😈 [ MDSec @MDSecLabs ]
Ever come across Altiris on a red team? We did.... Check out this post from @breakfix on how to extract ACC creds... Extracting Account Connectivity Credentials (ACCs) from Symantec Management Agent (aka Altiris)
🔗 https://www.mdsec.co.uk/2024/12/extracting-account-connectivity-credentials-accs-from-symantec-management-agent-aka-altiris/
🐥 [ tweet ]
Ever come across Altiris on a red team? We did.... Check out this post from @breakfix on how to extract ACC creds... Extracting Account Connectivity Credentials (ACCs) from Symantec Management Agent (aka Altiris)
🔗 https://www.mdsec.co.uk/2024/12/extracting-account-connectivity-credentials-accs-from-symantec-management-agent-aka-altiris/
🐥 [ tweet ]
👍2🍌2
😈 [ Ricardo Ruiz @RicardoJoseRF ]
Today I made public NativeBypassCredGuard, a tool to bypass Credential Guard by patching WDigest.dll using only NTAPI functions:
🔗 https://github.com/ricardojoserf/NativeBypassCredGuard
🐥 [ tweet ]
Today I made public NativeBypassCredGuard, a tool to bypass Credential Guard by patching WDigest.dll using only NTAPI functions:
🔗 https://github.com/ricardojoserf/NativeBypassCredGuard
🐥 [ tweet ]
👍12
😈 [ S3cur3Th1sSh1t @ShitSecure ]
Finally I was finally able to reproduce RemotePotat0 from @splinter_code and @decoder_it which still works perfectly fine when relaying against SMB and choosing the correct CLSID :-) Only LDAP relaying it patched and not possible anymore.
Super late but ¯\_(ツ)_/ ¯ 🤪
But you know what's even better? KrbRelay also works from a low privileged users perspective! 🔥🔥🔥
🐥 [ tweet ][ quote ]
Finally I was finally able to reproduce RemotePotat0 from @splinter_code and @decoder_it which still works perfectly fine when relaying against SMB and choosing the correct CLSID :-) Only LDAP relaying it patched and not possible anymore.
Super late but ¯\_(ツ)_/ ¯ 🤪
But you know what's even better? KrbRelay also works from a low privileged users perspective! 🔥🔥🔥
🐥 [ tweet ][ quote ]
🔥7👍4🤯1
😈 [ Rad @rad9800 ]
I figured out a new way to completely disable certain EDR products only with Admin privileges in less than 30 lines of code with native applications.
It works by deleting critical application files before they can do anything 🙃
🔗 https://github.com/rad9800/BootExecuteEDR
🐥 [ tweet ]
I figured out a new way to completely disable certain EDR products only with Admin privileges in less than 30 lines of code with native applications.
It works by deleting critical application files before they can do anything 🙃
🔗 https://github.com/rad9800/BootExecuteEDR
🐥 [ tweet ]
🥱8🔥4🤔4👍1
😈 [ Boris Larin @oct0xor ]
We've open-sourced GReAT’s plugin for the IDA Pro decompiler - an indispensable set of tools for analyzing malware, shellcodes, etc. Grab our secret ingredient for reverse engineering and check out the GIFs demonstrating its usage:
🔗 https://github.com/KasperskyLab/hrtng
🐥 [ tweet ]
We've open-sourced GReAT’s plugin for the IDA Pro decompiler - an indispensable set of tools for analyzing malware, shellcodes, etc. Grab our secret ingredient for reverse engineering and check out the GIFs demonstrating its usage:
🔗 https://github.com/KasperskyLab/hrtng
🐥 [ tweet ]
🔥4👍3
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ Microsoft Threat Intelligence @MsftSecIntel ]
Microsoft observed a 146% rise in adversary-in-the-middle (AiTM) attacks over the last year, indicating that cybercriminals are continuing to find ways to compromise accounts that are protected by multifactor authentication (MFA).
🔗 https://techcommunity.microsoft.com/blog/identity/defeating-adversary-in-the-middle-phishing-attacks/1751777
🐥 [ tweet ]
Microsoft observed a 146% rise in adversary-in-the-middle (AiTM) attacks over the last year, indicating that cybercriminals are continuing to find ways to compromise accounts that are protected by multifactor authentication (MFA).
🔗 https://techcommunity.microsoft.com/blog/identity/defeating-adversary-in-the-middle-phishing-attacks/1751777
🐥 [ tweet ]
😁7👍1
😈 [ Eliran Nissan @eliran_nissan ]
I am excited to share with you my latest research - "DCOM Upload & Execute".
An advanced lateral movement technique to upload and execute custom payloads on remote targets.
Forget about PSEXEC and dive in!
Blog:
🔗 https://www.deepinstinct.com/blog/forget-psexec-dcom-upload-execute-backdoor
Code:
🔗 https://github.com/deepinstinct/DCOMUploadExec
🐥 [ tweet ]
I am excited to share with you my latest research - "DCOM Upload & Execute".
An advanced lateral movement technique to upload and execute custom payloads on remote targets.
Forget about PSEXEC and dive in!
Blog:
🔗 https://www.deepinstinct.com/blog/forget-psexec-dcom-upload-execute-backdoor
Code:
🔗 https://github.com/deepinstinct/DCOMUploadExec
🐥 [ tweet ]
👍9🤔3😁1
😈 [ Orange Cyberdefense Switzerland @orangecyberch ]
🚨 During a co-funded research project, @PMa1n and @Nodauf, Security Engineers Offensive Security, discovered vulnerabilities in Cortex XDR that could be exploited by unprivileged users.
🔗 https://blog.scrt.ch/2024/12/05/attacking-cortex-xdr-from-an-unprivileged-user-perspective/
🐥 [ tweet ]
🚨 During a co-funded research project, @PMa1n and @Nodauf, Security Engineers Offensive Security, discovered vulnerabilities in Cortex XDR that could be exploited by unprivileged users.
🔗 https://blog.scrt.ch/2024/12/05/attacking-cortex-xdr-from-an-unprivileged-user-perspective/
🐥 [ tweet ]
🔥5👍2
Forwarded from PT SWARM
🇻🇳 The Positive Hack Talks in Vietnam has finished!
Slides from our researcher Arseniy Sharoglazov: https://static.ptsecurity.com/events/exch-vietnam.pdf
Wordlist: https://github.com/mohemiv/dodgypass
🎁 Includes a PoC for MyQ Unauthenticated RCE! (CVE-2024-28059)
Slides from our researcher Arseniy Sharoglazov: https://static.ptsecurity.com/events/exch-vietnam.pdf
Wordlist: https://github.com/mohemiv/dodgypass
🎁 Includes a PoC for MyQ Unauthenticated RCE! (CVE-2024-28059)
🔥6👍4
Offensive Xwitter
😈 [ Synacktiv @Synacktiv ] Oh, you didn't know? Cool kids are now relaying Kerberos over SMB 😏 Check out our latest blogpost by @hugow_vincent to discover how to perform this attack: 🔗 https://www.synacktiv.com/publications/relaying-kerberos-over-smb-using…
😈 [ Synacktiv @Synacktiv ]
You can now relay any protocol to SMB over Kerberos with krbrelayx[.]py and the latest PRs from @hugow_vincent.
Thanks @_dirkjan for merging it!
Here is an example from SMB to SMB:
🔗 https://github.com/dirkjanm/krbrelayx/pull/46
🐥 [ tweet ]
You can now relay any protocol to SMB over Kerberos with krbrelayx[.]py and the latest PRs from @hugow_vincent.
Thanks @_dirkjan for merging it!
Here is an example from SMB to SMB:
🔗 https://github.com/dirkjanm/krbrelayx/pull/46
🐥 [ tweet ]
🔥9
😈 [ Petr Beneš @PetrBenes ]
Another blog post, yay!
This time about how MASM makes up section names that might mess up the intended order of your code.
Of course, it's not documented anywhere.
🔗 https://wbenny.github.io/2024/12/08/section-order-masm-text-mn-subsection.html
🐥 [ tweet ]
Another blog post, yay!
This time about how MASM makes up section names that might mess up the intended order of your code.
Of course, it's not documented anywhere.
🔗 https://wbenny.github.io/2024/12/08/section-order-masm-text-mn-subsection.html
🐥 [ tweet ]
😈 [ Elastic Security Labs @elasticseclabs ]
#ElasticSecurityLabs has discovered PUMAKIT, a new #linux #malware with advanced stealth mechanisms. The kernel rootkit is capable of privilege escalation, anti-debugging measures, and more. Get the details here:
🔗 https://www.elastic.co/security-labs/declawing-pumakit/
🐥 [ tweet ]
#ElasticSecurityLabs has discovered PUMAKIT, a new #linux #malware with advanced stealth mechanisms. The kernel rootkit is capable of privilege escalation, anti-debugging measures, and more. Get the details here:
🔗 https://www.elastic.co/security-labs/declawing-pumakit/
🐥 [ tweet ]
👍5
😈 [ Tim Willis @itswillis ]
Finding 0day is not the most impactful thing that Project Zero does 😲 — it's sharing knowledge 🧠. One part of that sharing is our tooling work to help other devs and reserachers.
Today's installment, @tiraniddo's updated OleView[.]NET 👍
Blog:
🔗 https://googleprojectzero.blogspot.com/2024/12/windows-tooling-updates-oleviewnet.html
🐥 [ tweet ]
Finding 0day is not the most impactful thing that Project Zero does 😲 — it's sharing knowledge 🧠. One part of that sharing is our tooling work to help other devs and reserachers.
Today's installment, @tiraniddo's updated OleView[.]NET 👍
Blog:
🔗 https://googleprojectzero.blogspot.com/2024/12/windows-tooling-updates-oleviewnet.html
🐥 [ tweet ]
🔥6👍2🍌2
Forwarded from Positive Technologies
This media is not supported in your browser
VIEW IN TELEGRAM
В октябре мы объявили о разработке нового продукта PT Dephaze для автоматической проверки защищенности инфраструктуры и тестирования на проникновение.
Запустить продукт мы планируем в феврале 2025 года, а сейчас готовы поделиться с вами промежуточными результатами и показать, какие инструменты и техники будут применяться для проведения пентестов.
На трансляции вы увидите, как продукт:
В конце трансляции подробно расскажем о коммерческом запуске и старте пилотных проектов PT Dephaze.
#PTDephaze
@Positive_Technologies
Please open Telegram to view this post
VIEW IN TELEGRAM
🥱20👍6🔥4
😈 [ DeLuks @0xDeLuks ]
After a few weeks of work, here it is, the packer blog-post. Enjoy! :D
🔗 https://deluks2006.github.io/posts/snowy-days-and-the-malware-packing-ways/
🐥 [ tweet ]
After a few weeks of work, here it is, the packer blog-post. Enjoy! :D
🔗 https://deluks2006.github.io/posts/snowy-days-and-the-malware-packing-ways/
🐥 [ tweet ]
👍5
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ 𝙻𝚊𝚠𝚛𝚎𝚗𝚌𝚎 @zux0x3a ]
I have finally released ZigStrike toolkit I was working on it, which is written in zig. it comes with several injection methods and neat web portal to select and build desired payload.
give it a try, I used one of its technique to bypass MDE (detailed in a blog).
Blog:
🔗 https://kpmg.com/nl/en/home/insights/2024/12/zig-strike-the-ultimate-toolkit-for-payload-creation-and-evasion.html
Code:
🔗 https://github.com/0xsp-SRD/ZigStrike
🐥 [ tweet ]
I have finally released ZigStrike toolkit I was working on it, which is written in zig. it comes with several injection methods and neat web portal to select and build desired payload.
give it a try, I used one of its technique to bypass MDE (detailed in a blog).
Blog:
🔗 https://kpmg.com/nl/en/home/insights/2024/12/zig-strike-the-ultimate-toolkit-for-payload-creation-and-evasion.html
Code:
🔗 https://github.com/0xsp-SRD/ZigStrike
🐥 [ tweet ]
👍11🔥5
😈 [ TrustedSec @TrustedSec ]
For the next installment in his malware blog series, Principal Security Consultant @_snus walks us through using shared memory sections to inject and execute code in a remote process. Read it now!
🔗 https://trustedsec.com/blog/malware-series-process-injection-mapped-sections/
🐥 [ tweet ]
For the next installment in his malware blog series, Principal Security Consultant @_snus walks us through using shared memory sections to inject and execute code in a remote process. Read it now!
🔗 https://trustedsec.com/blog/malware-series-process-injection-mapped-sections/
🐥 [ tweet ]
🔥4👍2
😈 [ Jonathan Beierle @hullabrian ]
This is some research that @_logangoins and I have been working on! It covers disabling EDR with WDAC and provides an overview of potential detection and mitigation techniques, as well as a custom tool to perform the attack remotely.
🔗 https://beierle.win/2024-12-20-Weaponizing-WDAC-Killing-the-Dreams-of-EDR/
🐥 [ tweet ]
This is some research that @_logangoins and I have been working on! It covers disabling EDR with WDAC and provides an overview of potential detection and mitigation techniques, as well as a custom tool to perform the attack remotely.
🔗 https://beierle.win/2024-12-20-Weaponizing-WDAC-Killing-the-Dreams-of-EDR/
🐥 [ tweet ]
🔥10👍3