😈 [ Remko Weijnen @RemkoWeijnen ]
Proof of Concept to leverage Windows App to create an LSASS dump
🔗 https://github.com/rweijnen/createdump
🐥 [ tweet ]
Proof of Concept to leverage Windows App to create an LSASS dump
🔗 https://github.com/rweijnen/createdump
🐥 [ tweet ]
🥱5🔥4👍1
😈 [ DSAS by INJECT @DevSecAS ]
Recursive Loader
Explanation of code: The following code is inspired by APT Linux/Kobalos. Kobalos was malware, suspected to be tied to the Chinese government, which was fully recursive. It was novel malware.
🔗 https://github.com/Evi1Grey5/Recursive-Loader
🐥 [ tweet ]
Recursive Loader
Explanation of code: The following code is inspired by APT Linux/Kobalos. Kobalos was malware, suspected to be tied to the Chinese government, which was fully recursive. It was novel malware.
🔗 https://github.com/Evi1Grey5/Recursive-Loader
🐥 [ tweet ]
👍11
😈 [ Will @BushidoToken ]
I am happy to share another new resource I recently made called The Russian APT Tool Matrix 🇷🇺
🔗 https://blog.bushidotoken.net/2024/09/the-russian-apt-tool-matrix.html
🔗 https://github.com/BushidoUK/Russian-APT-Tool-Matrix
🐥 [ tweet ]
I am happy to share another new resource I recently made called The Russian APT Tool Matrix 🇷🇺
🔗 https://blog.bushidotoken.net/2024/09/the-russian-apt-tool-matrix.html
🔗 https://github.com/BushidoUK/Russian-APT-Tool-Matrix
🐥 [ tweet ]
ищем себя, пацаны👍8🥱6😁3🍌3😢1
😈 [ Check Point Research @_CPResearch_ ]
10 years of DLL hijacking - featuring abused executables that shouldn't have existed, exported and malicious DLLs with discount bin "packing." Includes a PoC for app developers to pre-emptively stop hijacking without dealing with a certificate authority.
🔗 https://research.checkpoint.com/2024/10-years-of-dll-hijacking-and-what-we-can-do-to-prevent-10-more/
🐥 [ tweet ]
10 years of DLL hijacking - featuring abused executables that shouldn't have existed, exported and malicious DLLs with discount bin "packing." Includes a PoC for app developers to pre-emptively stop hijacking without dealing with a certificate authority.
🔗 https://research.checkpoint.com/2024/10-years-of-dll-hijacking-and-what-we-can-do-to-prevent-10-more/
🐥 [ tweet ]
👍6
😈 [ Fox-IT @foxit ]
Check out our latest blog from our Red Team about EDR evasion through malware virtualisation:
🔗 https://blog.fox-it.com/2024/09/25/red-teaming-in-the-age-of-edr-evasion-of-endpoint-detection-through-malware-virtualisation/
🐥 [ tweet ]
Check out our latest blog from our Red Team about EDR evasion through malware virtualisation:
🔗 https://blog.fox-it.com/2024/09/25/red-teaming-in-the-age-of-edr-evasion-of-endpoint-detection-through-malware-virtualisation/
🐥 [ tweet ]
🔥2
This media is not supported in your browser
VIEW IN TELEGRAM
UnderConf. От сообщества – для сообщества
Keynote-спикеры и докладчики крупных конференций, авторы ваших любимых телеграм-каналов про ИБ, ведущие самых известных воркшопов и легенды индустрии в одном месте – на UnderConf, 29.09.
@crytech7, Сергей Голованов a.k.a. @sk1ks, @n0nvme и другие представят свои последние разработки и исследования, а Сергей Норд, локпикеры Autopsy Will Tell и хардварщики “Танец Роботов” параллельно проведут для вас топовые воркшопы.
На конференции также будет развернута лаборатория Pentest Lab, где можно будет разобраться в сценариях различных атак на части сетевой инфраструктуры компании.
В середине дня пройдут дебаты между Алексеем Гришиным и @i_bo0om о том, как расходятся интересы специалистов и бизнеса.
Подробная программа уже доступна на сайте.
Канал | Чат
Keynote-спикеры и докладчики крупных конференций, авторы ваших любимых телеграм-каналов про ИБ, ведущие самых известных воркшопов и легенды индустрии в одном месте – на UnderConf, 29.09.
@crytech7, Сергей Голованов a.k.a. @sk1ks, @n0nvme и другие представят свои последние разработки и исследования, а Сергей Норд, локпикеры Autopsy Will Tell и хардварщики “Танец Роботов” параллельно проведут для вас топовые воркшопы.
На конференции также будет развернута лаборатория Pentest Lab, где можно будет разобраться в сценариях различных атак на части сетевой инфраструктуры компании.
В середине дня пройдут дебаты между Алексеем Гришиным и @i_bo0om о том, как расходятся интересы специалистов и бизнеса.
Подробная программа уже доступна на сайте.
Канал | Чат
Не рекламы ради, а просто поделиться, куда я решил заглянуть в честь начала отпуска👍5🥱1
😈 [ Mandiant (part of Google Cloud) @Mandiant ]
🚨 Mandiant observed #LummaC2 stealers leveraging a new obfuscation technique to thwart analysis tools and stifle reverse engineering efforts.
Read about this tactic, and how we developed an automated method for removing this protection layer →
🔗 https://cloud.google.com/blog/topics/threat-intelligence/lummac2-obfuscation-through-indirect-control-flow/
🐥 [ tweet ]
🚨 Mandiant observed #LummaC2 stealers leveraging a new obfuscation technique to thwart analysis tools and stifle reverse engineering efforts.
Read about this tactic, and how we developed an automated method for removing this protection layer →
🔗 https://cloud.google.com/blog/topics/threat-intelligence/lummac2-obfuscation-through-indirect-control-flow/
🐥 [ tweet ]
🔥6👍2
Offensive Xwitter
😈 [ Will Harris @parityzero ] With Chrome 127 on Windows, we're introducing enhanced encryption to protect sensitive data, starting with your cookies🍪! This helps protect your personal information and keeps your online accounts secure from hackers. Read more…
👹 [ sn🥶vvcr💥sh @snovvcrash ]
Got curious how the new App-Bound Chromium Encryption can be bypassed, so here’s a minimal PoC for decrypting the Local State key as a non-elevated user via an RPC call to the elevator service (path validation must still be taken into account though):
🔗 https://gist.github.com/snovvcrash/caded55a318bbefcb6cc9ee30e82f824
🐥 [ tweet ]
Got curious how the new App-Bound Chromium Encryption can be bypassed, so here’s a minimal PoC for decrypting the Local State key as a non-elevated user via an RPC call to the elevator service (path validation must still be taken into account though):
🔗 https://gist.github.com/snovvcrash/caded55a318bbefcb6cc9ee30e82f824
🐥 [ tweet ]
🔥18
😈 [ trickster0 @trickster012 ]
I just released my C2 I was working on, on my free time. Feel free to play around make your own forks if you like it. It needs a lot of work but it is a fully rust one with small implant and working sleep obfuscation.
🔗 https://github.com/trickster0/NamelessC2
🐥 [ tweet ]
I just released my C2 I was working on, on my free time. Feel free to play around make your own forks if you like it. It needs a lot of work but it is a fully rust one with small implant and working sleep obfuscation.
🔗 https://github.com/trickster0/NamelessC2
🐥 [ tweet ]
🥱4👍3😁3
😈 [ Soufiane @S0ufi4n3 ]
The (Anti-)EDR Compendium
EDR functionality and bypasses in 2024, with focus on undetected shellcode loader.
🔗 https://blog.deeb.ch/posts/how-edr-works/
🐥 [ tweet ]
The (Anti-)EDR Compendium
EDR functionality and bypasses in 2024, with focus on undetected shellcode loader.
🔗 https://blog.deeb.ch/posts/how-edr-works/
🐥 [ tweet ]
👍9🔥5
Поговорили с Cyber Media о пентесте внутренних сетей, редтимах и рисках, получилось очень лампово:
🔗 https://securitymedia.org/articles/interview/sergey-yashin-positive-technologies-grezy-o-zashchishchennosti-infrastruktury-iz-za-ee-nedostupnosti.html
🔗 https://securitymedia.org/articles/interview/sergey-yashin-positive-technologies-grezy-o-zashchishchennosti-infrastruktury-iz-za-ee-nedostupnosti.html
Telegram
Cyber Media
🗣 Сергей Яшин, Positive Technologies: Грезы о защищенности инфраструктуры из-за ее недоступности из интернета могут привести к плачевным последствиям
Сергей Яшин (snovvcrash), рукoводитель Red Team Development Group Positive Technologies и автор блога Offensive…
Сергей Яшин (snovvcrash), рукoводитель Red Team Development Group Positive Technologies и автор блога Offensive…
🔥21👍5🍌3🥱2
😈 [ DSAS by INJECT @DevSecAS ]
🖥 Let's analyze one of the ways to bypass the smart screen and write our own simple cryptor that runs the shellcode:
🔗 https://github.com/Evi1Grey5/Bypass-Smartscreen-
🐥 [ tweet ]
🖥 Let's analyze one of the ways to bypass the smart screen and write our own simple cryptor that runs the shellcode:
🔗 https://github.com/Evi1Grey5/Bypass-Smartscreen-
🐥 [ tweet ]
👍10🥱3
😈 [ Alex Neff @al3x_n3ff ]
🔥We have big news for you, NetExec now has a new protocol: NFS🔥
Main features:
- Detecting NFS servers
- List exported shares
- Recursive enumeration of shares
- Up&Download files
Many thanks to @mehmetcanterman who had the idea and implemented the protocol with me.
🐥 [ tweet ]
🔥We have big news for you, NetExec now has a new protocol: NFS🔥
Main features:
- Detecting NFS servers
- List exported shares
- Recursive enumeration of shares
- Up&Download files
Many thanks to @mehmetcanterman who had the idea and implemented the protocol with me.
🐥 [ tweet ]
несправедливо мы тогда залупались на тех, кто форкнул цме, даже вот активно развивается походу🔥12👍5🤔1
😈 [ nyxgeek @nyxgeek ]
I think most pentesters have used the classic OWA time-based user enum at some point. Or time-based enum in Lync.
What if I told you that time-based user enum lives on in Azure? And it's tied to Basic Auth.
Basic Auth is dead. Long live Basic Auth!
🔗 https://trustedsec.com/blog/kicking-it-old-school-with-time-based-enumeration-in-azure
🐥 [ tweet ]
I think most pentesters have used the classic OWA time-based user enum at some point. Or time-based enum in Lync.
What if I told you that time-based user enum lives on in Azure? And it's tied to Basic Auth.
Basic Auth is dead. Long live Basic Auth!
🔗 https://trustedsec.com/blog/kicking-it-old-school-with-time-based-enumeration-in-azure
🐥 [ tweet ]
🤯2
😈 [ Cyber Advising @cyber_advising ]
CVE-2024-7479 & CVE-2024-7481: exploit proof of concept of a vulnerability in TeamViewer that enables an unprivileged user to load an arbitrary Kernel Driver into the system.
PoC:
🔗 https://github.com/PeterGabaldon/CVE-2024-7479_CVE-2024-7481
🐥 [ tweet ]
CVE-2024-7479 & CVE-2024-7481: exploit proof of concept of a vulnerability in TeamViewer that enables an unprivileged user to load an arbitrary Kernel Driver into the system.
PoC:
🔗 https://github.com/PeterGabaldon/CVE-2024-7479_CVE-2024-7481
🐥 [ tweet ]
🍌3👍2