⚠️ DISCLAIMER ⚠️

‼️ All information posted in this channel (https://news.1rj.ru/str/OffensiveTwitter) is intended for research and/or educational purposes only.

‼️ The owner of this channel is NOT responsible for any illegal use of the information this channel is providing or referring to.

‼️ The owner of this channel does NOT promote any illegal activity related to unethical hacking, cybercrimes, malware distribution, etc.

‼️ Remember that computer crimes are ALWAYS punishable by the law, so please do watch what you are doing.

#disclaimer

😈 [ HackingLZ, Justin ]

Actual details on the Confluence CVE-2022-26134

https://t.co/qU3BfAQEa9

🔗 https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/

🐥 [ tweet ]

😈 [ vxunderground, vx-underground ]

We've updated the vx-underground Malware Analysis collection. We have added 13 new papers courtesy of @malpedia.

Check it out here: https://t.co/djuVYEkbLT

Have a nice day.

🔗 https://www.vx-underground.org/malware_defense.html#malware_analysis

🐥 [ tweet ]

😈 [ hackinarticles, Hacking Articles ]

Memory Hunting

Credit https://t.co/OHtDiELsy5

#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #bugbountytips #forensics #dfir

🔗 https://github.com/christophetd/mindmaps/blob/master/pdf/memory-hunting.pdf

🐥 [ tweet ]

😈 [ HackingLZ, Justin ]

Since everyone is mentioning AzureAD to protect assets instead of putting them directly on the internet...Keep this in mind for future egress detections. https://t.co/mvgebEssdW

🔗 https://www.trustedsec.com/blog/azure-application-proxy-c2/

🐥 [ tweet ]

😈 [ hackinarticles, Hacking Articles ]

Incident Response Cheat Sheet

#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #dfir #incidentresponse

🐥 [ tweet ]

😈 [ hackinarticles, Hacking Articles ]

Information Security Concept

Credit https://t.co/5uvxJfGqhx

#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #bugbountytips

🔗 https://www.xmind.net/embed/enin/

🐥 [ tweet ]

😈 [ hackinarticles, Hacking Articles ]

DNS Cheat Sheet

Credit @Nominet

#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #DNS

🐥 [ tweet ]

😈 [ DirectoryRanger, DirectoryRanger ]

SharpRDPHijack, by @bohops
https://t.co/LNA6bv9TIq

🔗 https://github.com/bohops/SharpRDPHijack

🐥 [ tweet ]

😈 [ FSDominguez, Francisco Dominguez ]

Not only inject&forget, but you can use quantum insert/spoofed packets for bidirectional communication as well to bypass very strict firewalls.

https://t.co/D4dzlAfHrM

🔗 https://diablohorn.com/2017/05/21/quantum-insert-bypassing-ip-restrictions/

🐥 [ tweet ][ quote ]

😈 [ am0nsec, Paul L. ]

I published my little experiment with the Windows Memory Manager in order to get Virtual Address Denoscriptors (VADs) from an arbitrary process. This is a proof of concept - use caution. Will use this repository to add more stuff over time.

https://t.co/hFqH4duKLX

🔗 https://github.com/am0nsec/wkpe

🐥 [ tweet ]

😈 [ _wald0, Andy Robbins ]

Today is Friday, which means it's #BloodHoundBasics day.

Here is the recording of my @BlackHatEvents Asia presentation covering the origins of BloodHound. In particular: what problem BloodHound set out to solve in the first place: https://t.co/px9EZysXc7

🔗 https://www.youtube.com/watch?v=Yl7gwdTFK18

🐥 [ tweet ]

😈 [ HackingLZ, Justin ]

So they updated the advisory with a patch/replacement for a single file which is great...However I would suspect it won't take a lot of work to diff old vs new? Incoming PoC?

https://t.co/4lbxkVc1Ja

🔗 https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html

🐥 [ tweet ]

😈 [ hackinarticles, Hacking Articles ]

Active Directory Penetration Testing

https://t.co/D4pKsnC9Yk

#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #cyberattacks #security #vulnerabilities #bugbounty

🔗 https://www.hackingarticles.in/red-teaming/

🐥 [ tweet ]

😈 [ theluemmel, S4U2LuemmelSec ]

Just pushed a little update to the relay / MitM blog again.
This time NTLM Downgrade attacks.
https://t.co/R7PRhcQ37F

If successfull, you can afterwards nicely do pass the hash attacks with you new NT hash :)

🔗 http://luemmelsec.github.io/Relaying-101/#ntlm-downgrade-attack

🐥 [ tweet ]

😈 [ ReconOne_, ReconOne ]

Did you hear about new Confluence CVE-2022-26134 Remote Code Execution? Try to quickly cover your Attack Surface with the help of nuclei 👇

#Confluence #reconone #recon #attacksurface #cve2022 #nuclei #bugbountytips

🐥 [ tweet ]

👹 [ snovvcrash, sn🥶vvcr💥sh ]

Based on @ippsec’s video, I’ve added two more examples on manual parsing JSONs produced by #BloodHound collectors:
1. List all members of a group (recursively).
2. List all groups which the user is a member of (recursively).

https://t.co/20cL7rms4a

🔗 https://ppn.snovvcrash.rocks/pentest/infrastructure/ad#manual-json-parsing

🐥 [ tweet ]

😈 [ 0xdf_, 0xdf ]

Timing from @hackthebox_eu had LFI, directory traversal, a side channel/timing attack, a mass assignment vulnerability, LFI+upload = RCE, and a custom downloader to exploit, all on the way to root.

https://t.co/QHYKm3OnLU

🔗 https://0xdf.gitlab.io/2022/06/04/htb-timing.html

🐥 [ tweet ]