😈 [ HackingLZ, Justin ]
Actual details on the Confluence CVE-2022-26134
https://t.co/qU3BfAQEa9
🔗 https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/
🐥 [ tweet ]
Actual details on the Confluence CVE-2022-26134
https://t.co/qU3BfAQEa9
🔗 https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/
🐥 [ tweet ]
👍1
😈 [ vxunderground, vx-underground ]
We've updated the vx-underground Malware Analysis collection. We have added 13 new papers courtesy of @malpedia.
Check it out here: https://t.co/djuVYEkbLT
Have a nice day.
🔗 https://www.vx-underground.org/malware_defense.html#malware_analysis
🐥 [ tweet ]
We've updated the vx-underground Malware Analysis collection. We have added 13 new papers courtesy of @malpedia.
Check it out here: https://t.co/djuVYEkbLT
Have a nice day.
🔗 https://www.vx-underground.org/malware_defense.html#malware_analysis
🐥 [ tweet ]
😈 [ hackinarticles, Hacking Articles ]
Memory Hunting
Credit https://t.co/OHtDiELsy5
#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #bugbountytips #forensics #dfir
🔗 https://github.com/christophetd/mindmaps/blob/master/pdf/memory-hunting.pdf
🐥 [ tweet ]
Memory Hunting
Credit https://t.co/OHtDiELsy5
#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #bugbountytips #forensics #dfir
🔗 https://github.com/christophetd/mindmaps/blob/master/pdf/memory-hunting.pdf
🐥 [ tweet ]
👍1
😈 [ HackingLZ, Justin ]
Since everyone is mentioning AzureAD to protect assets instead of putting them directly on the internet...Keep this in mind for future egress detections. https://t.co/mvgebEssdW
🔗 https://www.trustedsec.com/blog/azure-application-proxy-c2/
🐥 [ tweet ]
Since everyone is mentioning AzureAD to protect assets instead of putting them directly on the internet...Keep this in mind for future egress detections. https://t.co/mvgebEssdW
🔗 https://www.trustedsec.com/blog/azure-application-proxy-c2/
🐥 [ tweet ]
😈 [ hackinarticles, Hacking Articles ]
Incident Response Cheat Sheet
#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #dfir #incidentresponse
🐥 [ tweet ]
Incident Response Cheat Sheet
#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #dfir #incidentresponse
🐥 [ tweet ]
😈 [ hackinarticles, Hacking Articles ]
Information Security Concept
Credit https://t.co/5uvxJfGqhx
#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #bugbountytips
🔗 https://www.xmind.net/embed/enin/
🐥 [ tweet ]
Information Security Concept
Credit https://t.co/5uvxJfGqhx
#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #bugbountytips
🔗 https://www.xmind.net/embed/enin/
🐥 [ tweet ]
😈 [ hackinarticles, Hacking Articles ]
DNS Cheat Sheet
Credit @Nominet
#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #DNS
🐥 [ tweet ]
DNS Cheat Sheet
Credit @Nominet
#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #DNS
🐥 [ tweet ]
🔥1
😈 [ DirectoryRanger, DirectoryRanger ]
SharpRDPHijack, by @bohops
https://t.co/LNA6bv9TIq
🔗 https://github.com/bohops/SharpRDPHijack
🐥 [ tweet ]
SharpRDPHijack, by @bohops
https://t.co/LNA6bv9TIq
🔗 https://github.com/bohops/SharpRDPHijack
🐥 [ tweet ]
😈 [ FSDominguez, Francisco Dominguez ]
Not only inject&forget, but you can use quantum insert/spoofed packets for bidirectional communication as well to bypass very strict firewalls.
https://t.co/D4dzlAfHrM
🔗 https://diablohorn.com/2017/05/21/quantum-insert-bypassing-ip-restrictions/
🐥 [ tweet ][ quote ]
Not only inject&forget, but you can use quantum insert/spoofed packets for bidirectional communication as well to bypass very strict firewalls.
https://t.co/D4dzlAfHrM
🔗 https://diablohorn.com/2017/05/21/quantum-insert-bypassing-ip-restrictions/
🐥 [ tweet ][ quote ]
👍1
😈 [ am0nsec, Paul L. ]
I published my little experiment with the Windows Memory Manager in order to get Virtual Address Denoscriptors (VADs) from an arbitrary process. This is a proof of concept - use caution. Will use this repository to add more stuff over time.
https://t.co/hFqH4duKLX
🔗 https://github.com/am0nsec/wkpe
🐥 [ tweet ]
I published my little experiment with the Windows Memory Manager in order to get Virtual Address Denoscriptors (VADs) from an arbitrary process. This is a proof of concept - use caution. Will use this repository to add more stuff over time.
https://t.co/hFqH4duKLX
🔗 https://github.com/am0nsec/wkpe
🐥 [ tweet ]
😈 [ _wald0, Andy Robbins ]
Today is Friday, which means it's #BloodHoundBasics day.
Here is the recording of my @BlackHatEvents Asia presentation covering the origins of BloodHound. In particular: what problem BloodHound set out to solve in the first place: https://t.co/px9EZysXc7
🔗 https://www.youtube.com/watch?v=Yl7gwdTFK18
🐥 [ tweet ]
Today is Friday, which means it's #BloodHoundBasics day.
Here is the recording of my @BlackHatEvents Asia presentation covering the origins of BloodHound. In particular: what problem BloodHound set out to solve in the first place: https://t.co/px9EZysXc7
🔗 https://www.youtube.com/watch?v=Yl7gwdTFK18
🐥 [ tweet ]
😈 [ HackingLZ, Justin ]
So they updated the advisory with a patch/replacement for a single file which is great...However I would suspect it won't take a lot of work to diff old vs new? Incoming PoC?
https://t.co/4lbxkVc1Ja
🔗 https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
🐥 [ tweet ]
So they updated the advisory with a patch/replacement for a single file which is great...However I would suspect it won't take a lot of work to diff old vs new? Incoming PoC?
https://t.co/4lbxkVc1Ja
🔗 https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
🐥 [ tweet ]
😈 [ hackinarticles, Hacking Articles ]
Active Directory Penetration Testing
https://t.co/D4pKsnC9Yk
#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #cyberattacks #security #vulnerabilities #bugbounty
🔗 https://www.hackingarticles.in/red-teaming/
🐥 [ tweet ]
Active Directory Penetration Testing
https://t.co/D4pKsnC9Yk
#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #cyberattacks #security #vulnerabilities #bugbounty
🔗 https://www.hackingarticles.in/red-teaming/
🐥 [ tweet ]
😈 [ theluemmel, S4U2LuemmelSec ]
Just pushed a little update to the relay / MitM blog again.
This time NTLM Downgrade attacks.
https://t.co/R7PRhcQ37F
If successfull, you can afterwards nicely do pass the hash attacks with you new NT hash :)
🔗 http://luemmelsec.github.io/Relaying-101/#ntlm-downgrade-attack
🐥 [ tweet ]
Just pushed a little update to the relay / MitM blog again.
This time NTLM Downgrade attacks.
https://t.co/R7PRhcQ37F
If successfull, you can afterwards nicely do pass the hash attacks with you new NT hash :)
🔗 http://luemmelsec.github.io/Relaying-101/#ntlm-downgrade-attack
🐥 [ tweet ]
😈 [ ReconOne_, ReconOne ]
Did you hear about new Confluence CVE-2022-26134 Remote Code Execution? Try to quickly cover your Attack Surface with the help of nuclei 👇
#Confluence #reconone #recon #attacksurface #cve2022 #nuclei #bugbountytips
🐥 [ tweet ]
Did you hear about new Confluence CVE-2022-26134 Remote Code Execution? Try to quickly cover your Attack Surface with the help of nuclei 👇
#Confluence #reconone #recon #attacksurface #cve2022 #nuclei #bugbountytips
🐥 [ tweet ]
👹 [ snovvcrash, sn🥶vvcr💥sh ]
Based on @ippsec’s video, I’ve added two more examples on manual parsing JSONs produced by #BloodHound collectors:
1. List all members of a group (recursively).
2. List all groups which the user is a member of (recursively).
https://t.co/20cL7rms4a
🔗 https://ppn.snovvcrash.rocks/pentest/infrastructure/ad#manual-json-parsing
🐥 [ tweet ]
Based on @ippsec’s video, I’ve added two more examples on manual parsing JSONs produced by #BloodHound collectors:
1. List all members of a group (recursively).
2. List all groups which the user is a member of (recursively).
https://t.co/20cL7rms4a
🔗 https://ppn.snovvcrash.rocks/pentest/infrastructure/ad#manual-json-parsing
🐥 [ tweet ]
😈 [ 0xdf_, 0xdf ]
Timing from @hackthebox_eu had LFI, directory traversal, a side channel/timing attack, a mass assignment vulnerability, LFI+upload = RCE, and a custom downloader to exploit, all on the way to root.
https://t.co/QHYKm3OnLU
🔗 https://0xdf.gitlab.io/2022/06/04/htb-timing.html
🐥 [ tweet ]
Timing from @hackthebox_eu had LFI, directory traversal, a side channel/timing attack, a mass assignment vulnerability, LFI+upload = RCE, and a custom downloader to exploit, all on the way to root.
https://t.co/QHYKm3OnLU
🔗 https://0xdf.gitlab.io/2022/06/04/htb-timing.html
🐥 [ tweet ]
😈 [ hackinarticles, Hacking Articles ]
Process Ghosting Attack
https://t.co/DCcAxkRjDQ
#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #cyberattacks #security #vulnerabilities
🔗 https://www.hackingarticles.in/process-ghosting-attack/
🐥 [ tweet ]
Process Ghosting Attack
https://t.co/DCcAxkRjDQ
#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #cyberattacks #security #vulnerabilities
🔗 https://www.hackingarticles.in/process-ghosting-attack/
🐥 [ tweet ]