐥 [ tweet ]
Discover how our @_EthicalChaos_ edited Group Policy Objects (GPOs) without being tied to a domain-joined system 🔍 This technical blog explores the challenges of manipulating GPOs from non-domain environments using native Windows tools — minimising IOCs and maximising stealth in your red teaming efforts 🔴
@_EthicalChaos_ details the process of manipulating the Group Policy Manager MMC snap-in, diving into debugging techniques, function manipulation, and the strategic use of hooks to bypass typical domain checks.
Discover how to intercept and modify critical functions like GetUserNameExW to bypass domain checks and tackle further complexities in the Group Policy Editor using hooks with the DGPOEdit tool, which @_EthicalChaos_ has put on GitHub for free.
This blog covers the technical barriers, API call modifications, and the challenges in creating a seamless experience with native tooling—without compromising operational security. Perfect for those looking to leverage native Windows tools in their red teaming arsenal, this guide provides detailed insights into pushing beyond the limitations of standard approaches.
🛠️ Look at @_EthicalChaos_ methods and get access to the free DGPOEdit tool from the full blog now.
Read it here:
🔗 https://www.pentestpartners.com/security-blog/living-off-the-land-gpo-style/
🐥 [ tweet ]
🔥6👍4😁1
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ konrad @konradgajdus ]
I made a donut using the C standard library:
🔗 https://github.com/konrad-gajdus/donut
🐥 [ tweet ]
I made a donut using the C standard library:
🔗 https://github.com/konrad-gajdus/donut
🐥 [ tweet ]
красивое🍌15🥱6👍4🤯2🔥1
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ Jiří Vinopal @vinopaljiri ]
Inspired by @0gtweet, I created PoC: EXE-or-DLL-or-ShellCode that can be:
Executed as a normal #exe
Loaded as #dll + export function can be invoked
Run via "rundll32.exe"
Executed as #shellcode right from the DOS (MZ) header that works as polyglot stub
🔗 https://github.com/Dump-GUY/EXE-or-DLL-or-ShellCode
🐥 [ tweet ]
Inspired by @0gtweet, I created PoC: EXE-or-DLL-or-ShellCode that can be:
Executed as a normal #exe
Loaded as #dll + export function can be invoked
Run via "rundll32.exe"
Executed as #shellcode right from the DOS (MZ) header that works as polyglot stub
🔗 https://github.com/Dump-GUY/EXE-or-DLL-or-ShellCode
🐥 [ tweet ]
👍5🤔1
😈 [ Sam ☁️🪵 @Sam0x90 ]
Interesting ZIP trick with
zip > docx LNK > ftp.exe > disguised pythonw.exe > CS shellcode
🔗 https://www.ctfiot.com/203334.html
🐥 [ tweet ]
Interesting ZIP trick with
__Macosx__ folder and LNK executing ftp noscript to execute embedded pythonw.exe zip > docx LNK > ftp.exe > disguised pythonw.exe > CS shellcode
🔗 https://www.ctfiot.com/203334.html
🐥 [ tweet ]
👍10
😈 [ Het Mehta @hetmehtaa ]
Reversing a VPN client to hijack sessions
🔗 https://rotarydrone.medium.com/decrypting-and-replaying-vpn-cookies-4a1d8fc7773e
🐥 [ tweet ]
Reversing a VPN client to hijack sessions
🔗 https://rotarydrone.medium.com/decrypting-and-replaying-vpn-cookies-4a1d8fc7773e
🐥 [ tweet ]
🔥9
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ John Hammond @_JohnHammond ]
Well, this was a stupid insomnia project, but... 😂
Playground code is here:
🔗 https://github.com/JohnHammond/recaptcha-phish
🐥 [ tweet ][ quote ]
Well, this was a stupid insomnia project, but... 😂
Playground code is here:
🔗 https://github.com/JohnHammond/recaptcha-phish
🐥 [ tweet ][ quote ]
завирусилось, прикольно😁18👍1🥱1
Offensive Xwitter
😈 [ Jiří Vinopal @vinopaljiri ] Inspired by @0gtweet, I created PoC: EXE-or-DLL-or-ShellCode that can be: Executed as a normal #exe Loaded as #dll + export function can be invoked Run via "rundll32.exe" Executed as #shellcode right from the DOS (MZ) header…
😈 [ Kurosh Dabbagh @_Kudaes_ ]
Somebody asked if you can run a dll directly without rundll32 as you would do with an exe. You just need to remove the IMAGE_FILE_DLL flag from IMAGE_FILE_HEADER->Characteristics, which can be done with the option -e. Don't see much use for it tho ^^
🔗 https://github.com/Kudaes/CustomEntryPoint
🐥 [ tweet ]
Somebody asked if you can run a dll directly without rundll32 as you would do with an exe. You just need to remove the IMAGE_FILE_DLL flag from IMAGE_FILE_HEADER->Characteristics, which can be done with the option -e. Don't see much use for it tho ^^
🔗 https://github.com/Kudaes/CustomEntryPoint
🐥 [ tweet ]
👍18
😈 [ Usman Sikander @UsmanSikander13 ]
Basics to advanced process injection. Covering 25 techniques:
🔗 https://github.com/Offensive-Panda/ProcessInjectionTechniques
🐥 [ tweet ]
Basics to advanced process injection. Covering 25 techniques:
🔗 https://github.com/Offensive-Panda/ProcessInjectionTechniques
🐥 [ tweet ]
👍14
😈 [ Aleem Ladha @LadhaAleem ]
I've fully automated the lab used for @_leHACK_ Active Directory 2024 workshop done by @mpgn_x64 and it's available for everyone ! 🔥
Also big kudos to @M4yFly for the playbooks and NetExec dev teams for this awesome tool !
Hope you enjoy, more to come
🔗 https://github.com/Pennyw0rth/NetExec-Lab
🐥 [ tweet ]
I've fully automated the lab used for @_leHACK_ Active Directory 2024 workshop done by @mpgn_x64 and it's available for everyone ! 🔥
Also big kudos to @M4yFly for the playbooks and NetExec dev teams for this awesome tool !
Hope you enjoy, more to come
🔗 https://github.com/Pennyw0rth/NetExec-Lab
🐥 [ tweet ]
👍9🔥7🤔2🤯2
😈 [ Koen Van Impe ☕ @cudeso ]
Interesting approach shared by @Wietze on manipulating
🔗 https://www.wietzebeukema.nl/blog/why-bother-with-argv0
🐥 [ tweet ]
Interesting approach shared by @Wietze on manipulating
argv[0] to mislead security tools and analysts. A clever tactic for obfuscation!🔗 https://www.wietzebeukema.nl/blog/why-bother-with-argv0
🐥 [ tweet ]
👍12🔥1🤯1
😈 [ Nikhil Hegde @ka1do9 ]
In this one, I go into great detail about how malware walks the Process Environment Block (PEB) to find particular DLLs and parses their export table to find address of functions.
🔗 https://nikhilh-20.github.io/blog/peb_phobos_ransomware/
🐥 [ tweet ]
In this one, I go into great detail about how malware walks the Process Environment Block (PEB) to find particular DLLs and parses their export table to find address of functions.
🔗 https://nikhilh-20.github.io/blog/peb_phobos_ransomware/
🐥 [ tweet ]
👍9🔥6
😈 [ Justin Elze @HackingLZ ]
Pwning C2 frameworks
🔗 https://blog.includesecurity.com/2024/09/vulnerabilities-in-open-source-c2-frameworks/
🐥 [ tweet ]
Pwning C2 frameworks
🔗 https://blog.includesecurity.com/2024/09/vulnerabilities-in-open-source-c2-frameworks/
🐥 [ tweet ]
👍6🔥3
😈 [ konrad @konradgajdus ]
From Theory to Code: Implementing a Neural Network in 200 Lines of C
🔗 http://x.com/i/article/1837064930832404482
🐥 [ tweet ]
From Theory to Code: Implementing a Neural Network in 200 Lines of C
🔗 http://x.com/i/article/1837064930832404482
🐥 [ tweet ]
🤯3
😈 [ Orange Cyberdefense Switzerland @orangecyberch ]
💻🛡️ In this series of blog posts, Clément Labro (itm4n) one of our ethical hacker, explores yet another avenue for bypassing LSA Protection in Userland.
Blog series:
🔗 https://itm4n.github.io/ghost-in-the-ppl-part-1/
🔗 https://itm4n.github.io/ghost-in-the-ppl-part-2/
🔗 https://itm4n.github.io/ghost-in-the-ppl-part-3/
Code:
🔗 https://github.com/itm4n/PPLrevenant
🔗 https://github.com/itm4n/Pentest-Windows/tree/main/NdrServerCallAll
🐥 [ tweet ]
💻🛡️ In this series of blog posts, Clément Labro (itm4n) one of our ethical hacker, explores yet another avenue for bypassing LSA Protection in Userland.
Blog series:
🔗 https://itm4n.github.io/ghost-in-the-ppl-part-1/
🔗 https://itm4n.github.io/ghost-in-the-ppl-part-2/
🔗 https://itm4n.github.io/ghost-in-the-ppl-part-3/
Code:
🔗 https://github.com/itm4n/PPLrevenant
🔗 https://github.com/itm4n/Pentest-Windows/tree/main/NdrServerCallAll
🐥 [ tweet ]
👍10🔥3
😈 [ Remko Weijnen @RemkoWeijnen ]
Proof of Concept to leverage Windows App to create an LSASS dump
🔗 https://github.com/rweijnen/createdump
🐥 [ tweet ]
Proof of Concept to leverage Windows App to create an LSASS dump
🔗 https://github.com/rweijnen/createdump
🐥 [ tweet ]
🥱5🔥4👍1