😈 [ Jord @0xLegacyy ]
Blog post is out, BOF coming tomorrow 🐸
🔗 https://www.legacyy.xyz/defenseevasion/windows/2025/04/16/control-flow-hijacking-via-data-pointers.html
BOF is out now, enjoy! 🐸
🔗 https://github.com/iilegacyyii/DataInject-BOF
🐥 [ tweet ][ quote ]
Blog post is out, BOF coming tomorrow 🐸
🔗 https://www.legacyy.xyz/defenseevasion/windows/2025/04/16/control-flow-hijacking-via-data-pointers.html
BOF is out now, enjoy! 🐸
🔗 https://github.com/iilegacyyii/DataInject-BOF
🐥 [ tweet ][ quote ]
🔥9🥱3
😈 [ hasherezade @hasherezade ]
Centralized resource for listing and organizing known injection techniques and POCs:
🔗 https://github.com/itaymigdal/awesome-injection
🐥 [ tweet ][ quote ]
Centralized resource for listing and organizing known injection techniques and POCs:
🔗 https://github.com/itaymigdal/awesome-injection
🐥 [ tweet ][ quote ]
🔥10👍1🤯1
😈 [ Mr.Z @zux0x3a ]
Last night, I made myself busy and revisited some older methods for exploiting tokens in Windows applications shared by @mrd0x couple of years ago. However, I realized that the integration of AI into applications like Notepad presents new opportunities for exploitation. This led me to write a blog post and modify a BOF to tackle the issue.
a compromised Cowriter Bearer token could be leveraged to extract potentially sensitive information.
🔗 https://0xsp.com/offensive/the-hidden-risk-compromising-notepad-cowriters-bearer-tokens/
🐥 [ tweet ]
Last night, I made myself busy and revisited some older methods for exploiting tokens in Windows applications shared by @mrd0x couple of years ago. However, I realized that the integration of AI into applications like Notepad presents new opportunities for exploitation. This led me to write a blog post and modify a BOF to tackle the issue.
a compromised Cowriter Bearer token could be leveraged to extract potentially sensitive information.
🔗 https://0xsp.com/offensive/the-hidden-risk-compromising-notepad-cowriters-bearer-tokens/
🐥 [ tweet ]
👍5
Offensive Xwitter
😈 [ ippsec @ippsec ] After using Python for so long, I've been trying to switch to GoLang over the last two years just to try something new. I'm finally somewhat confident in being able to write I'd try to create a video series to help others. This is the…
😈 [ ippsec @ippsec ]
New video in my Hackers for Golang series: Dependency Injection. Covers why it’s crucial for clean code, with Python examples before Go. It’s complex but worth learning early. Check it out and let me know your thoughts!
🔗 https://youtu.be/BhLpqRev80s
🐥 [ tweet ]
New video in my Hackers for Golang series: Dependency Injection. Covers why it’s crucial for clean code, with Python examples before Go. It’s complex but worth learning early. Check it out and let me know your thoughts!
🔗 https://youtu.be/BhLpqRev80s
🐥 [ tweet ]
🔥9👍1🍌1
😈 [ R.B.C. @G3tSyst3m ]
Discovered a somewhat novel UAC bypass. Had fun learning this one. It takes advantage of machines that have the Intel ShaderCache directory installed in the appdata directory. Also uses junctions + arbitrary write, etc.
🔗 https://g3tsyst3m.github.io/uac%20bypass/Bypass-UAC-via-Intel-ShaderCache/
🐥 [ tweet ]
Discovered a somewhat novel UAC bypass. Had fun learning this one. It takes advantage of machines that have the Intel ShaderCache directory installed in the appdata directory. Also uses junctions + arbitrary write, etc.
🔗 https://g3tsyst3m.github.io/uac%20bypass/Bypass-UAC-via-Intel-ShaderCache/
🐥 [ tweet ]
👍5🔥1
Offensive Xwitter
Итак, закончилось ежегодное награждение Pentest Award 2024 (by @JustSecurity), поэтому время для стильной фоточки. Снова большой респект организаторам - по сравнению с прошлым годом масштабы инициативы выросли, как и зрелость ее проведения (привет усатым барменам…
Раунд 3
https://news.1rj.ru/str/justsecurity/382
#pentest_awards
Открыли прием заявок на Pentest award 2025!💡 Каждый год мы зажигаем новые яркие лампочки в гирлянде отечественного рынка кибербезопасности — компетентных специалистов, которые остаются за кадром большой работы по поиску уязвимостей.
Участие все еще бесплатное, а прием заявок продлиться до 30 июня. В этом году появились новые номинации от спонсоров проекта: Совкомбанк Технологии и BI.ZONE Bug Bounty.🥇 Главный приз за победу — стеклянная именная статуэтка и макбук!
🥈🥉За вторые и третьи места призеры получат айфоны и смарт-часы.🎬 OFFZONE подарит финалистам билеты на свою конференцию 2025.✏️ А учебный центр CyberEd гранты на обучения.
Ну и конечно, самая ценная награда за участие — почет и уважение сообщества этичных хакеров.
Отправляйте заявки на сайте, участвуйте и побеждайте!
https://news.1rj.ru/str/justsecurity/382
#pentest_awards
Please open Telegram to view this post
VIEW IN TELEGRAM
👍5🔥2😢1
😈 [ Toffy @toffyrak ]
I have just released my first tool: GPOHound 🚀
GPOHound is an offensive tool for dumping and analysing GPOs. It leverages BloodHound data and enriches it with insights extracted from the analysis.
Check it out here:
🔗 https://github.com/cogiceo/GPOHound
🐥 [ tweet ]
I have just released my first tool: GPOHound 🚀
GPOHound is an offensive tool for dumping and analysing GPOs. It leverages BloodHound data and enriches it with insights extracted from the analysis.
Check it out here:
🔗 https://github.com/cogiceo/GPOHound
🐥 [ tweet ]
👍14🔥10
😈 [ S3cur3Th1sSh1t @ShitSecure ]
And another AMSI bypass with a different DLL/patch 👌
🔗 https://medium.com/@andreabocchetti88/ghosting-amsi-cutting-rpc-to-disarm-av-04c26d67bb80
🐥 [ tweet ]
And another AMSI bypass with a different DLL/patch 👌
🔗 https://medium.com/@andreabocchetti88/ghosting-amsi-cutting-rpc-to-disarm-av-04c26d67bb80
🐥 [ tweet ]
another_byte_patch++👍5
😈 [ Logan Goins @_logangoins ]
I jumped heavily into learning about SCCM tradecraft and wrote a detailed write-up with custom examples, covering the most interesting vulnerabilities that combine commonality and impact from low-privilege contexts, and what you can do to prevent them :)
🔗 https://logan-goins.com/2025-04-25-sccm/
🐥 [ tweet ]
I jumped heavily into learning about SCCM tradecraft and wrote a detailed write-up with custom examples, covering the most interesting vulnerabilities that combine commonality and impact from low-privilege contexts, and what you can do to prevent them :)
🔗 https://logan-goins.com/2025-04-25-sccm/
🐥 [ tweet ]
👍4
😈 [ Atsika @_atsika ]
ProxyBlob is alive ! We’ve open-sourced our stealthy reverse SOCKS proxy over Azure Blob Storage that can help you operate in restricted environments 🔒
Blog:
🔗 https://blog.quarkslab.com/proxyblobing-into-your-network.html
Code:
🔗 http://github.com/quarkslab/proxyblob
🐥 [ tweet ][ quote ]
ProxyBlob is alive ! We’ve open-sourced our stealthy reverse SOCKS proxy over Azure Blob Storage that can help you operate in restricted environments 🔒
Blog:
🔗 https://blog.quarkslab.com/proxyblobing-into-your-network.html
Code:
🔗 http://github.com/quarkslab/proxyblob
🐥 [ tweet ][ quote ]
🔥11👍1
😈 [ Alex Neff @al3x_n3ff ]
A new module has been merged into NetExec: change-password🔥
Accounts with
You can also abuse ForceChangePassword to reset another user's password.
Made by @kriyosthearcane, @mehmetcanterman and me.
🐥 [ tweet ]
A new module has been merged into NetExec: change-password🔥
Accounts with
STATUS_PASSWORD_EXPIRED aren't a problem anymore, just reset their password.You can also abuse ForceChangePassword to reset another user's password.
Made by @kriyosthearcane, @mehmetcanterman and me.
🐥 [ tweet ]
вьетнамские флешбеки 5летней давности - https://snovvcra.sh/2020/10/31/pretending-to-be-smbpasswd-with-impacket.html🔥19👍7😁1
😈 [ 0xdf @0xdf_ ]
Following up on the Python UV video, made a cheat sheet to quickly show the commands for reference. You really need to be using uv for Python stuff.
🔗 https://0xdf.gitlab.io/cheatsheets/uv
🐥 [ tweet ]
лан лан, втопку pipx, все переходим на uv (на пару месяцев, пока не появится очередной революционный пакетный менеджер напида расте)
Following up on the Python UV video, made a cheat sheet to quickly show the commands for reference. You really need to be using uv for Python stuff.
🔗 https://0xdf.gitlab.io/cheatsheets/uv
🐥 [ tweet ]
лан лан, втопку pipx, все переходим на uv (на пару месяцев, пока не появится очередной революционный пакетный менеджер на
😁6🔥2
Offensive Xwitter
😈 [ ippsec @ippsec ] New video in my Hackers for Golang series: Dependency Injection. Covers why it’s crucial for clean code, with Python examples before Go. It’s complex but worth learning early. Check it out and let me know your thoughts! 🔗 https://yo…
YouTube
Golang for Hackers: LDAP Injector - Episode 03 - Error Handling
Next episode: Functional Options Pattern - https://youtu.be/p4VqejsO6oU
00:00 - Introduction talking about error handling
01:45 - Quickly going over some python/golang code to show the difference in mindset
05:55 - Playing with a demo go application, using…
00:00 - Introduction talking about error handling
01:45 - Quickly going over some python/golang code to show the difference in mindset
05:55 - Playing with a demo go application, using…
🔥3👍1😁1
😈 [ Alex @xaitax ]
🚀 Just dropped v0.5 of my Chrome App-Bound Encryption Decryption tool! Full user-mode (no admin), all path-validation bypasses, full cookie extraction (JSON 🍪) and stealth DLL injection. Chrome’s ABE is officially broken, works on Chrome, Edge & Brave.
🔗 https://github.com/xaitax/Chrome-App-Bound-Encryption-Decryption
🐥 [ tweet ]
🚀 Just dropped v0.5 of my Chrome App-Bound Encryption Decryption tool! Full user-mode (no admin), all path-validation bypasses, full cookie extraction (JSON 🍪) and stealth DLL injection. Chrome’s ABE is officially broken, works on Chrome, Edge & Brave.
🔗 https://github.com/xaitax/Chrome-App-Bound-Encryption-Decryption
🐥 [ tweet ]
🔥16👍1
😈 [ S3cur3Th1sSh1t @ShitSecure ]
Blogpost from my colleague about what’s still possible with recently published COM/DCOM toolings, Cross Session Activation and Kerberos relaying 🔥
🔗 https://www.r-tec.net/r-tec-blog-windows-is-and-always-will-be-a-potatoland.html
🐥 [ tweet ]
Blogpost from my colleague about what’s still possible with recently published COM/DCOM toolings, Cross Session Activation and Kerberos relaying 🔥
🔗 https://www.r-tec.net/r-tec-blog-windows-is-and-always-will-be-a-potatoland.html
🐥 [ tweet ]
👍3