😈 [ MrAle98 @MrAle_98 ]
Hey there,
Finally published the article on the exploit for CVE-2025-21333-POC exploit.
Here the link to the article:
🔗 https://medium.com/@ale18109800/cve-2025-21333-windows-heap-based-buffer-overflow-analysis-d1b597ae4bae
🐥 [ tweet ]
Hey there,
Finally published the article on the exploit for CVE-2025-21333-POC exploit.
Here the link to the article:
🔗 https://medium.com/@ale18109800/cve-2025-21333-windows-heap-based-buffer-overflow-analysis-d1b597ae4bae
🐥 [ tweet ]
🔥8
😈 [ Oddvar Moe @Oddvarmoe ]
TIL, the attribute userWorkstations is still in play in modern windows 🤯
If you set the attribute on a user to something random the user cannot login to the computers anymore. Need privs to adjust, but I can see potential when you want to lock someone out for a while
🐥 [ tweet ]
TIL, the attribute userWorkstations is still in play in modern windows 🤯
If you set the attribute on a user to something random the user cannot login to the computers anymore. Need privs to adjust, but I can see potential when you want to lock someone out for a while
🐥 [ tweet ]
👍15😁4🤔4
😈 [ c0rnbread @0xC0rnbread ]
Today I'm releasing Xenon, a custom Mythic agent for Windows targets written in C.
Notable features include:
📁 Modular command/code inclusion
🦠 Malleable C2 Profile support
🪨 Compatible with Cobalt Strike BOFs
🔗 https://github.com/MythicAgents/Xenon
Blog series:
🔗 https://c0rnbread.com/creating-mythic-c2-agent-part1/
🐥 [ tweet ]
Today I'm releasing Xenon, a custom Mythic agent for Windows targets written in C.
Notable features include:
📁 Modular command/code inclusion
🦠 Malleable C2 Profile support
🪨 Compatible with Cobalt Strike BOFs
🔗 https://github.com/MythicAgents/Xenon
Blog series:
🔗 https://c0rnbread.com/creating-mythic-c2-agent-part1/
🐥 [ tweet ]
👍6
😈 [ Andrea Pierini @decoder_it ]
KrbRelayEx-RPC tool is out! 🎉
Intercepts ISystemActivator requests, extracts Kerberos AP-REQ & dynamic port bindings and relays the AP-REQ to access SMB shares or HTTP ADCS, all fully transparent to the victim ;)
🔗 https://github.com/decoder-it/KrbRelayEx-RPC
🐥 [ tweet ]
KrbRelayEx-RPC tool is out! 🎉
Intercepts ISystemActivator requests, extracts Kerberos AP-REQ & dynamic port bindings and relays the AP-REQ to access SMB shares or HTTP ADCS, all fully transparent to the victim ;)
🔗 https://github.com/decoder-it/KrbRelayEx-RPC
🐥 [ tweet ]
🔥10🥱1
😈 [ Thomas Seigneuret @_zblurx ]
Fear no more for LDAP Signing and Channel binding with Impacket based tools 😎
🔗 https://github.com/fortra/impacket/pull/1919
🐥 [ tweet ]
Fear no more for LDAP Signing and Channel binding with Impacket based tools 😎
🔗 https://github.com/fortra/impacket/pull/1919
🐥 [ tweet ]
🤔3👍2😁2
😈 [ 5pider @C5pider ]
spend some time rewriting stardust to be more minimalist and easier to use! I needed a generic minimal shellcode template that works for both x86 and x64 out of the box so I rewrote stardust to do so.
It is now written in C++20 and utilizing some of its language features. The template can be used to easily write shellcode fast in a more modern and less painful way.
The project can be compiled in release or debug mode, where as debug mode will just allow the use of DBG_PRINTF, which calls DbgPrint under the hood to print out strings to the currently attached debugger.
There are more things i have added so consider checking it out. I removed global variable access since i no longer use it nor require it (went for diff design heh). If u still need that feature I would recommend to change the branch to "globals-support" where the old version is hosted.
🔗 https://github.com/Cracked5pider/Stardust
🐥 [ tweet ]
spend some time rewriting stardust to be more minimalist and easier to use! I needed a generic minimal shellcode template that works for both x86 and x64 out of the box so I rewrote stardust to do so.
It is now written in C++20 and utilizing some of its language features. The template can be used to easily write shellcode fast in a more modern and less painful way.
The project can be compiled in release or debug mode, where as debug mode will just allow the use of DBG_PRINTF, which calls DbgPrint under the hood to print out strings to the currently attached debugger.
There are more things i have added so consider checking it out. I removed global variable access since i no longer use it nor require it (went for diff design heh). If u still need that feature I would recommend to change the branch to "globals-support" where the old version is hosted.
🔗 https://github.com/Cracked5pider/Stardust
🐥 [ tweet ]
👍2
😈 [ Bobby Cooke @0xBoku ]
Loki C2 blog drop! Thank you for all those who helped and all the support from the community. Big shoutout to @d_tranman and @chompie1337 for all their contributions to Loki C2! @IBM @IBMSecurity @XForce
🔗 https://securityintelligence.com/x-force/bypassing-windows-defender-application-control-loki-c2/
🐥 [ tweet ]
Loki C2 blog drop! Thank you for all those who helped and all the support from the community. Big shoutout to @d_tranman and @chompie1337 for all their contributions to Loki C2! @IBM @IBMSecurity @XForce
🔗 https://securityintelligence.com/x-force/bypassing-windows-defender-application-control-loki-c2/
🐥 [ tweet ]
👍5
Offensive Xwitter
Мир, труд, май и PHDays 2025 (22–24 мая) Грядущий ПэХэДэйз будет особенным, ведь в довесок ко всем стандартным вкусностям в виде докладов, наливайки и нетворкинга с коллегами вас ждет порция хардкор-стайл материала для Offense-трека, где мы (a.k.a. 🟥 SWARM)…
FYI, в этом году мы сотрудничаем с тремя фондами — «Подари Жизнь», «Улица Мира» и «Старость в радость» — и все средства, вырученные от продажи билетов, идут на благотворительность.
Проходка на закрытую часть феста🟰 пожертвование от 1.5к:
🔗 https://phdays.com/ru/
Проходка на закрытую часть феста
🔗 https://phdays.com/ru/
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥8👍5🥱4
😈 [ NetSPI @NetSPI ]
Beacon Object Files (BOFs) in C2 platforms limit developers.
Read NetSPI's blog post to explore a reference design for a new BOF portable executable (PE) concept that bridges the gap between modern C++ development and memory-executable C2 integration.
🔗 https://www.netspi.com/blog/technical-blog/network-pentesting/the-future-of-beacon-object-files/
🐥 [ tweet ]
Beacon Object Files (BOFs) in C2 platforms limit developers.
Read NetSPI's blog post to explore a reference design for a new BOF portable executable (PE) concept that bridges the gap between modern C++ development and memory-executable C2 integration.
🔗 https://www.netspi.com/blog/technical-blog/network-pentesting/the-future-of-beacon-object-files/
🐥 [ tweet ]
😈 [ Daniel @0x64616e ]
You can relay a user to LDAP that has WriteDacl/GenericAll on a valuable object but you can't use ShadowCredentials? Fear no more! You can now use "gain_fullcontrol" in ntlmrelayx ldapshell to give your account control over that object.
🔗 https://github.com/fortra/impacket/pull/1927
🐥 [ tweet ]
You can relay a user to LDAP that has WriteDacl/GenericAll on a valuable object but you can't use ShadowCredentials? Fear no more! You can now use "gain_fullcontrol" in ntlmrelayx ldapshell to give your account control over that object.
🔗 https://github.com/fortra/impacket/pull/1927
🐥 [ tweet ]
👍6🔥3
😈 [ Wietze @Wietze ]
By making minor changes to command-line arguments, it is possible to bypass EDR/AV detections.
My research, comprising ~70 Windows executables, found that all of them were vulnerable to this, to varying degrees.
Here’s what I found and why it matters:
🔗 https://wietze.github.io/blog/bypassing-detections-with-command-line-obfuscation
🐥 [ tweet ]
By making minor changes to command-line arguments, it is possible to bypass EDR/AV detections.
My research, comprising ~70 Windows executables, found that all of them were vulnerable to this, to varying degrees.
Here’s what I found and why it matters:
🔗 https://wietze.github.io/blog/bypassing-detections-with-command-line-obfuscation
🐥 [ tweet ]
🔥23🥱6😁3
😈 [ bohops @bohops ]
This ended up being a great applied research project with @d_tranman on weaponizing a technique for fileless DCOM lateral movement based on the original work of @tiraniddo. Excellent work, Dylan!
Blog:
🔗 https://www.ibm.com/think/news/fileless-lateral-movement-trapped-com-objects
PoC:
🔗 https://github.com/xforcered/ForsHops
🐥 [ tweet ][ quote ]
This ended up being a great applied research project with @d_tranman on weaponizing a technique for fileless DCOM lateral movement based on the original work of @tiraniddo. Excellent work, Dylan!
Blog:
🔗 https://www.ibm.com/think/news/fileless-lateral-movement-trapped-com-objects
PoC:
🔗 https://github.com/xforcered/ForsHops
🐥 [ tweet ][ quote ]
👍3🥱2
😈 [ Craig Rowland - Agentless Linux Security @CraigHRowland ]
This new Linux noscript from THC will encrypt and obfuscate any executable or noscript to hide from on-disk detection:
🔗 https://github.com/hackerschoice/bincrypter
I'm going to show you how to detect it with command line tools in this thread:
🔗 https://threadreaderapp.com/thread/1905052948935377402.html
🐥 [ tweet ]
This new Linux noscript from THC will encrypt and obfuscate any executable or noscript to hide from on-disk detection:
🔗 https://github.com/hackerschoice/bincrypter
I'm going to show you how to detect it with command line tools in this thread:
🔗 https://threadreaderapp.com/thread/1905052948935377402.html
🐥 [ tweet ]
🔥12👍3🥱2
😈 [ Oddvar Moe @Oddvarmoe ]
Many people wanted my slides from the Windows Client Privilege Escalation webinar yesterday.
Here are links to the slides and the recording of the webinar.
Slides:
🔗 https://www.slideshare.net/slideshow/windows-client-privilege-escalation-shared-pptx/277239036
Recording:
🔗 https://youtu.be/EG2Mbw2DVnU?si=rlx-GG2QMQpIxQYi
🐥 [ tweet ]
Many people wanted my slides from the Windows Client Privilege Escalation webinar yesterday.
Here are links to the slides and the recording of the webinar.
Slides:
🔗 https://www.slideshare.net/slideshow/windows-client-privilege-escalation-shared-pptx/277239036
Recording:
🔗 https://youtu.be/EG2Mbw2DVnU?si=rlx-GG2QMQpIxQYi
🐥 [ tweet ]
👍7🔥5
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ Duncan Ogilvie 🍍 @mrexodia ]
Success! Claude 3.7 with my IDA Pro MCP server managed to solve the crackme that was previously failing🦾
The trick was adding a convert_number tool and stress to always use it for conversions. It took ~7 minutes to run and the cost was $1.85. Also includes an analysis report.
🔗 https://github.com/mrexodia/ida-pro-mcp
🐥 [ tweet ]
Success! Claude 3.7 with my IDA Pro MCP server managed to solve the crackme that was previously failing🦾
The trick was adding a convert_number tool and stress to always use it for conversions. It took ~7 minutes to run and the cost was $1.85. Also includes an analysis report.
🔗 https://github.com/mrexodia/ida-pro-mcp
🐥 [ tweet ]
рип цтфы категории пвн👍7😁4🤯3🔥1
😈 [ Yehuda Smirnov @yudasm_ ]
Excited to release a tool I've been working on lately: ShareFiltrator
ShareFiltrator finds credentials exposed in SharePoint/OneDrive via the Search API (_api/search/query) and also automates mass downloading of the discovered items.
Blog:
🔗 https://blog.fndsec.net/2025/04/02/breaking-down-sharepoint-walls/
Code:
🔗 https://github.com/Friends-Security/sharefiltrator
🐥 [ tweet ]
Excited to release a tool I've been working on lately: ShareFiltrator
ShareFiltrator finds credentials exposed in SharePoint/OneDrive via the Search API (_api/search/query) and also automates mass downloading of the discovered items.
Blog:
🔗 https://blog.fndsec.net/2025/04/02/breaking-down-sharepoint-walls/
Code:
🔗 https://github.com/Friends-Security/sharefiltrator
🐥 [ tweet ]
👍11😁1
Offensive Xwitter
😈 [ Bobby Cooke @0xBoku ] Loki C2 blog drop! Thank you for all those who helped and all the support from the community. Big shoutout to @d_tranman and @chompie1337 for all their contributions to Loki C2! @IBM @IBMSecurity @XForce 🔗 https://securityintelligence.com/x…
😈 [ Bobby Cooke @0xBoku ]
As promised... this is Loki Command & Control! 🧙♂️🔮🪄
Thanks to @d_tranman for his work done on the project and everyone else on the team for making this release happen!
🔗 https://github.com/boku7/Loki
🐥 [ tweet ]
As promised... this is Loki Command & Control! 🧙♂️🔮🪄
Thanks to @d_tranman for his work done on the project and everyone else on the team for making this release happen!
🔗 https://github.com/boku7/Loki
🐥 [ tweet ]
👍6
😈 [ ippsec @ippsec ]
After using Python for so long, I've been trying to switch to GoLang over the last two years just to try something new. I'm finally somewhat confident in being able to write I'd try to create a video series to help others. This is the first video:
🔗 https://youtu.be/uJFW4c4QE0U
🐥 [ tweet ]
After using Python for so long, I've been trying to switch to GoLang over the last two years just to try something new. I'm finally somewhat confident in being able to write I'd try to create a video series to help others. This is the first video:
🔗 https://youtu.be/uJFW4c4QE0U
🐥 [ tweet ]
👍12🔥2🥱2