Поговорили с Cyber Media о пентесте внутренних сетей, редтимах и рисках, получилось очень лампово:
🔗 https://securitymedia.org/articles/interview/sergey-yashin-positive-technologies-grezy-o-zashchishchennosti-infrastruktury-iz-za-ee-nedostupnosti.html
🔗 https://securitymedia.org/articles/interview/sergey-yashin-positive-technologies-grezy-o-zashchishchennosti-infrastruktury-iz-za-ee-nedostupnosti.html
Telegram
Cyber Media
🗣 Сергей Яшин, Positive Technologies: Грезы о защищенности инфраструктуры из-за ее недоступности из интернета могут привести к плачевным последствиям
Сергей Яшин (snovvcrash), рукoводитель Red Team Development Group Positive Technologies и автор блога Offensive…
Сергей Яшин (snovvcrash), рукoводитель Red Team Development Group Positive Technologies и автор блога Offensive…
🔥21👍5🍌3🥱2
😈 [ DSAS by INJECT @DevSecAS ]
🖥 Let's analyze one of the ways to bypass the smart screen and write our own simple cryptor that runs the shellcode:
🔗 https://github.com/Evi1Grey5/Bypass-Smartscreen-
🐥 [ tweet ]
🖥 Let's analyze one of the ways to bypass the smart screen and write our own simple cryptor that runs the shellcode:
🔗 https://github.com/Evi1Grey5/Bypass-Smartscreen-
🐥 [ tweet ]
👍10🥱3
😈 [ Alex Neff @al3x_n3ff ]
🔥We have big news for you, NetExec now has a new protocol: NFS🔥
Main features:
- Detecting NFS servers
- List exported shares
- Recursive enumeration of shares
- Up&Download files
Many thanks to @mehmetcanterman who had the idea and implemented the protocol with me.
🐥 [ tweet ]
🔥We have big news for you, NetExec now has a new protocol: NFS🔥
Main features:
- Detecting NFS servers
- List exported shares
- Recursive enumeration of shares
- Up&Download files
Many thanks to @mehmetcanterman who had the idea and implemented the protocol with me.
🐥 [ tweet ]
несправедливо мы тогда залупались на тех, кто форкнул цме, даже вот активно развивается походу🔥12👍5🤔1
😈 [ nyxgeek @nyxgeek ]
I think most pentesters have used the classic OWA time-based user enum at some point. Or time-based enum in Lync.
What if I told you that time-based user enum lives on in Azure? And it's tied to Basic Auth.
Basic Auth is dead. Long live Basic Auth!
🔗 https://trustedsec.com/blog/kicking-it-old-school-with-time-based-enumeration-in-azure
🐥 [ tweet ]
I think most pentesters have used the classic OWA time-based user enum at some point. Or time-based enum in Lync.
What if I told you that time-based user enum lives on in Azure? And it's tied to Basic Auth.
Basic Auth is dead. Long live Basic Auth!
🔗 https://trustedsec.com/blog/kicking-it-old-school-with-time-based-enumeration-in-azure
🐥 [ tweet ]
🤯2
😈 [ Cyber Advising @cyber_advising ]
CVE-2024-7479 & CVE-2024-7481: exploit proof of concept of a vulnerability in TeamViewer that enables an unprivileged user to load an arbitrary Kernel Driver into the system.
PoC:
🔗 https://github.com/PeterGabaldon/CVE-2024-7479_CVE-2024-7481
🐥 [ tweet ]
CVE-2024-7479 & CVE-2024-7481: exploit proof of concept of a vulnerability in TeamViewer that enables an unprivileged user to load an arbitrary Kernel Driver into the system.
PoC:
🔗 https://github.com/PeterGabaldon/CVE-2024-7479_CVE-2024-7481
🐥 [ tweet ]
🍌3👍2
Offensive Xwitter
😈 [ LuemmelSec @theluemmel ] New blog by @itm4n is a must read for blue and red alike: 🔗 https://itm4n.github.io/printnightmare-exploitation/ Quality stuff as always. Thanks I updated my Client-Checker to evaluate the affected reg keys so you can quickly…
😈 [ parzel @parzel2 ]
During a #redteam at @mod0 we discovered a limited but neat bypass for #printnightmare. I talked to @itm4n about it and he had an indepth look. Read about it here:
🔗 https://itm4n.github.io/printnightmare-not-over/
🐥 [ tweet ]
During a #redteam at @mod0 we discovered a limited but neat bypass for #printnightmare. I talked to @itm4n about it and he had an indepth look. Read about it here:
🔗 https://itm4n.github.io/printnightmare-not-over/
🐥 [ tweet ]
👍2
😈 [ Binni Shah @binitamshah ]
Hacking Windows through iTunes - Local Privilege Escalation 0-day (Patched September 12, 2024):
🔗 https://github.com/mbog14/CVE-2024-44193
🐥 [ tweet ]
Hacking Windows through iTunes - Local Privilege Escalation 0-day (Patched September 12, 2024):
🔗 https://github.com/mbog14/CVE-2024-44193
🐥 [ tweet ]
🥱2👍1🤔1
😈 [ ap @decoder_it ]
Following up on my earlier tweet regarding Kerberos relay with SMB server, I've uploaded my quick & dirty version. It's far from perfect, so feel free to improve it!
🔗 https://github.com/decoder-it/KrbRelay-SMBServer/tree/master
🐥 [ tweet ][ quote ]
Following up on my earlier tweet regarding Kerberos relay with SMB server, I've uploaded my quick & dirty version. It's far from perfect, so feel free to improve it!
🔗 https://github.com/decoder-it/KrbRelay-SMBServer/tree/master
🐥 [ tweet ][ quote ]
👍4🔥1
😈 [ Ohm-I (Oh My) @mcohmi ]
Dropping a POC and naming the specific person who found and disclosed it WHILE they are going through a disclosure process is a dick move, tbh.
Keep your POCs internal or in small groups until Drop Day.
ESC15 (EKUwu):
🔗 https://github.com/ly4k/Certipy/pull/228
🐥 [ tweet ]
Dropping a POC and naming the specific person who found and disclosed it WHILE they are going through a disclosure process is a dick move, tbh.
Keep your POCs internal or in small groups until Drop Day.
ESC15 (EKUwu):
🔗 https://github.com/ly4k/Certipy/pull/228
🐥 [ tweet ]
🔥5👍3😢3
😈 [ Adam Chester 🏴☠️ @_xpn_ ]
New tool published which is proving to be useful. Cred1py allows execution of the CRED-1 SCCM attack published by @Raiona_ZA over SOCKS5 UDP by wrapping the awesome PxeThiefy[.]py from @0xcsandker. Enjoy :)
🔗 https://github.com/SpecterOps/cred1py
🐥 [ tweet ]
New tool published which is proving to be useful. Cred1py allows execution of the CRED-1 SCCM attack published by @Raiona_ZA over SOCKS5 UDP by wrapping the awesome PxeThiefy[.]py from @0xcsandker. Enjoy :)
🔗 https://github.com/SpecterOps/cred1py
🐥 [ tweet ]
👍5🔥1
Offensive Xwitter
😈 [ Ohm-I (Oh My) @mcohmi ] Dropping a POC and naming the specific person who found and disclosed it WHILE they are going through a disclosure process is a dick move, tbh. Keep your POCs internal or in small groups until Drop Day. ESC15 (EKUwu): 🔗 htt…
😈 [ TrustedSec @TrustedSec ]
During a recent engagement, @Bandrel discovered how an attacker can craft a CSR by using default system certificates. After finding out this method was novel, the team kept digging. Read what they found in our new blog!
🔗 https://trustedsec.com/blog/ekuwu-not-just-another-ad-cs-esc
🐥 [ tweet ]
During a recent engagement, @Bandrel discovered how an attacker can craft a CSR by using default system certificates. After finding out this method was novel, the team kept digging. Read what they found in our new blog!
🔗 https://trustedsec.com/blog/ekuwu-not-just-another-ad-cs-esc
🐥 [ tweet ]
🔥4👍1🥱1
😈 [ safe @safe0x17 ]
I'm excited to share 𝗥𝘂𝘀𝘁𝗶𝗰𝟲𝟰. A Modern 64-bit 𝗣𝗼𝘀𝗶𝘁𝗶𝗼𝗻-𝗜𝗻𝗱𝗲𝗽𝗲𝗻𝗱𝗲𝗻𝘁 Shellcode Template for 𝗪𝗶𝗻𝗱𝗼𝘄𝘀, written 𝗶𝗻 𝗥𝘂𝘀𝘁!
🔗 https://github.com/safedv/Rustic64
🐥 [ tweet ]
I'm excited to share 𝗥𝘂𝘀𝘁𝗶𝗰𝟲𝟰. A Modern 64-bit 𝗣𝗼𝘀𝗶𝘁𝗶𝗼𝗻-𝗜𝗻𝗱𝗲𝗽𝗲𝗻𝗱𝗲𝗻𝘁 Shellcode Template for 𝗪𝗶𝗻𝗱𝗼𝘄𝘀, written 𝗶𝗻 𝗥𝘂𝘀𝘁!
🔗 https://github.com/safedv/Rustic64
🐥 [ tweet ]
🔥2🥱1
Offensive Xwitter
😈 [ TrustedSec @TrustedSec ] During a recent engagement, @Bandrel discovered how an attacker can craft a CSR by using default system certificates. After finding out this method was novel, the team kept digging. Read what they found in our new blog! 🔗 ht…
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ Justin Bollinger @Bandrel ]
Here is the original PoC video. As you can see Certipy isn't needed to exploit. Just makes it easier.
🐥 [ tweet ]
Here is the original PoC video. As you can see Certipy isn't needed to exploit. Just makes it easier.
🐥 [ tweet ]
👍7🔥4
😈 [ Empire @EmpireC2Project ]
Read the latest blog on It's Not Your Grandfather's Empire! If you haven't used it in some time come take a look at just how it's grown into a multi-language powerhouse:
🔗 https://bc-security.org/not-your-grandfathers-empire/
🐥 [ tweet ]
Read the latest blog on It's Not Your Grandfather's Empire! If you haven't used it in some time come take a look at just how it's grown into a multi-language powerhouse:
🔗 https://bc-security.org/not-your-grandfathers-empire/
🐥 [ tweet ]
👍6🔥1
😈 [ Nextron Systems @nextronsystems ]
In-Depth Analysis of Lynx Ransomware
Analyzing Lynx ransomware, active since mid-2024, with insights on its encryption methods, backup deletion, and printer-based ransom note delivery:
🔗 https://www.nextron-systems.com/2024/10/11/in-depth-analysis-of-lynx-ransomware/
🐥 [ tweet ]
In-Depth Analysis of Lynx Ransomware
Analyzing Lynx ransomware, active since mid-2024, with insights on its encryption methods, backup deletion, and printer-based ransom note delivery:
🔗 https://www.nextron-systems.com/2024/10/11/in-depth-analysis-of-lynx-ransomware/
🐥 [ tweet ]
👍4
😈 [ ap @decoder_it ]
OK, I promise to stop spamming about relays with NTLM/Kerberos 😅. But if you're a member of the Distributed COM or Performance Log group, these juicy CLSIDs let you trigger remotely machine authentication of any computer, including DCs, and relay DCOM -> HTTP, SMB:
🐥 [ tweet ]
OK, I promise to stop spamming about relays with NTLM/Kerberos 😅. But if you're a member of the Distributed COM or Performance Log group, these juicy CLSIDs let you trigger remotely machine authentication of any computer, including DCs, and relay DCOM -> HTTP, SMB:
{9EA82395-E31B-41CA-8DF7-EC1CEE7194DF}
{42C21DF5-FB58-4102-90E9-96A213DC7CE8}
{C63261E4-6052-41FF-B919-496FECF4C4E5}
{FFE1E5FE-F1F0-48C8-953E-72BA272F2744}🐥 [ tweet ]
🔥13
😈 [ Logan Goins @_logangoins ]
I just published a blog post focused on details of using offensive .NET for both enumeration and exploitation of #activedirectory environments! Including some customized code examples from a tool I've been developing!
🔗 https://logan-goins.com/2024-10-11-Dotnet-AD/
🔗 https://github.com/logangoins/Cable
🐥 [ tweet ]
#для_самых_маленьких
I just published a blog post focused on details of using offensive .NET for both enumeration and exploitation of #activedirectory environments! Including some customized code examples from a tool I've been developing!
🔗 https://logan-goins.com/2024-10-11-Dotnet-AD/
🔗 https://github.com/logangoins/Cable
🐥 [ tweet ]
#для_самых_маленьких
👍5🔥1
😈 [ Daniel F. @VirtualAllocEx ]
I wanted to learn more about using content delivery networks (CDNs) in Azure in conjunction with an Nginx reverse proxy in the context of using Cobalt Strike as a C2 framework. As a result, I've written the following blog post.
🔗 https://redops.at/en/blog/cobalt-strike-cdn-reverse-proxy-setup
🐥 [ tweet ]
I wanted to learn more about using content delivery networks (CDNs) in Azure in conjunction with an Nginx reverse proxy in the context of using Cobalt Strike as a C2 framework. As a result, I've written the following blog post.
🔗 https://redops.at/en/blog/cobalt-strike-cdn-reverse-proxy-setup
🐥 [ tweet ]
👍6
😈 [ Matt Zorich @reprise_99 ]
In case you missed it, a deep dive into how Kerberoasting works, how to detect it, and maybe most importantly of all, how to reduce the risk of it within your Active Directory environment:
🔗 https://www.microsoft.com/en-us/security/blog/2024/10/11/microsofts-guidance-to-help-mitigate-kerberoasting/
🐥 [ tweet ]
In case you missed it, a deep dive into how Kerberoasting works, how to detect it, and maybe most importantly of all, how to reduce the risk of it within your Active Directory environment:
🔗 https://www.microsoft.com/en-us/security/blog/2024/10/11/microsofts-guidance-to-help-mitigate-kerberoasting/
🐥 [ tweet ]
верните мне мой 2017😁4👍3