😈 [ DebugPrivilege, • ]
Alert when a group is added to a sensitive Active Directory group https://t.co/2oJmjthu8G
🔗 https://techcommunity.microsoft.com/t5/security-compliance-and-identity/alert-when-a-group-is-added-to-a-sensitive-active-directory/ba-p/3436868
🐥 [ tweet ]
Alert when a group is added to a sensitive Active Directory group https://t.co/2oJmjthu8G
🔗 https://techcommunity.microsoft.com/t5/security-compliance-and-identity/alert-when-a-group-is-added-to-a-sensitive-active-directory/ba-p/3436868
🐥 [ tweet ]
🔥1
😈 [ hackinarticles, Hacking Articles ]
IPV4 vs IPV6
#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #cyberattacks #security #vulnerabilities
🐥 [ tweet ]
IPV4 vs IPV6
#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #cyberattacks #security #vulnerabilities
🐥 [ tweet ]
😈 [ ShitSecure, S3cur3Th1sSh1t ]
The last two weekends plus some evenings I spend my time writing a Nim Packer/Loader, which will be provided to Sponsors only via private repo. It's capable of packing C# Assemblies, Shellcode or PE-Files.
It's using my GetSyscallStub function to retrieve unhooked Syscalls from ntdll.dll to patch AMSI and/or ETW. The shellcode execution is also done via Syscalls from GetSyscallStub. This function will become public in Q1 2022.
The detection rate is at this time pretty good. One more reason for this repo to stay private. And theese binaries had no sandbox evasion checks, no sleep time and were not obfuscated via LLVM. I'll add sandbox evasion methods later on.
🔗 https://www.patreon.com/S3cur3Th1sSh1t
🔗 https://github.com/sponsors/S3cur3Th1sSh1t
🐥 [ tweet ]
The last two weekends plus some evenings I spend my time writing a Nim Packer/Loader, which will be provided to Sponsors only via private repo. It's capable of packing C# Assemblies, Shellcode or PE-Files.
It's using my GetSyscallStub function to retrieve unhooked Syscalls from ntdll.dll to patch AMSI and/or ETW. The shellcode execution is also done via Syscalls from GetSyscallStub. This function will become public in Q1 2022.
The detection rate is at this time pretty good. One more reason for this repo to stay private. And theese binaries had no sandbox evasion checks, no sleep time and were not obfuscated via LLVM. I'll add sandbox evasion methods later on.
🔗 https://www.patreon.com/S3cur3Th1sSh1t
🔗 https://github.com/sponsors/S3cur3Th1sSh1t
🐥 [ tweet ]
👍1
😈 [ m3g9tr0n, Spiros Fraganastasis ]
An excellent article by @martinsohndk about Windows Shares post exploitation activities! You will be impressed with the amount of information which can be found by digging in shares https://t.co/LiriUP3xVE
🔗 https://improsec.com/tech-blog/network-share-risks-deploying-secure-defaults-and-searching-shares-for-sensitive-information-credentials-pii-and-more
🐥 [ tweet ]
An excellent article by @martinsohndk about Windows Shares post exploitation activities! You will be impressed with the amount of information which can be found by digging in shares https://t.co/LiriUP3xVE
🔗 https://improsec.com/tech-blog/network-share-risks-deploying-secure-defaults-and-searching-shares-for-sensitive-information-credentials-pii-and-more
🐥 [ tweet ]
👍1
😈 [ fr0gger_, Thomas Roccia 🤘 ]
I published a blogpost that presents ten useful python libraries that I use for malware analysis and reversing (with code examples)!
Which one are you using the most? 🐍
#python #malware #cybersecurity #infosec
https://t.co/4q7N0ydQJa
🔗 https://blog.securitybreak.io/10-python-libraries-for-malware-analysis-and-reverse-engineering-622751e6ebd0
🐥 [ tweet ]
I published a blogpost that presents ten useful python libraries that I use for malware analysis and reversing (with code examples)!
Which one are you using the most? 🐍
#python #malware #cybersecurity #infosec
https://t.co/4q7N0ydQJa
🔗 https://blog.securitybreak.io/10-python-libraries-for-malware-analysis-and-reverse-engineering-622751e6ebd0
🐥 [ tweet ]
😈 [ ShitSecure, S3cur3Th1sSh1t ]
My DInvoke implementation in Nim is now also public:
https://t.co/4sNjTVsYfv
Feel free with testing and have fun! 🍻👌
Challenge: who modifies the Nim compiler for DInvoke usage?🤓
🔗 https://github.com/S3cur3Th1sSh1t/Nim_DInvoke
🐥 [ tweet ]
My DInvoke implementation in Nim is now also public:
https://t.co/4sNjTVsYfv
Feel free with testing and have fun! 🍻👌
Challenge: who modifies the Nim compiler for DInvoke usage?🤓
🔗 https://github.com/S3cur3Th1sSh1t/Nim_DInvoke
🐥 [ tweet ]
🔥2
😈 [ ntlmrelay, Ring3API ]
🐍 Python utility to generate #MITRE ATT&CK Vault for #Obsidian.
1️⃣Get Obsidian (https://t.co/ZBOCQ2ez7U)
2️⃣Generate Vault (https://t.co/3A5dbhoRC2)
3️⃣Explore!
#blueteam #threathunting #ThreatIntelligence
🔗 https://obsidian.md/
🔗 https://github.com/arch4ngel/sec-vault-gen
🐥 [ tweet ]
🐍 Python utility to generate #MITRE ATT&CK Vault for #Obsidian.
1️⃣Get Obsidian (https://t.co/ZBOCQ2ez7U)
2️⃣Generate Vault (https://t.co/3A5dbhoRC2)
3️⃣Explore!
#blueteam #threathunting #ThreatIntelligence
🔗 https://obsidian.md/
🔗 https://github.com/arch4ngel/sec-vault-gen
🐥 [ tweet ]
👍2
😈 [ DebugPrivilege, • ]
Great blog post on hijacking Azure subnoscriptions. https://t.co/i2zQHrazu2
🔗 https://derkvanderwoude.medium.com/azure-subnoscription-hijacking-and-cryptomining-86c2ac018983
🐥 [ tweet ]
Great blog post on hijacking Azure subnoscriptions. https://t.co/i2zQHrazu2
🔗 https://derkvanderwoude.medium.com/azure-subnoscription-hijacking-and-cryptomining-86c2ac018983
🐥 [ tweet ]
😈 [ bohops, bohops ]
[Quick Update] Added a few new and old resources/techniques to the WDAC Block List
https://t.co/2AhEtQ2aS0
I'll post a few more blogs in the coming months to include Part 3 of the "Exploring the Microsoft Recommended Block Rules" series as well as some new
techniques
🔗 https://github.com/bohops/UltimateWDACBypassList
🐥 [ tweet ]
[Quick Update] Added a few new and old resources/techniques to the WDAC Block List
https://t.co/2AhEtQ2aS0
I'll post a few more blogs in the coming months to include Part 3 of the "Exploring the Microsoft Recommended Block Rules" series as well as some new
techniques
🔗 https://github.com/bohops/UltimateWDACBypassList
🐥 [ tweet ]
😈 [ byt3bl33d3r, Marcello ]
This is neato
"Alpine, Ubuntu, Fedora, and Arch based containers containing full desktop environments in officially supported flavors accessible via any modern web browser."
https://t.co/VSTYMXDYma
🔗 https://docs.linuxserver.io/images/docker-webtop
🐥 [ tweet ]
This is neato
"Alpine, Ubuntu, Fedora, and Arch based containers containing full desktop environments in officially supported flavors accessible via any modern web browser."
https://t.co/VSTYMXDYma
🔗 https://docs.linuxserver.io/images/docker-webtop
🐥 [ tweet ]
🔥1