😈 [ Usman Sikander @UsmanSikander13 ]

7 Methods to dump lsass memory. This is a powerful tool provide users an option to extract data from lsass memory.

🔗 https://github.com/Offensive-Panda/ShadowDumper

🐥 [ tweet ]

😈 [ Rtl Dallas @RtlDallas ]

KrakenMask is back with more opsec

🔗 https://github.com/NtDallas/KrakenMask

🐥 [ tweet ]

😈 [ 7eRoM @7eRoM ]

While verifying the PE digital signature in Windows kernel, I encountered several new terms and concepts, such as PKCS7, ASN.1, calculating the thumbprint, and verifying signatures.

🔗 https://github.com/7eRoM/tutorials/tree/main/Verifying%20Embedded%20PE%20Signature

🐥 [ tweet ]

😈 [ Steven @0xthirteen ]

I’ve always thought Seatbelt was a great situational awareness tool, I created a python implementation of it. Due to the nature of how I expect it to run, it only implements the remote modules, but I hope someone finds it useful.

🔗 https://github.com/0xthirteen/Carseat

🐥 [ tweet ]

😈 [ mpgn @mpgn_x64 ]

If you want to first blood a windows box in @hackthebox_eu every minute counts ! 🩸
I've added a special flag --generate-hosts-file so you just have to copy past into your /etc/hosts file and be ready to pwn as soon as possible 🔥

🐥 [ tweet ]

😈 [ Octoberfest7 @Octoberfest73 ]

This is a neat blog post on some of the new features in the 4.10 release of Cobalt Strike from @RWXstoned

🔗 https://rwxstoned.github.io/2024-11-13-Cobalt-Strike-customization/

🐥 [ tweet ]

😈 [ Zerotistic @gegrgtezrze ]

Excited to share my latest blog post: "Breaking Control Flow Flattening: A Deep Technical Analysis"

I showcase usage of formal proofs and graph theory to automate CFF deobfuscation, among other things !
Might make it a talk...? 👀

🔗 https://zerotistic.blog/posts/cff-remover/

🐥 [ tweet ]

😈 [ Binni Shah @binitamshah ]

x64 Assembly & Shellcoding 101

Part 1:
🔗 https://g3tsyst3m.github.io/shellcoding/assembly/debugging/x64-Assembly-&-Shellcoding-101/

Part 2:
🔗 https://g3tsyst3m.github.io/shellcoding/assembly/debugging/x64-Assembly-&-Shellcoding-101-Part-2/

Part 3:
🔗 https://g3tsyst3m.github.io/shellcoding/assembly/debugging/x64-Assembly-&-Shellcoding-101-Part-3/

Part 4:
🔗 https://g3tsyst3m.github.io/shellcoding/assembly/debugging/x64-Assembly-&-Shellcoding-101-Part-4/

Part 5:
🔗 https://g3tsyst3m.github.io/shellcoding/assembly/debugging/x64-Assembly-&-Shellcoding-101-Part-5/

Part 6:
🔗 https://g3tsyst3m.github.io/shellcoding/assembly/debugging/x64-Assembly-&-Shellcoding-101-Part-6/

credits @G3tSyst3m

🐥 [ tweet ]

#для_самых_маленьких

😈 [ NetSPI @NetSPI ]

Introducing PowerHuntShares 2.0 Release!

NetSPI VP of Research @_nullbind introduces new insights, charts, graphs, & LLM capabilities that can be used to map the relationships & risks being exposed through the network shares:

🔗 https://www.netspi.com/blog/technical-blog/network-pentesting/powerhuntshares-2-0-release/

🐥 [ tweet ]

😈 [ John Hammond @_JohnHammond ]

Supply chain malware from an infected game mod 🤯😱 Long-form reverse engineering and a WILD ride: Binary Ninja, x64dbg, 010 Editor, PEB walking, reworking API function hashing in Python, DLL search-order hijacking, hooked functions & more. MASSIVE video:

🔗 https://youtu.be/bvyklJ5Wie0?si=c0TSvALbx1ch21rZ

🐥 [ tweet ]

😈 [ Lefteris Panos @lefterispan ]

Wrote a small C# tool that is able to make a network token using a certificate. Comes handy in RTs ;)

🔗 https://github.com/nettitude/TokenCert

🐥 [ tweet ][ quote ]

😈 [ NCV @nickvourd ]

I just published Local Admin In Less Than 60 Seconds (Part 1)

In this post, I present Part 1 of my latest @BSidesAth presentation. I hope you enjoy it 😃

PS: There are Easter eggs inside for @taso_x, @tkalahan, and of course, @S1ckB0y1337.

🔗 https://medium.com/@nickvourd/local-admin-in-less-than-60-seconds-part-1-e2a0c0102b99

🐥 [ tweet ]

😈 [ freefirex @freefirex2 ]

Saw some other folks realize its actually really easy to use certificates to authenticate as other users on windows if you have access to the API.

We're now releasing our previously internal make_token_cert bof to auth using only a .pfx file :)

🔗 https://github.com/trustedsec/CS-Remote-OPs-BOF/blob/bc0cdd7997ebbf37a1cfee26be97eb3faa06ab50/src/Remote/make_token_cert/entry.c#L69

🐥 [ tweet ]

😈 [ Daniel @0x64616e ]

Hash-based driver blocklists are insecure, because of how Authenticode signatures are computed. Nothing new, but not as well known as it should be.

🔗 https://github.com/akkuman/gSigFlip

🐥 [ tweet ]

😈 [ Synacktiv @Synacktiv ]

Oh, you didn't know? Cool kids are now relaying Kerberos over SMB 😏
Check out our latest blogpost by @hugow_vincent to discover how to perform this attack:

🔗 https://www.synacktiv.com/publications/relaying-kerberos-over-smb-using-krbrelayx

🐥 [ tweet ]

😈 [ silentwarble @silentwarble ]

Something Emerges:

🔗 https://github.com/MythicAgents/Hannibal

🐥 [ tweet ]

красивое

😈 [ Matt Ehrnschwender @M_alphaaa ]

I'm trying to get better at keeping up with and publishing more on my blog. Here's a new post I just released on "Writing Beacon Object Files Without DFR"

🔗 https://blog.cybershenanigans.space/posts/writing-bofs-without-dfr/

🐥 [ tweet ]

😈 [ @ChrisTruncer@infosec.exchange @christruncer ]

It’s always awesome when we (@CISAGov) gets to release a red team report that we worked on, and today is another one of those days!

Go check out our latest report and hopefully you can apply some of the same lessons to your environment!

🔗 https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-326a

🐥 [ tweet ]

😈 [ Gigel Vrancea @GigelV41464 ]

Someone on my team asked me if there was a way I could prevent in-proc tools like a BOF from crashing the process

After some research, I came to the conclusion that using RtlSetUnhandledExceptionFilter is the most elegant way to achieve this

Read here:

🔗 https://luci4.net/blog/2024/11/13/EternalLife/

🐥 [ tweet ]