😈 [ klez @KlezVirus ]
For anyone curious, the OffensiveX talk on RpcInvoke is out now! Fair warning: the content’s solid, but the presenter might have a few bugs of its own. 😅
🔗 https://www.youtube.com/watch?v=HxtUiJcItDE
🐥 [ tweet ]
For anyone curious, the OffensiveX talk on RpcInvoke is out now! Fair warning: the content’s solid, but the presenter might have a few bugs of its own. 😅
🔗 https://www.youtube.com/watch?v=HxtUiJcItDE
🐥 [ tweet ]
YouTube
OFFENSIVEX 2024 - Alessandro Magnosi - RPC Abuse: Exploiting Server Calls for Code Execution
Original Title: Unraveling the RPC Thread: How Attackers Abuse Server Calls for Code Execution.
😈 [ x86matthew @x86matthew ]
I created a hypervisor-based emulator for Windows x64 binaries. This project uses Windows Hypervisor Platform to build a virtualized user-mode environment, allowing syscalls and memory accesses to be logged or intercepted.
Blog:
🔗 https://www.elastic.co/security-labs/winvisor-hypervisor-based-emulator
Code:
🔗 https://github.com/x86matthew/WinVisor
🐥 [ tweet ]
I created a hypervisor-based emulator for Windows x64 binaries. This project uses Windows Hypervisor Platform to build a virtualized user-mode environment, allowing syscalls and memory accesses to be logged or intercepted.
Blog:
🔗 https://www.elastic.co/security-labs/winvisor-hypervisor-based-emulator
Code:
🔗 https://github.com/x86matthew/WinVisor
🐥 [ tweet ]
🔥9👍2
😈 [ Rad @rad9800 ]
Wrote a short blog post on:
- ETW Threat Intelligence generated by SetThreadContext (hardware breakpoints)
- Kernel debugging and reversing
- Setting HWBPs in a more "stealthy" manner (not the same ETW TI events generated - no detections)
Check it out:
🔗 https://www.praetorian.com/blog/etw-threat-intelligence-and-hardware-breakpoints/
🐥 [ tweet ]
Wrote a short blog post on:
- ETW Threat Intelligence generated by SetThreadContext (hardware breakpoints)
- Kernel debugging and reversing
- Setting HWBPs in a more "stealthy" manner (not the same ETW TI events generated - no detections)
Check it out:
🔗 https://www.praetorian.com/blog/etw-threat-intelligence-and-hardware-breakpoints/
🐥 [ tweet ]
👍2
😈 [ HackerRalf @hacker_ralf ]
This is C2 I decided to write publicly. If you are interested, I hope for feedback)
🔗 https://adaptix-framework.gitbook.io/adaptix-framework
I am fixing version 0.1 ...
🐥 [ tweet ]
This is C2 I decided to write publicly. If you are interested, I hope for feedback)
🔗 https://adaptix-framework.gitbook.io/adaptix-framework
I am fixing version 0.1 ...
🐥 [ tweet ]
🔥17👍3
😈 [ hasherezade @hasherezade ]
In case if you wonder what broke #ProcessHollowing on Windows 11 24H2, I have something for you:
🔗 https://hshrzd.wordpress.com/2025/01/27/process-hollowing-on-windows-11-24h2/
🐥 [ tweet ]
In case if you wonder what broke #ProcessHollowing on Windows 11 24H2, I have something for you:
🔗 https://hshrzd.wordpress.com/2025/01/27/process-hollowing-on-windows-11-24h2/
🐥 [ tweet ]
🔥5
😈 [ Elastic Security Labs @elasticseclabs ]
We’re adding a new section to @elastic’s HackerOne Bounty Program! Today, we’re opening our SIEM and EDR rules for testing. We’re excited to have another way to thank our community for their efforts on our #detectionengineering. Get more details here:
🔗 https://www.elastic.co/security-labs/behavior-rule-bug-bounty
🐥 [ tweet ]
We’re adding a new section to @elastic’s HackerOne Bounty Program! Today, we’re opening our SIEM and EDR rules for testing. We’re excited to have another way to thank our community for their efforts on our #detectionengineering. Get more details here:
🔗 https://www.elastic.co/security-labs/behavior-rule-bug-bounty
🐥 [ tweet ]
замануха уровня 500 IQ лол👍8😁7
😈 [ silentwarble @silentwarble ]
Stumbled across this. Really nicely organized anti-debugging techniques for malware dev or otherwise.
🔗 https://anti-debug.checkpoint.com/
🐥 [ tweet ]
Stumbled across this. Really nicely organized anti-debugging techniques for malware dev or otherwise.
🔗 https://anti-debug.checkpoint.com/
🐥 [ tweet ]
🥱6
😈 [ Tim Willis @itswillis ]
Two new posts from @tiraniddo today.
On reviving a memory trapping primitive from his 2021 post:
🔗 https://googleprojectzero.blogspot.com/2025/01/windows-exploitation-tricks-trapping.html
Where he shares a bug class and demonstrates how you can get a COM object trapped in a more privileged process:
🔗 https://googleprojectzero.blogspot.com/2025/01/windows-bug-class-accessing-trapped-com.html
Happy Reading! 📚
🐥 [ tweet ]
Two new posts from @tiraniddo today.
On reviving a memory trapping primitive from his 2021 post:
🔗 https://googleprojectzero.blogspot.com/2025/01/windows-exploitation-tricks-trapping.html
Where he shares a bug class and demonstrates how you can get a COM object trapped in a more privileged process:
🔗 https://googleprojectzero.blogspot.com/2025/01/windows-bug-class-accessing-trapped-com.html
Happy Reading! 📚
🐥 [ tweet ]
👍7🔥1
Forwarded from s0i37_channel
Однажды в голову мне пришла идея разработать немного-немало свой собственный google. Чтоб его можно было запустить в локальной сети и отыскать там любые секреты где нибудь в глубине публичных сетевых дисков, ftp или вебе. И что бы такая система понимала не только текстовые файлы, но и офисные документы, архивы, исполняемые файлы, картинки, звук, словом всё что только может прийти в голову и что нельзя искать простым текстовым поиском.
Интернет сегодня нельзя представить без поисковика, но почему в локальной сети иная картина? Ведь как известно общедоступные ресурсы это вечная головная боль всех админов, а для пентестеров их анализ слишком дорогостоящая по времени работа.
Разработать в одиночку и за умеренное время собственный аналог google непростая задача. К решению данной проблемы я пытался подойти с разных сторон и за всё время два или три раза полностью переписывал всю систему с нуля. Но в итоге мне удалось найти очень простое и элегантное решение, почти не требующее кодинг - создать систему построенную из готовых компонентов (GNU), легко масштабируемую и также легко внедряемую (docker). Да ещё и понимающую google дорки (opensearch).
Такая система может быть одинаково полезна как пентестерам когда перед тобой сотни шар, так и защитникам - ведь систему можно настроить на непрерывный регулярный краулинг всех общедоступных ресурсов.
В статье https://habr.com/ru/companies/ussc/articles/878340/ я детально описываю идею моей системы, её несложную логику работы а так же настройку и примеры использования.
Интернет сегодня нельзя представить без поисковика, но почему в локальной сети иная картина? Ведь как известно общедоступные ресурсы это вечная головная боль всех админов, а для пентестеров их анализ слишком дорогостоящая по времени работа.
Разработать в одиночку и за умеренное время собственный аналог google непростая задача. К решению данной проблемы я пытался подойти с разных сторон и за всё время два или три раза полностью переписывал всю систему с нуля. Но в итоге мне удалось найти очень простое и элегантное решение, почти не требующее кодинг - создать систему построенную из готовых компонентов (GNU), легко масштабируемую и также легко внедряемую (docker). Да ещё и понимающую google дорки (opensearch).
Такая система может быть одинаково полезна как пентестерам когда перед тобой сотни шар, так и защитникам - ведь систему можно настроить на непрерывный регулярный краулинг всех общедоступных ресурсов.
В статье https://habr.com/ru/companies/ussc/articles/878340/ я детально описываю идею моей системы, её несложную логику работы а так же настройку и примеры использования.
Хабр
Свой Google в локалке. Ищем иголку в стоге сена
В статье мы разработаем свой собственный Google, который можно будет запустить в любой локальной сети как атакующим, что ищут пароли, так и защитникам, которым небезразлична безопасность их родной...
👍10🍌2
😈 [ serioton @seriotonctf ]
Just updated my NetExec cheatsheet. Added some new commands and tweaks. It includes the commands I use when working on HackTheBox and Vulnlab machines
🔗 https://github.com/seriotonctf/cme-nxc-cheat-sheet
🐥 [ tweet ]
Just updated my NetExec cheatsheet. Added some new commands and tweaks. It includes the commands I use when working on HackTheBox and Vulnlab machines
🔗 https://github.com/seriotonctf/cme-nxc-cheat-sheet
🐥 [ tweet ]
👍12🥱4
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ ProjectDiscovery @pdiscoveryio ]
Replace request headers from your terminal with Proxify by ProjectDiscovery!
⌨️
Check it out 👆
🐥 [ tweet ]
Replace request headers from your terminal with Proxify by ProjectDiscovery!
⌨️
proxify -req-mrd "replace_regex(request, 'User-Agent: .*', 'User-Agent: <YOUR-PAYLOAD>')"
Check it out 👆
🐥 [ tweet ]
🥱13👍10
😈 [ RedTeam Pentesting @RedTeamPT ]
The LLMNR response name spoofing pioneered by @tiraniddo and @Synacktiv does not seem to work with mDNS & NetBIOS 😢
But guess what! It works with DNS😯
🥳 Here's the new pretender release supporting Kerberos relaying via DHCPv6-DNS-Takeover: 🎉
🔗 https://github.com/RedTeamPentesting/pretender/releases/tag/v1.3.1
🐥 [ tweet ]
The LLMNR response name spoofing pioneered by @tiraniddo and @Synacktiv does not seem to work with mDNS & NetBIOS 😢
But guess what! It works with DNS😯
🥳 Here's the new pretender release supporting Kerberos relaying via DHCPv6-DNS-Takeover: 🎉
🔗 https://github.com/RedTeamPentesting/pretender/releases/tag/v1.3.1
🐥 [ tweet ]
🔥13👍6🤔1
😈 [ MANSK1ES @mansk1es ]
Check out my new blog post, "Weaponizing Background Images for Information Disclosure and LPE" where I walk through the AnyDesk vuln I found a few months ago (CVE-2024-12754/ZDI-24-1711):
🔗 https://mansk1es.gitbook.io/AnyDesk_CVE-2024-12754
🐥 [ tweet ]
Check out my new blog post, "Weaponizing Background Images for Information Disclosure and LPE" where I walk through the AnyDesk vuln I found a few months ago (CVE-2024-12754/ZDI-24-1711):
🔗 https://mansk1es.gitbook.io/AnyDesk_CVE-2024-12754
🐥 [ tweet ]
🔥3
Forwarded from Ralf Hacker Channel (Ralf Hacker)
Простая реализация
https://gist.github.com/S3cur3Th1sSh1t/8294ec59d1ef38cba661697edcfacb9b
#soft #ad #pentest #redteam #dev
ts::multirdphttps://gist.github.com/S3cur3Th1sSh1t/8294ec59d1ef38cba661697edcfacb9b
#soft #ad #pentest #redteam #dev
👍6🥱2
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ Wietze @Wietze ]
🚀 Today I'm launching ArgFuscator: an open-source platform documenting command-line obfuscation tricks AND letting you generate your own
🔥 68 executables supported out of the box - use right away, make tweaks, or create your own
👉 Now available at
🔗 http://argfuscator.net
🐥 [ tweet ]
🚀 Today I'm launching ArgFuscator: an open-source platform documenting command-line obfuscation tricks AND letting you generate your own
🔥 68 executables supported out of the box - use right away, make tweaks, or create your own
👉 Now available at
🔗 http://argfuscator.net
🐥 [ tweet ]
🔥10🥱4👍2🤔2
Offensive Xwitter
😈 [ MANSK1ES @mansk1es ] Check out my new blog post, "Weaponizing Background Images for Information Disclosure and LPE" where I walk through the AnyDesk vuln I found a few months ago (CVE-2024-12754/ZDI-24-1711): 🔗 https://mansk1es.gitbook.io/AnyDesk_CVE…
😈 [ CICADA8Research @CICADA8Research ]
Hi friends, Recently @mansk1es presented his research about LPE in AnyDesk (CVE-2024-12754). Our team developed a POC on this vulnerability😀
Check it here:
🔗 https://github.com/CICADA8-Research/Penetration/tree/main/POCs/CVE-2024-12754
🐥 [ tweet ]
Hi friends, Recently @mansk1es presented his research about LPE in AnyDesk (CVE-2024-12754). Our team developed a POC on this vulnerability😀
Check it here:
🔗 https://github.com/CICADA8-Research/Penetration/tree/main/POCs/CVE-2024-12754
🐥 [ tweet ]
🔥11👍3🤔1
😈 [ Bobby Cooke @0xBoku ]
🔪Open-sourcing 💀StringReaper BOF!
I've had great success in engagements carving credentials out of remote process memory with this BOF
🔗 https://github.com/boku7/StringReaper
🐥 [ tweet ]
🔪Open-sourcing 💀StringReaper BOF!
I've had great success in engagements carving credentials out of remote process memory with this BOF
🔗 https://github.com/boku7/StringReaper
🐥 [ tweet ]
😈 [ eversinc33 🤍🔪⋆。˚ ⋆ @eversinc33 ]
@0xBoku recent unhooking bof reminded of this fun trick on how to unhook any windows DLL without opening a handle to an on disk file - just download it from the MS symbol server and replace in memory :3
🔗 https://gist.github.com/eversinc33/86b4d1d71748a55efceb69a4f18f4d1d
🐥 [ tweet ]
@0xBoku recent unhooking bof reminded of this fun trick on how to unhook any windows DLL without opening a handle to an on disk file - just download it from the MS symbol server and replace in memory :3
🔗 https://gist.github.com/eversinc33/86b4d1d71748a55efceb69a4f18f4d1d
🐥 [ tweet ]
👍5
😈 [ Chetan Nayak (Brute Ratel C4 Author) @NinjaParanoid ]
BOF Development is in full flow at Dark Vortex. Multiple new standalone BOFs have been added and ported from various open source projects to BRC4-BOF-Artillery git-repo. New ones are mentioned in the commits. More crazy updates are on the way...
🔗 https://github.com/paranoidninja/BRC4-BOF-Artillery
🐥 [ tweet ]
BOF Development is in full flow at Dark Vortex. Multiple new standalone BOFs have been added and ported from various open source projects to BRC4-BOF-Artillery git-repo. New ones are mentioned in the commits. More crazy updates are on the way...
🔗 https://github.com/paranoidninja/BRC4-BOF-Artillery
🐥 [ tweet ]
👍10🔥2