😈 [ S3cur3Th1sSh1t @ShitSecure ]
Blogpost from my colleague about what’s still possible with recently published COM/DCOM toolings, Cross Session Activation and Kerberos relaying 🔥
🔗 https://www.r-tec.net/r-tec-blog-windows-is-and-always-will-be-a-potatoland.html
🐥 [ tweet ]
Blogpost from my colleague about what’s still possible with recently published COM/DCOM toolings, Cross Session Activation and Kerberos relaying 🔥
🔗 https://www.r-tec.net/r-tec-blog-windows-is-and-always-will-be-a-potatoland.html
🐥 [ tweet ]
👍3
😈 [ es3n1n @es3n1n ]
ok its finally done: the improved version of no-defender, a tool that interacts with WSC api to disable window defender the way how microsoft intended it
🔗 https://github.com/es3n1n/defendnot
🐥 [ tweet ]
ok its finally done: the improved version of no-defender, a tool that interacts with WSC api to disable window defender the way how microsoft intended it
🔗 https://github.com/es3n1n/defendnot
🐥 [ tweet ]
👍11🤯5
😈 [ r1ru @ri5255 ]
I've released a blog series about modern Linux kernel exploitation, where you can learn some advanced techniques used in real-world kernel exploits. Enjoy!
🔗 https://r1ru.github.io/categories/linux-kernel-exploitation/
🐥 [ tweet ]
I've released a blog series about modern Linux kernel exploitation, where you can learn some advanced techniques used in real-world kernel exploits. Enjoy!
🔗 https://r1ru.github.io/categories/linux-kernel-exploitation/
🐥 [ tweet ]
🔥11👍2🍌1
Offensive Xwitter
😈 [ es3n1n @es3n1n ] ok its finally done: the improved version of no-defender, a tool that interacts with WSC api to disable window defender the way how microsoft intended it 🔗 https://github.com/es3n1n/defendnot 🐥 [ tweet ]
😈 [ es3n1n @es3n1n ]
Released a writeup on how I made defendnot, but instead of just doing a technical explanation I tried to show the full story and how painful it was due to the ✨special✨ environment I was working in.
A technical one will be coming in a few days as well.
🔗 https://blog.es3n1n.eu/posts/how-i-ruined-my-vacation/
🐥 [ tweet ]
Released a writeup on how I made defendnot, but instead of just doing a technical explanation I tried to show the full story and how painful it was due to the ✨special✨ environment I was working in.
A technical one will be coming in a few days as well.
🔗 https://blog.es3n1n.eu/posts/how-i-ruined-my-vacation/
🐥 [ tweet ]
👍5
😈 [ Daniel @0x64616e ]
Impersonate another user by moving their Kerberos tickets into your logon session with lsa-whisperer by @mcbroom_evan. You can even move them back after you are done. Only your session will loose its tickets.
🐥 [ tweet ]
Impersonate another user by moving their Kerberos tickets into your logon session with lsa-whisperer by @mcbroom_evan. You can even move them back after you are done. Only your session will loose its tickets.
🐥 [ tweet ]
🔥7
Forwarded from Standoff 365
😱 Кажется, начинается... Кибербитва Standoff 15 стартует уже на следующей неделе!
С 21 по 24 мая в «Лужниках» во время PHDays Fest состоится международная кибербитва Standoff 15, которая объединит более 40 команд атакующих и защитников из 18 стран.
На кону красных — $50 000 и статус сильнейших белых хакеров.
На кону синих — прокачка навыков на живых атаках и бесценный опыт.
Что ждет участников:
✈️ Семь отраслей вирутального государства F, включая две новые, — металлургия, энергетика, нефтегазовая отрасль, банковский сектор, городская среда, авиация и логистика.
🤜 Красные попробуют реализовать более 120 критических событий, а синие будут участвовать в режимах расследования и реагирования (в этом году останавливать кибератаки будет больше команд).
🔥 Мы подготовили обновленную визуализацию: в виртуальном мире все будет похоже на игру, а в физическом реальные последствия кибератак можно будет увидеть своими глазами на макетах отраслей с интерактивным полом и мегаэкраном.
🤝 Но Standoff 15 — это не только про кибербитву. Это еще и про людей и коммьюнити: это твой шанс встретиться с теми, кого знаешь только по никам, пожать руку легендам, завести новые знакомства, обменяться опытом и хорошо потусить.
💬 Чтобы не пропустить самое интересное, смотрите расписание кибербитвы на сайте. И следите за анонсами — скоро расскажем больше о том, что можно будет увидеть в зоне Standoff.
❗️Вход в зону Standoff, которая будет располагаться в отдельном шатре, возможен только по билетам PHDays Fest с 22 мая❗️
С 21 по 24 мая в «Лужниках» во время PHDays Fest состоится международная кибербитва Standoff 15, которая объединит более 40 команд атакующих и защитников из 18 стран.
На кону красных — $50 000 и статус сильнейших белых хакеров.
На кону синих — прокачка навыков на живых атаках и бесценный опыт.
Что ждет участников:
✈️ Семь отраслей вирутального государства F, включая две новые, — металлургия, энергетика, нефтегазовая отрасль, банковский сектор, городская среда, авиация и логистика.
🔥 Мы подготовили обновленную визуализацию: в виртуальном мире все будет похоже на игру, а в физическом реальные последствия кибератак можно будет увидеть своими глазами на макетах отраслей с интерактивным полом и мегаэкраном.
❗️Вход в зону Standoff, которая будет располагаться в отдельном шатре, возможен только по билетам PHDays Fest с 22 мая❗️
Please open Telegram to view this post
VIEW IN TELEGRAM
🥱9👍7
😈 [ Rémi GASCOU (Podalirius) @podalirius_ ]
🚀 Launching TheManticoreProject – a long-term offensive & defensive security ecosystem in Go!
First release (the core library): Manticore 🐾
🔧 Modular Go library to craft & interact with network protocols.
⚙️ SMB support coming soon.
🌐
🔗 https://github.com/TheManticoreProject/Manticore
🐥 [ tweet ]
🚀 Launching TheManticoreProject – a long-term offensive & defensive security ecosystem in Go!
First release (the core library): Manticore 🐾
🔧 Modular Go library to craft & interact with network protocols.
⚙️ SMB support coming soon.
🌐
🔗 https://github.com/TheManticoreProject/Manticore
🐥 [ tweet ]
🔥3👍1
😈 [ mert @merterpreter ]
Did you know that if S1 is installed in your environment, you can gain SYSTEM privileges without running a getsystem command from your C2 by editing SentinelOne's Autorepair task? Needs localadmin priv
🐥 [ tweet ]
Did you know that if S1 is installed in your environment, you can gain SYSTEM privileges without running a getsystem command from your C2 by editing SentinelOne's Autorepair task? Needs localadmin priv
🐥 [ tweet ]
🥱9👍3
😈 [ chompie @chompie1337 ]
Me and the homies are dropping browser exploits on the red team engagement 😎. Find out how to bypass WDAC + execute native shellcode using this one weird trick -- exploiting the V8 engine of a vulnerable trusted application.
🔗 https://www.ibm.com/think/x-force/operationalizing-browser-exploits-to-bypass-wdac
🐥 [ tweet ]
Me and the homies are dropping browser exploits on the red team engagement 😎. Find out how to bypass WDAC + execute native shellcode using this one weird trick -- exploiting the V8 engine of a vulnerable trusted application.
🔗 https://www.ibm.com/think/x-force/operationalizing-browser-exploits-to-bypass-wdac
🐥 [ tweet ]
🔥8
😈 [ blasty @bl4sty ]
ok ok fine, for old time's sake
🔗 https://haxx.in/files/limit-your-screentime.sh
🐥 [ tweet ]
ok ok fine, for old time's sake
🔗 https://haxx.in/files/limit-your-screentime.sh
🐥 [ tweet ]
👍9🔥5🥱4
😈 [ Oliver Lyak @ly4k_ ]
The Future of Certipy and the Release of v5 & ESC16 👇
🔗 https://github.com/ly4k/Certipy/discussions/270
🐥 [ tweet ]
The Future of Certipy and the Release of v5 & ESC16 👇
🔗 https://github.com/ly4k/Certipy/discussions/270
🐥 [ tweet ]
🔥8🥱3
😈 [ Bad Sector Labs @badsectorlabs ]
Cobalt Strike for free!? Adaptix C2 (@hacker_ralf) is the best open source C2 I've used since Havoc (@C5pider). SOCKS5, remote and local port forwards, and BOF support! Now it's easy to install the server + client, especially on 🏟️Ludus with our new role:
🔗 https://github.com/badsectorlabs/ludus_adaptix_c2
🐥 [ tweet ]
Cobalt Strike for free!? Adaptix C2 (@hacker_ralf) is the best open source C2 I've used since Havoc (@C5pider). SOCKS5, remote and local port forwards, and BOF support! Now it's easy to install the server + client, especially on 🏟️Ludus with our new role:
🔗 https://github.com/badsectorlabs/ludus_adaptix_c2
🐥 [ tweet ]
🔥21🤔1😢1
😈 [ mpgn @mpgn_x64 ]
Thanks to the awesome work of @LadhaAleem , the CTF Windows Active Directory lab for @_barbhack_ from 2024 is now public! 🔥
You can build the lab and pwn the AD — 13 flags to capture! No public write-up exists yet — waiting for someone to submit one!
🔗 https://github.com/Pennyw0rth/NetExec-Lab/tree/main/BARBHACK-2024
🐥 [ tweet ]
Thanks to the awesome work of @LadhaAleem , the CTF Windows Active Directory lab for @_barbhack_ from 2024 is now public! 🔥
You can build the lab and pwn the AD — 13 flags to capture! No public write-up exists yet — waiting for someone to submit one!
🔗 https://github.com/Pennyw0rth/NetExec-Lab/tree/main/BARBHACK-2024
🐥 [ tweet ]
🔥12
😈 [ Matt Ehrnschwender @M_alphaaa ]
I am very excited to be releasing Tetanus, a Mythic C2 agent written in Rust! This is a project @0xdab0 have been working on to experiment with the Rust programming language by developing a Mythic C2 agent.
🔗 https://github.com/MythicAgents/tetanus
🐥 [ tweet ]
I am very excited to be releasing Tetanus, a Mythic C2 agent written in Rust! This is a project @0xdab0 have been working on to experiment with the Rust programming language by developing a Mythic C2 agent.
🔗 https://github.com/MythicAgents/tetanus
🐥 [ tweet ]
эх вот би все в мире переписать на раст 🦀 👍🏻 🦀 👍🏻😁13🍌3👍2
😈 [ Steve S. @0xTriboulet ]
rssh-rs is a reflective DLL that performs some hacky integration with your favorite C2 Framework to provide SSH session access from a Beacon session.
🔗 https://github.com/0xTriboulet/rssh-rs
🐥 [ tweet ]
rssh-rs is a reflective DLL that performs some hacky integration with your favorite C2 Framework to provide SSH session access from a Beacon session.
🔗 https://github.com/0xTriboulet/rssh-rs
🐥 [ tweet ]
👍1
😈 [ Yehuda Smirnov @yudasm_ ]
What if you skipped VirtualAlloc, skipped WriteProcessMemory and still got code execution?
We explored process injection using nothing but thread context.
Full write-up + PoCs:
🔗 https://blog.fndsec.net/2025/05/16/the-context-only-attack-surface/
🐥 [ tweet ]
What if you skipped VirtualAlloc, skipped WriteProcessMemory and still got code execution?
We explored process injection using nothing but thread context.
Full write-up + PoCs:
🔗 https://blog.fndsec.net/2025/05/16/the-context-only-attack-surface/
🐥 [ tweet ]
🔥9🥱2👍1
😈 [ Yuval Gordon @YuG0rd ]
🚀 We just released my research on BadSuccessor - a new unpatched Active Directory privilege escalation vulnerability
It allows compromising any user in AD, it works with the default config, and.. Microsoft currently won't fix it 🤷♂️
Read Here -
🔗 https://www.akamai.com/blog/security-research/abusing-dmsa-for-privilege-escalation-in-active-directory
🐥 [ tweet ]
🚀 We just released my research on BadSuccessor - a new unpatched Active Directory privilege escalation vulnerability
It allows compromising any user in AD, it works with the default config, and.. Microsoft currently won't fix it 🤷♂️
Read Here -
🔗 https://www.akamai.com/blog/security-research/abusing-dmsa-for-privilege-escalation-in-active-directory
🐥 [ tweet ]
🔥9
Offensive Xwitter
😈 [ Yuval Gordon @YuG0rd ] 🚀 We just released my research on BadSuccessor - a new unpatched Active Directory privilege escalation vulnerability It allows compromising any user in AD, it works with the default config, and.. Microsoft currently won't fix it…
😈 [ Bad Sector Labs @badsectorlabs ]
If this query hits, you're in.
🐥 [ tweet ][ quote ]
MATCH (c1:Computer)-[:MemberOf*1..]->(g:Group) WHERE g.objectsid ENDS WITH '-516' WITH COLLECT(c1.name) AS dcs MATCH (c2:Computer) WHERE c2.enabled = true AND (c2.operatingsystem contains '2025') AND (c2.name IN dcs) RETURN c2.nameIf this query hits, you're in.
🐥 [ tweet ][ quote ]
👍5
😈 [ mpgn @mpgn_x64 ]
Based on the research of Akamai, I made a new module on netexec to find every principal that can perform a BadSuccessor attack and the OUs where it holds the required permissions 🔥
🔗 https://github.com/Pennyw0rth/NetExec/pull/702
🐥 [ tweet ][ quote ]
Based on the research of Akamai, I made a new module on netexec to find every principal that can perform a BadSuccessor attack and the OUs where it holds the required permissions 🔥
🔗 https://github.com/Pennyw0rth/NetExec/pull/702
🐥 [ tweet ][ quote ]
🔥11🥱3👍1