Offensive Xwitter
😈 [ Outflank @OutflankNL ] New Blog Alert! 🚨 Introducing Early Cascade Injection, a stealthy process injection technique that targets Windows process creation, avoids cross-process APCs, and evades top-tier EDRs. Learn how it combines Early Bird APC Injection…
😈 [ 5pider @C5pider ]
Reimplemented the Early Cascade Injection technique documented by the @OutflankNL team
The code is boring but the blog post was very interesting to read, especially when it came to how the process is initialized and how LdrInitializeThunk works. Cheers
🔗 https://github.com/Cracked5pider/earlycascade-injection
🐥 [ tweet ]
Reimplemented the Early Cascade Injection technique documented by the @OutflankNL team
The code is boring but the blog post was very interesting to read, especially when it came to how the process is initialized and how LdrInitializeThunk works. Cheers
🔗 https://github.com/Cracked5pider/earlycascade-injection
🐥 [ tweet ]
🔥4🥱3👍2
😈 [ Usman Sikander @UsmanSikander13 ]
7 Methods to dump lsass memory. This is a powerful tool provide users an option to extract data from lsass memory.
🔗 https://github.com/Offensive-Panda/ShadowDumper
🐥 [ tweet ]
7 Methods to dump lsass memory. This is a powerful tool provide users an option to extract data from lsass memory.
🔗 https://github.com/Offensive-Panda/ShadowDumper
🐥 [ tweet ]
👍7🥱2🔥1🍌1
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ Rtl Dallas @RtlDallas ]
KrakenMask is back with more opsec
🔗 https://github.com/NtDallas/KrakenMask
🐥 [ tweet ]
KrakenMask is back with more opsec
🔗 https://github.com/NtDallas/KrakenMask
🐥 [ tweet ]
🔥7
😈 [ 7eRoM @7eRoM ]
While verifying the PE digital signature in Windows kernel, I encountered several new terms and concepts, such as PKCS7, ASN.1, calculating the thumbprint, and verifying signatures.
🔗 https://github.com/7eRoM/tutorials/tree/main/Verifying%20Embedded%20PE%20Signature
🐥 [ tweet ]
While verifying the PE digital signature in Windows kernel, I encountered several new terms and concepts, such as PKCS7, ASN.1, calculating the thumbprint, and verifying signatures.
🔗 https://github.com/7eRoM/tutorials/tree/main/Verifying%20Embedded%20PE%20Signature
🐥 [ tweet ]
👍4🥱1
😈 [ Steven @0xthirteen ]
I’ve always thought Seatbelt was a great situational awareness tool, I created a python implementation of it. Due to the nature of how I expect it to run, it only implements the remote modules, but I hope someone finds it useful.
🔗 https://github.com/0xthirteen/Carseat
🐥 [ tweet ]
I’ve always thought Seatbelt was a great situational awareness tool, I created a python implementation of it. Due to the nature of how I expect it to run, it only implements the remote modules, but I hope someone finds it useful.
🔗 https://github.com/0xthirteen/Carseat
🐥 [ tweet ]
🔥3
😈 [ mpgn @mpgn_x64 ]
If you want to first blood a windows box in @hackthebox_eu every minute counts ! 🩸
I've added a special flag
🐥 [ tweet ]
If you want to first blood a windows box in @hackthebox_eu every minute counts ! 🩸
I've added a special flag
--generate-hosts-file so you just have to copy past into your /etc/hosts file and be ready to pwn as soon as possible 🔥🐥 [ tweet ]
👍7🔥4😁4
😈 [ drm @lowercase_drm ]
TIL you can ask the DC to resolve a foreign security principal by querying the
🐥 [ tweet ]
TIL you can ask the DC to resolve a foreign security principal by querying the
msds-principalname (hidden) attribute. The DC will use the trust secret to perform authentication against the foreign domain and then call LsarLookupSids3 (so it even works with selective auth).🐥 [ tweet ]
👍3
😈 [ Octoberfest7 @Octoberfest73 ]
This is a neat blog post on some of the new features in the 4.10 release of Cobalt Strike from @RWXstoned
🔗 https://rwxstoned.github.io/2024-11-13-Cobalt-Strike-customization/
🐥 [ tweet ]
This is a neat blog post on some of the new features in the 4.10 release of Cobalt Strike from @RWXstoned
🔗 https://rwxstoned.github.io/2024-11-13-Cobalt-Strike-customization/
🐥 [ tweet ]
🔥4
😈 [ Zerotistic @gegrgtezrze ]
Excited to share my latest blog post: "Breaking Control Flow Flattening: A Deep Technical Analysis"
I showcase usage of formal proofs and graph theory to automate CFF deobfuscation, among other things !
Might make it a talk...? 👀
🔗 https://zerotistic.blog/posts/cff-remover/
🐥 [ tweet ]
Excited to share my latest blog post: "Breaking Control Flow Flattening: A Deep Technical Analysis"
I showcase usage of formal proofs and graph theory to automate CFF deobfuscation, among other things !
Might make it a talk...? 👀
🔗 https://zerotistic.blog/posts/cff-remover/
🐥 [ tweet ]
🤯2😁1
😈 [ Binni Shah @binitamshah ]
x64 Assembly & Shellcoding 101
Part 1:
🔗 https://g3tsyst3m.github.io/shellcoding/assembly/debugging/x64-Assembly-&-Shellcoding-101/
Part 2:
🔗 https://g3tsyst3m.github.io/shellcoding/assembly/debugging/x64-Assembly-&-Shellcoding-101-Part-2/
Part 3:
🔗 https://g3tsyst3m.github.io/shellcoding/assembly/debugging/x64-Assembly-&-Shellcoding-101-Part-3/
Part 4:
🔗 https://g3tsyst3m.github.io/shellcoding/assembly/debugging/x64-Assembly-&-Shellcoding-101-Part-4/
Part 5:
🔗 https://g3tsyst3m.github.io/shellcoding/assembly/debugging/x64-Assembly-&-Shellcoding-101-Part-5/
Part 6:
🔗 https://g3tsyst3m.github.io/shellcoding/assembly/debugging/x64-Assembly-&-Shellcoding-101-Part-6/
credits @G3tSyst3m
🐥 [ tweet ]
#для_самых_маленьких
x64 Assembly & Shellcoding 101
Part 1:
🔗 https://g3tsyst3m.github.io/shellcoding/assembly/debugging/x64-Assembly-&-Shellcoding-101/
Part 2:
🔗 https://g3tsyst3m.github.io/shellcoding/assembly/debugging/x64-Assembly-&-Shellcoding-101-Part-2/
Part 3:
🔗 https://g3tsyst3m.github.io/shellcoding/assembly/debugging/x64-Assembly-&-Shellcoding-101-Part-3/
Part 4:
🔗 https://g3tsyst3m.github.io/shellcoding/assembly/debugging/x64-Assembly-&-Shellcoding-101-Part-4/
Part 5:
🔗 https://g3tsyst3m.github.io/shellcoding/assembly/debugging/x64-Assembly-&-Shellcoding-101-Part-5/
Part 6:
🔗 https://g3tsyst3m.github.io/shellcoding/assembly/debugging/x64-Assembly-&-Shellcoding-101-Part-6/
credits @G3tSyst3m
🐥 [ tweet ]
#для_самых_маленьких
🔥11👍5
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ NetSPI @NetSPI ]
Introducing PowerHuntShares 2.0 Release!
NetSPI VP of Research @_nullbind introduces new insights, charts, graphs, & LLM capabilities that can be used to map the relationships & risks being exposed through the network shares:
🔗 https://www.netspi.com/blog/technical-blog/network-pentesting/powerhuntshares-2-0-release/
🐥 [ tweet ]
Introducing PowerHuntShares 2.0 Release!
NetSPI VP of Research @_nullbind introduces new insights, charts, graphs, & LLM capabilities that can be used to map the relationships & risks being exposed through the network shares:
🔗 https://www.netspi.com/blog/technical-blog/network-pentesting/powerhuntshares-2-0-release/
🐥 [ tweet ]
🔥5🥱3👍1
😈 [ John Hammond @_JohnHammond ]
Supply chain malware from an infected game mod 🤯😱 Long-form reverse engineering and a WILD ride: Binary Ninja, x64dbg, 010 Editor, PEB walking, reworking API function hashing in Python, DLL search-order hijacking, hooked functions & more. MASSIVE video:
🔗 https://youtu.be/bvyklJ5Wie0?si=c0TSvALbx1ch21rZ
🐥 [ tweet ]
Supply chain malware from an infected game mod 🤯😱 Long-form reverse engineering and a WILD ride: Binary Ninja, x64dbg, 010 Editor, PEB walking, reworking API function hashing in Python, DLL search-order hijacking, hooked functions & more. MASSIVE video:
🔗 https://youtu.be/bvyklJ5Wie0?si=c0TSvALbx1ch21rZ
🐥 [ tweet ]
🔥11👍5
😈 [ Lefteris Panos @lefterispan ]
Wrote a small C# tool that is able to make a network token using a certificate. Comes handy in RTs ;)
🔗 https://github.com/nettitude/TokenCert
🐥 [ tweet ][ quote ]
Wrote a small C# tool that is able to make a network token using a certificate. Comes handy in RTs ;)
🔗 https://github.com/nettitude/TokenCert
🐥 [ tweet ][ quote ]
🔥7🥱2
😈 [ NCV @nickvourd ]
I just published Local Admin In Less Than 60 Seconds (Part 1)
In this post, I present Part 1 of my latest @BSidesAth presentation. I hope you enjoy it 😃
PS: There are Easter eggs inside for @taso_x, @tkalahan, and of course, @S1ckB0y1337.
🔗 https://medium.com/@nickvourd/local-admin-in-less-than-60-seconds-part-1-e2a0c0102b99
🐥 [ tweet ]
I just published Local Admin In Less Than 60 Seconds (Part 1)
In this post, I present Part 1 of my latest @BSidesAth presentation. I hope you enjoy it 😃
PS: There are Easter eggs inside for @taso_x, @tkalahan, and of course, @S1ckB0y1337.
🔗 https://medium.com/@nickvourd/local-admin-in-less-than-60-seconds-part-1-e2a0c0102b99
🐥 [ tweet ]
👍4
Offensive Xwitter
😈 [ Lefteris Panos @lefterispan ] Wrote a small C# tool that is able to make a network token using a certificate. Comes handy in RTs ;) 🔗 https://github.com/nettitude/TokenCert 🐥 [ tweet ][ quote ]
😈 [ freefirex @freefirex2 ]
Saw some other folks realize its actually really easy to use certificates to authenticate as other users on windows if you have access to the API.
We're now releasing our previously internal make_token_cert bof to auth using only a .pfx file :)
🔗 https://github.com/trustedsec/CS-Remote-OPs-BOF/blob/bc0cdd7997ebbf37a1cfee26be97eb3faa06ab50/src/Remote/make_token_cert/entry.c#L69
🐥 [ tweet ]
Saw some other folks realize its actually really easy to use certificates to authenticate as other users on windows if you have access to the API.
We're now releasing our previously internal make_token_cert bof to auth using only a .pfx file :)
🔗 https://github.com/trustedsec/CS-Remote-OPs-BOF/blob/bc0cdd7997ebbf37a1cfee26be97eb3faa06ab50/src/Remote/make_token_cert/entry.c#L69
🐥 [ tweet ]
👍9
😈 [ Daniel @0x64616e ]
Hash-based driver blocklists are insecure, because of how Authenticode signatures are computed. Nothing new, but not as well known as it should be.
🔗 https://github.com/akkuman/gSigFlip
🐥 [ tweet ]
Hash-based driver blocklists are insecure, because of how Authenticode signatures are computed. Nothing new, but not as well known as it should be.
🔗 https://github.com/akkuman/gSigFlip
🐥 [ tweet ]
🔥10
😈 [ Synacktiv @Synacktiv ]
Oh, you didn't know? Cool kids are now relaying Kerberos over SMB 😏
Check out our latest blogpost by @hugow_vincent to discover how to perform this attack:
🔗 https://www.synacktiv.com/publications/relaying-kerberos-over-smb-using-krbrelayx
🐥 [ tweet ]
Oh, you didn't know? Cool kids are now relaying Kerberos over SMB 😏
Check out our latest blogpost by @hugow_vincent to discover how to perform this attack:
🔗 https://www.synacktiv.com/publications/relaying-kerberos-over-smb-using-krbrelayx
🐥 [ tweet ]
🔥3👍2
😈 [ silentwarble @silentwarble ]
Something Emerges:
🔗 https://github.com/MythicAgents/Hannibal
🐥 [ tweet ]
Something Emerges:
🔗 https://github.com/MythicAgents/Hannibal
🐥 [ tweet ]
красивое🤯4
😈 [ Matt Ehrnschwender @M_alphaaa ]
I'm trying to get better at keeping up with and publishing more on my blog. Here's a new post I just released on "Writing Beacon Object Files Without DFR"
🔗 https://blog.cybershenanigans.space/posts/writing-bofs-without-dfr/
🐥 [ tweet ]
I'm trying to get better at keeping up with and publishing more on my blog. Here's a new post I just released on "Writing Beacon Object Files Without DFR"
🔗 https://blog.cybershenanigans.space/posts/writing-bofs-without-dfr/
🐥 [ tweet ]
👍1
😈 [ @ChrisTruncer@infosec.exchange @christruncer ]
It’s always awesome when we (@CISAGov) gets to release a red team report that we worked on, and today is another one of those days!
Go check out our latest report and hopefully you can apply some of the same lessons to your environment!
🔗 https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-326a
🐥 [ tweet ]
It’s always awesome when we (@CISAGov) gets to release a red team report that we worked on, and today is another one of those days!
Go check out our latest report and hopefully you can apply some of the same lessons to your environment!
🔗 https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-326a
🐥 [ tweet ]
🔥5👍2