😈 [ MANSK1ES @mansk1es ]
Check out my new blog post, "Weaponizing Background Images for Information Disclosure and LPE" where I walk through the AnyDesk vuln I found a few months ago (CVE-2024-12754/ZDI-24-1711):
🔗 https://mansk1es.gitbook.io/AnyDesk_CVE-2024-12754
🐥 [ tweet ]
Check out my new blog post, "Weaponizing Background Images for Information Disclosure and LPE" where I walk through the AnyDesk vuln I found a few months ago (CVE-2024-12754/ZDI-24-1711):
🔗 https://mansk1es.gitbook.io/AnyDesk_CVE-2024-12754
🐥 [ tweet ]
🔥3
Forwarded from Ralf Hacker Channel (Ralf Hacker)
Простая реализация
https://gist.github.com/S3cur3Th1sSh1t/8294ec59d1ef38cba661697edcfacb9b
#soft #ad #pentest #redteam #dev
ts::multirdphttps://gist.github.com/S3cur3Th1sSh1t/8294ec59d1ef38cba661697edcfacb9b
#soft #ad #pentest #redteam #dev
👍6🥱2
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ Wietze @Wietze ]
🚀 Today I'm launching ArgFuscator: an open-source platform documenting command-line obfuscation tricks AND letting you generate your own
🔥 68 executables supported out of the box - use right away, make tweaks, or create your own
👉 Now available at
🔗 http://argfuscator.net
🐥 [ tweet ]
🚀 Today I'm launching ArgFuscator: an open-source platform documenting command-line obfuscation tricks AND letting you generate your own
🔥 68 executables supported out of the box - use right away, make tweaks, or create your own
👉 Now available at
🔗 http://argfuscator.net
🐥 [ tweet ]
🔥10🥱4👍2🤔2
Offensive Xwitter
😈 [ MANSK1ES @mansk1es ] Check out my new blog post, "Weaponizing Background Images for Information Disclosure and LPE" where I walk through the AnyDesk vuln I found a few months ago (CVE-2024-12754/ZDI-24-1711): 🔗 https://mansk1es.gitbook.io/AnyDesk_CVE…
😈 [ CICADA8Research @CICADA8Research ]
Hi friends, Recently @mansk1es presented his research about LPE in AnyDesk (CVE-2024-12754). Our team developed a POC on this vulnerability😀
Check it here:
🔗 https://github.com/CICADA8-Research/Penetration/tree/main/POCs/CVE-2024-12754
🐥 [ tweet ]
Hi friends, Recently @mansk1es presented his research about LPE in AnyDesk (CVE-2024-12754). Our team developed a POC on this vulnerability😀
Check it here:
🔗 https://github.com/CICADA8-Research/Penetration/tree/main/POCs/CVE-2024-12754
🐥 [ tweet ]
🔥11👍3🤔1
😈 [ Bobby Cooke @0xBoku ]
🔪Open-sourcing 💀StringReaper BOF!
I've had great success in engagements carving credentials out of remote process memory with this BOF
🔗 https://github.com/boku7/StringReaper
🐥 [ tweet ]
🔪Open-sourcing 💀StringReaper BOF!
I've had great success in engagements carving credentials out of remote process memory with this BOF
🔗 https://github.com/boku7/StringReaper
🐥 [ tweet ]
😈 [ eversinc33 🤍🔪⋆。˚ ⋆ @eversinc33 ]
@0xBoku recent unhooking bof reminded of this fun trick on how to unhook any windows DLL without opening a handle to an on disk file - just download it from the MS symbol server and replace in memory :3
🔗 https://gist.github.com/eversinc33/86b4d1d71748a55efceb69a4f18f4d1d
🐥 [ tweet ]
@0xBoku recent unhooking bof reminded of this fun trick on how to unhook any windows DLL without opening a handle to an on disk file - just download it from the MS symbol server and replace in memory :3
🔗 https://gist.github.com/eversinc33/86b4d1d71748a55efceb69a4f18f4d1d
🐥 [ tweet ]
👍5
😈 [ Chetan Nayak (Brute Ratel C4 Author) @NinjaParanoid ]
BOF Development is in full flow at Dark Vortex. Multiple new standalone BOFs have been added and ported from various open source projects to BRC4-BOF-Artillery git-repo. New ones are mentioned in the commits. More crazy updates are on the way...
🔗 https://github.com/paranoidninja/BRC4-BOF-Artillery
🐥 [ tweet ]
BOF Development is in full flow at Dark Vortex. Multiple new standalone BOFs have been added and ported from various open source projects to BRC4-BOF-Artillery git-repo. New ones are mentioned in the commits. More crazy updates are on the way...
🔗 https://github.com/paranoidninja/BRC4-BOF-Artillery
🐥 [ tweet ]
👍10🔥2
😈 [ n00py @n00py1 ]
ESC15 Manual Exploitation
🔗 https://www.mannulinux.org/2025/02/Curious-case-of-AD-CS-ESC15-vulnerable-instance-and-its-manual-exploitation.html
🐥 [ tweet ]
ESC15 Manual Exploitation
🔗 https://www.mannulinux.org/2025/02/Curious-case-of-AD-CS-ESC15-vulnerable-instance-and-its-manual-exploitation.html
🐥 [ tweet ]
👍5🔥4
😈 [ vx-underground @vxunderground ]
🔗 https://vx-api.gitbook.io/vx-api/my-projects/jeff-com-only-keylogger
🐥 [ tweet ]
Hi,
Just wrote a keylogger that uses ONLY the Windows COM (Component Object Model). The only WINAPI functions it has is GetModuleHandleW (could be replaced with a custom implemented to remove the function invocation), and GetConsoleWindow (forwards to actual SYSCALLs, can't strip it out).
Everything else is pure suffering. It is an abomination.
I'll be releasing it later once I clean up the code. It's a cool little proof-of-concept.
What should I name this thing?
-smelly smellington
🔗 https://vx-api.gitbook.io/vx-api/my-projects/jeff-com-only-keylogger
🐥 [ tweet ]
👍2🔥2
😈 [ CodeX @codex_tf2 ]
Releasing WebcamBOF📸
Webcam capture capability for Cobalt Strike as a BOF, with in-memory download options (as a file or screenshot). USB webcams supported (at least mine is)
Remind me never to use the MF API in BOFs again😭
(god i hate this codebase)
🔗 https://github.com/CodeXTF2/WebcamBOF
🐥 [ tweet ]
Releasing WebcamBOF📸
Webcam capture capability for Cobalt Strike as a BOF, with in-memory download options (as a file or screenshot). USB webcams supported (at least mine is)
Remind me never to use the MF API in BOFs again😭
(god i hate this codebase)
🔗 https://github.com/CodeXTF2/WebcamBOF
🐥 [ tweet ]
👍4
Offensive Xwitter
😈 [ Daniel @0x64616e ] My current understanding of Kerberos Relaying 🐥 [ tweet ]
😈 [ CICADA8Research @CICADA8Research ]
Hello friends! There is a lot of information about Kerberos Relay out and it is easy to get confused! That's why we have created a small MindMap to help you understand Kerberos Relay
U can find PDF/HTML/PNG version here:
🔗 https://github.com/CICADA8-Research/Penetration/tree/main/KrbRelay%20MindMap
🐥 [ tweet ]
Hello friends! There is a lot of information about Kerberos Relay out and it is easy to get confused! That's why we have created a small MindMap to help you understand Kerberos Relay
U can find PDF/HTML/PNG version here:
🔗 https://github.com/CICADA8-Research/Penetration/tree/main/KrbRelay%20MindMap
🐥 [ tweet ]
👍9🔥4🤔1
😈 [ Ellis Springe @knavesec ]
Dropping a one-off noscript to pull arbitrary AD attributes from ADExplorer snapshots. @0xBoku and I used this on a recent op to pull custom attributes that listed Computer objects owned by specific users so we could correlate high-value targets to systems:
🔗 https://github.com/c3c/ADExplorerSnapshot.py/pull/66
🐥 [ tweet ]
Dropping a one-off noscript to pull arbitrary AD attributes from ADExplorer snapshots. @0xBoku and I used this on a recent op to pull custom attributes that listed Computer objects owned by specific users so we could correlate high-value targets to systems:
🔗 https://github.com/c3c/ADExplorerSnapshot.py/pull/66
🐥 [ tweet ]
🔥3
😈 [ RedTeam Pentesting @RedTeamPT ]
🎉 We've just released 🔐 keycred 🎉
A cross-platform tool for handling Active Directory Shadow Credentials/msDS-KeyCredentialLink 🔑.
It supports UnPAC-the-Hash/PKINIT, Pass-the-Cert, Channel Binding and more 💪🚀
🔥 Get it while it's still hot! 🔥
🔗 https://github.com/RedTeamPentesting/keycred
🐥 [ tweet ]
🎉 We've just released 🔐 keycred 🎉
A cross-platform tool for handling Active Directory Shadow Credentials/msDS-KeyCredentialLink 🔑.
It supports UnPAC-the-Hash/PKINIT, Pass-the-Cert, Channel Binding and more 💪🚀
🔥 Get it while it's still hot! 🔥
🔗 https://github.com/RedTeamPentesting/keycred
🐥 [ tweet ]
👍8🥱6
😈 [ Synacktiv @Synacktiv ]
In our latest article, @l4x4 revisits the secretsdump implementation, offering an alternative avoiding reg save and eliminates writing files to disk, significantly reducing the likelihood of triggering security alerts. Read the details at .
🔗 https://www.synacktiv.com/publications/lsa-secrets-revisiting-secretsdump
🐥 [ tweet ]
In our latest article, @l4x4 revisits the secretsdump implementation, offering an alternative avoiding reg save and eliminates writing files to disk, significantly reducing the likelihood of triggering security alerts. Read the details at .
🔗 https://www.synacktiv.com/publications/lsa-secrets-revisiting-secretsdump
🐥 [ tweet ]
🥱4🔥3
😈 [ TrustedSec @TrustedSec ]
In our new #blog, Senior Research Analyst @codewhisperer84 unveils his new tool DIT Explorer which he created after researching NTDS.dit files on Active Directory. Read part one of this series now to find out what this tool can do!
🔗 https://trustedsec.com/blog/exploring-ntds-dit-part-1-cracking-the-surface-with-dit-explorer
🐥 [ tweet ]
In our new #blog, Senior Research Analyst @codewhisperer84 unveils his new tool DIT Explorer which he created after researching NTDS.dit files on Active Directory. Read part one of this series now to find out what this tool can do!
🔗 https://trustedsec.com/blog/exploring-ntds-dit-part-1-cracking-the-surface-with-dit-explorer
🐥 [ tweet ]
👍3🥱3
😈 [ Orange Cyberdefense Switzerland @orangecyberch ]
💻🛡️In this blog post, Clément Labro explains how he developed a tool that lets you run Powershell without the various system protections.
👉 Discover this article on our blog:
🔗 https://blog.scrt.ch/2025/02/18/reinventing-powershell-in-c-c
🐥 [ tweet ]
💻🛡️In this blog post, Clément Labro explains how he developed a tool that lets you run Powershell without the various system protections.
👉 Discover this article on our blog:
🔗 https://blog.scrt.ch/2025/02/18/reinventing-powershell-in-c-c
🐥 [ tweet ]
👍5🥱3🔥2
DFS Targets & Links
Чтобы не делать так:
🔗 https://ppn.snovvcra.sh/pentest/infrastructure/ad/post-exploitation#locate-dfs-targets
Теперь можно делать так:
🔗 https://github.com/c3c/ADExplorerSnapshot.py/pull/67
Чтобы не делать так:
🔗 https://ppn.snovvcra.sh/pentest/infrastructure/ad/post-exploitation#locate-dfs-targets
Теперь можно делать так:
🔗 https://github.com/c3c/ADExplorerSnapshot.py/pull/67
🔥7
😈 [ Octoberfest7 @Octoberfest73 ]
Really cool repo I came across that reverses/reimplements LoadLibrary. Very useful to have a chart / code depicting what all happens and when
🔗 https://github.com/paskalian/WID_LoadLibrary
🐥 [ tweet ]
Really cool repo I came across that reverses/reimplements LoadLibrary. Very useful to have a chart / code depicting what all happens and when
🔗 https://github.com/paskalian/WID_LoadLibrary
🐥 [ tweet ]
😈 [ Rtl Dallas @RtlDallas ]
New update for Draugr! 🙂
Now supports indirect syscalls with a synthetic stack frame. I’ve removed Draugr-Strike and replaced it with Cobalt Strike's process injection kit (Thread Spoof or Early Bird) using indirect syscalls and a synthetic stack frame.
🔗 https://github.com/NtDallas/Draugr
🐥 [ tweet ]
New update for Draugr! 🙂
Now supports indirect syscalls with a synthetic stack frame. I’ve removed Draugr-Strike and replaced it with Cobalt Strike's process injection kit (Thread Spoof or Early Bird) using indirect syscalls and a synthetic stack frame.
🔗 https://github.com/NtDallas/Draugr
🐥 [ tweet ]
😁2
😈 [ 0SKR @saab_sec ]
❗ Blog Alert ❗
🔴 Introducing a thread hijacking ttp variant called Phantom call.
🔴 Discussion on effect of stack alignment on SIM instructions/registers.
🔴 In depth analysis of Win32 api
🔴 Weaponizing
🔗 https://sabotagesec.com/thread-hijacking-iceberg-deep-dive-into-phantom-call-rtlremotecall/
🐥 [ tweet ]
❗ Blog Alert ❗
🔴 Introducing a thread hijacking ttp variant called Phantom call.
🔴 Discussion on effect of stack alignment on SIM instructions/registers.
🔴 In depth analysis of Win32 api
RtlRemoteCall🔴 Weaponizing
RtlRemoteCall🔗 https://sabotagesec.com/thread-hijacking-iceberg-deep-dive-into-phantom-call-rtlremotecall/
🐥 [ tweet ]
🔥7👍4🤯4