😈 [ Mandiant (part of Google Cloud) @Mandiant ]
🚨 Mandiant observed #LummaC2 stealers leveraging a new obfuscation technique to thwart analysis tools and stifle reverse engineering efforts.
Read about this tactic, and how we developed an automated method for removing this protection layer →
🔗 https://cloud.google.com/blog/topics/threat-intelligence/lummac2-obfuscation-through-indirect-control-flow/
🐥 [ tweet ]
🚨 Mandiant observed #LummaC2 stealers leveraging a new obfuscation technique to thwart analysis tools and stifle reverse engineering efforts.
Read about this tactic, and how we developed an automated method for removing this protection layer →
🔗 https://cloud.google.com/blog/topics/threat-intelligence/lummac2-obfuscation-through-indirect-control-flow/
🐥 [ tweet ]
🔥6👍2
Offensive Xwitter
😈 [ Will Harris @parityzero ] With Chrome 127 on Windows, we're introducing enhanced encryption to protect sensitive data, starting with your cookies🍪! This helps protect your personal information and keeps your online accounts secure from hackers. Read more…
👹 [ sn🥶vvcr💥sh @snovvcrash ]
Got curious how the new App-Bound Chromium Encryption can be bypassed, so here’s a minimal PoC for decrypting the Local State key as a non-elevated user via an RPC call to the elevator service (path validation must still be taken into account though):
🔗 https://gist.github.com/snovvcrash/caded55a318bbefcb6cc9ee30e82f824
🐥 [ tweet ]
Got curious how the new App-Bound Chromium Encryption can be bypassed, so here’s a minimal PoC for decrypting the Local State key as a non-elevated user via an RPC call to the elevator service (path validation must still be taken into account though):
🔗 https://gist.github.com/snovvcrash/caded55a318bbefcb6cc9ee30e82f824
🐥 [ tweet ]
🔥18
😈 [ trickster0 @trickster012 ]
I just released my C2 I was working on, on my free time. Feel free to play around make your own forks if you like it. It needs a lot of work but it is a fully rust one with small implant and working sleep obfuscation.
🔗 https://github.com/trickster0/NamelessC2
🐥 [ tweet ]
I just released my C2 I was working on, on my free time. Feel free to play around make your own forks if you like it. It needs a lot of work but it is a fully rust one with small implant and working sleep obfuscation.
🔗 https://github.com/trickster0/NamelessC2
🐥 [ tweet ]
🥱4👍3😁3
😈 [ Soufiane @S0ufi4n3 ]
The (Anti-)EDR Compendium
EDR functionality and bypasses in 2024, with focus on undetected shellcode loader.
🔗 https://blog.deeb.ch/posts/how-edr-works/
🐥 [ tweet ]
The (Anti-)EDR Compendium
EDR functionality and bypasses in 2024, with focus on undetected shellcode loader.
🔗 https://blog.deeb.ch/posts/how-edr-works/
🐥 [ tweet ]
👍9🔥5
Поговорили с Cyber Media о пентесте внутренних сетей, редтимах и рисках, получилось очень лампово:
🔗 https://securitymedia.org/articles/interview/sergey-yashin-positive-technologies-grezy-o-zashchishchennosti-infrastruktury-iz-za-ee-nedostupnosti.html
🔗 https://securitymedia.org/articles/interview/sergey-yashin-positive-technologies-grezy-o-zashchishchennosti-infrastruktury-iz-za-ee-nedostupnosti.html
Telegram
Cyber Media
🗣 Сергей Яшин, Positive Technologies: Грезы о защищенности инфраструктуры из-за ее недоступности из интернета могут привести к плачевным последствиям
Сергей Яшин (snovvcrash), рукoводитель Red Team Development Group Positive Technologies и автор блога Offensive…
Сергей Яшин (snovvcrash), рукoводитель Red Team Development Group Positive Technologies и автор блога Offensive…
🔥21👍5🍌3🥱2
😈 [ DSAS by INJECT @DevSecAS ]
🖥 Let's analyze one of the ways to bypass the smart screen and write our own simple cryptor that runs the shellcode:
🔗 https://github.com/Evi1Grey5/Bypass-Smartscreen-
🐥 [ tweet ]
🖥 Let's analyze one of the ways to bypass the smart screen and write our own simple cryptor that runs the shellcode:
🔗 https://github.com/Evi1Grey5/Bypass-Smartscreen-
🐥 [ tweet ]
👍10🥱3
😈 [ Alex Neff @al3x_n3ff ]
🔥We have big news for you, NetExec now has a new protocol: NFS🔥
Main features:
- Detecting NFS servers
- List exported shares
- Recursive enumeration of shares
- Up&Download files
Many thanks to @mehmetcanterman who had the idea and implemented the protocol with me.
🐥 [ tweet ]
🔥We have big news for you, NetExec now has a new protocol: NFS🔥
Main features:
- Detecting NFS servers
- List exported shares
- Recursive enumeration of shares
- Up&Download files
Many thanks to @mehmetcanterman who had the idea and implemented the protocol with me.
🐥 [ tweet ]
несправедливо мы тогда залупались на тех, кто форкнул цме, даже вот активно развивается походу🔥12👍5🤔1
😈 [ nyxgeek @nyxgeek ]
I think most pentesters have used the classic OWA time-based user enum at some point. Or time-based enum in Lync.
What if I told you that time-based user enum lives on in Azure? And it's tied to Basic Auth.
Basic Auth is dead. Long live Basic Auth!
🔗 https://trustedsec.com/blog/kicking-it-old-school-with-time-based-enumeration-in-azure
🐥 [ tweet ]
I think most pentesters have used the classic OWA time-based user enum at some point. Or time-based enum in Lync.
What if I told you that time-based user enum lives on in Azure? And it's tied to Basic Auth.
Basic Auth is dead. Long live Basic Auth!
🔗 https://trustedsec.com/blog/kicking-it-old-school-with-time-based-enumeration-in-azure
🐥 [ tweet ]
🤯2
😈 [ Cyber Advising @cyber_advising ]
CVE-2024-7479 & CVE-2024-7481: exploit proof of concept of a vulnerability in TeamViewer that enables an unprivileged user to load an arbitrary Kernel Driver into the system.
PoC:
🔗 https://github.com/PeterGabaldon/CVE-2024-7479_CVE-2024-7481
🐥 [ tweet ]
CVE-2024-7479 & CVE-2024-7481: exploit proof of concept of a vulnerability in TeamViewer that enables an unprivileged user to load an arbitrary Kernel Driver into the system.
PoC:
🔗 https://github.com/PeterGabaldon/CVE-2024-7479_CVE-2024-7481
🐥 [ tweet ]
🍌3👍2
Offensive Xwitter
😈 [ LuemmelSec @theluemmel ] New blog by @itm4n is a must read for blue and red alike: 🔗 https://itm4n.github.io/printnightmare-exploitation/ Quality stuff as always. Thanks I updated my Client-Checker to evaluate the affected reg keys so you can quickly…
😈 [ parzel @parzel2 ]
During a #redteam at @mod0 we discovered a limited but neat bypass for #printnightmare. I talked to @itm4n about it and he had an indepth look. Read about it here:
🔗 https://itm4n.github.io/printnightmare-not-over/
🐥 [ tweet ]
During a #redteam at @mod0 we discovered a limited but neat bypass for #printnightmare. I talked to @itm4n about it and he had an indepth look. Read about it here:
🔗 https://itm4n.github.io/printnightmare-not-over/
🐥 [ tweet ]
👍2
😈 [ Binni Shah @binitamshah ]
Hacking Windows through iTunes - Local Privilege Escalation 0-day (Patched September 12, 2024):
🔗 https://github.com/mbog14/CVE-2024-44193
🐥 [ tweet ]
Hacking Windows through iTunes - Local Privilege Escalation 0-day (Patched September 12, 2024):
🔗 https://github.com/mbog14/CVE-2024-44193
🐥 [ tweet ]
🥱2👍1🤔1
😈 [ ap @decoder_it ]
Following up on my earlier tweet regarding Kerberos relay with SMB server, I've uploaded my quick & dirty version. It's far from perfect, so feel free to improve it!
🔗 https://github.com/decoder-it/KrbRelay-SMBServer/tree/master
🐥 [ tweet ][ quote ]
Following up on my earlier tweet regarding Kerberos relay with SMB server, I've uploaded my quick & dirty version. It's far from perfect, so feel free to improve it!
🔗 https://github.com/decoder-it/KrbRelay-SMBServer/tree/master
🐥 [ tweet ][ quote ]
👍4🔥1
😈 [ Ohm-I (Oh My) @mcohmi ]
Dropping a POC and naming the specific person who found and disclosed it WHILE they are going through a disclosure process is a dick move, tbh.
Keep your POCs internal or in small groups until Drop Day.
ESC15 (EKUwu):
🔗 https://github.com/ly4k/Certipy/pull/228
🐥 [ tweet ]
Dropping a POC and naming the specific person who found and disclosed it WHILE they are going through a disclosure process is a dick move, tbh.
Keep your POCs internal or in small groups until Drop Day.
ESC15 (EKUwu):
🔗 https://github.com/ly4k/Certipy/pull/228
🐥 [ tweet ]
🔥5👍3😢3
😈 [ Adam Chester 🏴☠️ @_xpn_ ]
New tool published which is proving to be useful. Cred1py allows execution of the CRED-1 SCCM attack published by @Raiona_ZA over SOCKS5 UDP by wrapping the awesome PxeThiefy[.]py from @0xcsandker. Enjoy :)
🔗 https://github.com/SpecterOps/cred1py
🐥 [ tweet ]
New tool published which is proving to be useful. Cred1py allows execution of the CRED-1 SCCM attack published by @Raiona_ZA over SOCKS5 UDP by wrapping the awesome PxeThiefy[.]py from @0xcsandker. Enjoy :)
🔗 https://github.com/SpecterOps/cred1py
🐥 [ tweet ]
👍5🔥1