😈 [ Toffy @toffyrak ]
I have just released my first tool: GPOHound 🚀
GPOHound is an offensive tool for dumping and analysing GPOs. It leverages BloodHound data and enriches it with insights extracted from the analysis.
Check it out here:
🔗 https://github.com/cogiceo/GPOHound
🐥 [ tweet ]
I have just released my first tool: GPOHound 🚀
GPOHound is an offensive tool for dumping and analysing GPOs. It leverages BloodHound data and enriches it with insights extracted from the analysis.
Check it out here:
🔗 https://github.com/cogiceo/GPOHound
🐥 [ tweet ]
👍14🔥10
😈 [ S3cur3Th1sSh1t @ShitSecure ]
And another AMSI bypass with a different DLL/patch 👌
🔗 https://medium.com/@andreabocchetti88/ghosting-amsi-cutting-rpc-to-disarm-av-04c26d67bb80
🐥 [ tweet ]
And another AMSI bypass with a different DLL/patch 👌
🔗 https://medium.com/@andreabocchetti88/ghosting-amsi-cutting-rpc-to-disarm-av-04c26d67bb80
🐥 [ tweet ]
another_byte_patch++👍5
😈 [ Logan Goins @_logangoins ]
I jumped heavily into learning about SCCM tradecraft and wrote a detailed write-up with custom examples, covering the most interesting vulnerabilities that combine commonality and impact from low-privilege contexts, and what you can do to prevent them :)
🔗 https://logan-goins.com/2025-04-25-sccm/
🐥 [ tweet ]
I jumped heavily into learning about SCCM tradecraft and wrote a detailed write-up with custom examples, covering the most interesting vulnerabilities that combine commonality and impact from low-privilege contexts, and what you can do to prevent them :)
🔗 https://logan-goins.com/2025-04-25-sccm/
🐥 [ tweet ]
👍4
😈 [ Atsika @_atsika ]
ProxyBlob is alive ! We’ve open-sourced our stealthy reverse SOCKS proxy over Azure Blob Storage that can help you operate in restricted environments 🔒
Blog:
🔗 https://blog.quarkslab.com/proxyblobing-into-your-network.html
Code:
🔗 http://github.com/quarkslab/proxyblob
🐥 [ tweet ][ quote ]
ProxyBlob is alive ! We’ve open-sourced our stealthy reverse SOCKS proxy over Azure Blob Storage that can help you operate in restricted environments 🔒
Blog:
🔗 https://blog.quarkslab.com/proxyblobing-into-your-network.html
Code:
🔗 http://github.com/quarkslab/proxyblob
🐥 [ tweet ][ quote ]
🔥11👍1
😈 [ Alex Neff @al3x_n3ff ]
A new module has been merged into NetExec: change-password🔥
Accounts with
You can also abuse ForceChangePassword to reset another user's password.
Made by @kriyosthearcane, @mehmetcanterman and me.
🐥 [ tweet ]
A new module has been merged into NetExec: change-password🔥
Accounts with
STATUS_PASSWORD_EXPIRED aren't a problem anymore, just reset their password.You can also abuse ForceChangePassword to reset another user's password.
Made by @kriyosthearcane, @mehmetcanterman and me.
🐥 [ tweet ]
вьетнамские флешбеки 5летней давности - https://snovvcra.sh/2020/10/31/pretending-to-be-smbpasswd-with-impacket.html🔥19👍7😁1
😈 [ 0xdf @0xdf_ ]
Following up on the Python UV video, made a cheat sheet to quickly show the commands for reference. You really need to be using uv for Python stuff.
🔗 https://0xdf.gitlab.io/cheatsheets/uv
🐥 [ tweet ]
лан лан, втопку pipx, все переходим на uv (на пару месяцев, пока не появится очередной революционный пакетный менеджер напида расте)
Following up on the Python UV video, made a cheat sheet to quickly show the commands for reference. You really need to be using uv for Python stuff.
🔗 https://0xdf.gitlab.io/cheatsheets/uv
🐥 [ tweet ]
лан лан, втопку pipx, все переходим на uv (на пару месяцев, пока не появится очередной революционный пакетный менеджер на
😁6🔥2
Offensive Xwitter
😈 [ ippsec @ippsec ] New video in my Hackers for Golang series: Dependency Injection. Covers why it’s crucial for clean code, with Python examples before Go. It’s complex but worth learning early. Check it out and let me know your thoughts! 🔗 https://yo…
YouTube
Golang for Hackers: LDAP Injector - Episode 03 - Error Handling
Next episode: Functional Options Pattern - https://youtu.be/p4VqejsO6oU
00:00 - Introduction talking about error handling
01:45 - Quickly going over some python/golang code to show the difference in mindset
05:55 - Playing with a demo go application, using…
00:00 - Introduction talking about error handling
01:45 - Quickly going over some python/golang code to show the difference in mindset
05:55 - Playing with a demo go application, using…
🔥3👍1😁1
😈 [ Alex @xaitax ]
🚀 Just dropped v0.5 of my Chrome App-Bound Encryption Decryption tool! Full user-mode (no admin), all path-validation bypasses, full cookie extraction (JSON 🍪) and stealth DLL injection. Chrome’s ABE is officially broken, works on Chrome, Edge & Brave.
🔗 https://github.com/xaitax/Chrome-App-Bound-Encryption-Decryption
🐥 [ tweet ]
🚀 Just dropped v0.5 of my Chrome App-Bound Encryption Decryption tool! Full user-mode (no admin), all path-validation bypasses, full cookie extraction (JSON 🍪) and stealth DLL injection. Chrome’s ABE is officially broken, works on Chrome, Edge & Brave.
🔗 https://github.com/xaitax/Chrome-App-Bound-Encryption-Decryption
🐥 [ tweet ]
🔥16👍1
😈 [ S3cur3Th1sSh1t @ShitSecure ]
Blogpost from my colleague about what’s still possible with recently published COM/DCOM toolings, Cross Session Activation and Kerberos relaying 🔥
🔗 https://www.r-tec.net/r-tec-blog-windows-is-and-always-will-be-a-potatoland.html
🐥 [ tweet ]
Blogpost from my colleague about what’s still possible with recently published COM/DCOM toolings, Cross Session Activation and Kerberos relaying 🔥
🔗 https://www.r-tec.net/r-tec-blog-windows-is-and-always-will-be-a-potatoland.html
🐥 [ tweet ]
👍3
😈 [ es3n1n @es3n1n ]
ok its finally done: the improved version of no-defender, a tool that interacts with WSC api to disable window defender the way how microsoft intended it
🔗 https://github.com/es3n1n/defendnot
🐥 [ tweet ]
ok its finally done: the improved version of no-defender, a tool that interacts with WSC api to disable window defender the way how microsoft intended it
🔗 https://github.com/es3n1n/defendnot
🐥 [ tweet ]
👍11🤯5
😈 [ r1ru @ri5255 ]
I've released a blog series about modern Linux kernel exploitation, where you can learn some advanced techniques used in real-world kernel exploits. Enjoy!
🔗 https://r1ru.github.io/categories/linux-kernel-exploitation/
🐥 [ tweet ]
I've released a blog series about modern Linux kernel exploitation, where you can learn some advanced techniques used in real-world kernel exploits. Enjoy!
🔗 https://r1ru.github.io/categories/linux-kernel-exploitation/
🐥 [ tweet ]
🔥11👍2🍌1
Offensive Xwitter
😈 [ es3n1n @es3n1n ] ok its finally done: the improved version of no-defender, a tool that interacts with WSC api to disable window defender the way how microsoft intended it 🔗 https://github.com/es3n1n/defendnot 🐥 [ tweet ]
😈 [ es3n1n @es3n1n ]
Released a writeup on how I made defendnot, but instead of just doing a technical explanation I tried to show the full story and how painful it was due to the ✨special✨ environment I was working in.
A technical one will be coming in a few days as well.
🔗 https://blog.es3n1n.eu/posts/how-i-ruined-my-vacation/
🐥 [ tweet ]
Released a writeup on how I made defendnot, but instead of just doing a technical explanation I tried to show the full story and how painful it was due to the ✨special✨ environment I was working in.
A technical one will be coming in a few days as well.
🔗 https://blog.es3n1n.eu/posts/how-i-ruined-my-vacation/
🐥 [ tweet ]
👍5
😈 [ Daniel @0x64616e ]
Impersonate another user by moving their Kerberos tickets into your logon session with lsa-whisperer by @mcbroom_evan. You can even move them back after you are done. Only your session will loose its tickets.
🐥 [ tweet ]
Impersonate another user by moving their Kerberos tickets into your logon session with lsa-whisperer by @mcbroom_evan. You can even move them back after you are done. Only your session will loose its tickets.
🐥 [ tweet ]
🔥7
Forwarded from Standoff 365
😱 Кажется, начинается... Кибербитва Standoff 15 стартует уже на следующей неделе!
С 21 по 24 мая в «Лужниках» во время PHDays Fest состоится международная кибербитва Standoff 15, которая объединит более 40 команд атакующих и защитников из 18 стран.
На кону красных — $50 000 и статус сильнейших белых хакеров.
На кону синих — прокачка навыков на живых атаках и бесценный опыт.
Что ждет участников:
✈️ Семь отраслей вирутального государства F, включая две новые, — металлургия, энергетика, нефтегазовая отрасль, банковский сектор, городская среда, авиация и логистика.
🤜 Красные попробуют реализовать более 120 критических событий, а синие будут участвовать в режимах расследования и реагирования (в этом году останавливать кибератаки будет больше команд).
🔥 Мы подготовили обновленную визуализацию: в виртуальном мире все будет похоже на игру, а в физическом реальные последствия кибератак можно будет увидеть своими глазами на макетах отраслей с интерактивным полом и мегаэкраном.
🤝 Но Standoff 15 — это не только про кибербитву. Это еще и про людей и коммьюнити: это твой шанс встретиться с теми, кого знаешь только по никам, пожать руку легендам, завести новые знакомства, обменяться опытом и хорошо потусить.
💬 Чтобы не пропустить самое интересное, смотрите расписание кибербитвы на сайте. И следите за анонсами — скоро расскажем больше о том, что можно будет увидеть в зоне Standoff.
❗️Вход в зону Standoff, которая будет располагаться в отдельном шатре, возможен только по билетам PHDays Fest с 22 мая❗️
С 21 по 24 мая в «Лужниках» во время PHDays Fest состоится международная кибербитва Standoff 15, которая объединит более 40 команд атакующих и защитников из 18 стран.
На кону красных — $50 000 и статус сильнейших белых хакеров.
На кону синих — прокачка навыков на живых атаках и бесценный опыт.
Что ждет участников:
✈️ Семь отраслей вирутального государства F, включая две новые, — металлургия, энергетика, нефтегазовая отрасль, банковский сектор, городская среда, авиация и логистика.
🔥 Мы подготовили обновленную визуализацию: в виртуальном мире все будет похоже на игру, а в физическом реальные последствия кибератак можно будет увидеть своими глазами на макетах отраслей с интерактивным полом и мегаэкраном.
❗️Вход в зону Standoff, которая будет располагаться в отдельном шатре, возможен только по билетам PHDays Fest с 22 мая❗️
Please open Telegram to view this post
VIEW IN TELEGRAM
🥱9👍7
😈 [ Rémi GASCOU (Podalirius) @podalirius_ ]
🚀 Launching TheManticoreProject – a long-term offensive & defensive security ecosystem in Go!
First release (the core library): Manticore 🐾
🔧 Modular Go library to craft & interact with network protocols.
⚙️ SMB support coming soon.
🌐
🔗 https://github.com/TheManticoreProject/Manticore
🐥 [ tweet ]
🚀 Launching TheManticoreProject – a long-term offensive & defensive security ecosystem in Go!
First release (the core library): Manticore 🐾
🔧 Modular Go library to craft & interact with network protocols.
⚙️ SMB support coming soon.
🌐
🔗 https://github.com/TheManticoreProject/Manticore
🐥 [ tweet ]
🔥3👍1
😈 [ mert @merterpreter ]
Did you know that if S1 is installed in your environment, you can gain SYSTEM privileges without running a getsystem command from your C2 by editing SentinelOne's Autorepair task? Needs localadmin priv
🐥 [ tweet ]
Did you know that if S1 is installed in your environment, you can gain SYSTEM privileges without running a getsystem command from your C2 by editing SentinelOne's Autorepair task? Needs localadmin priv
🐥 [ tweet ]
🥱9👍3