😈 [ mariuszbit, mgeeky | Mariusz Banach ]
A single slide from my Malware Development training @x33fcon .
Suprising how widespread VBA actually is. 💀
☢️ Anyone fancy trying out VBA for:
- Terminal emulator serving critical systems,
- CAD projects of military equipment,
- SCADA consoles
https://t.co/8wRuj7ZGQc
🔗 https://www.x33fcon.com/#!t/maldev.md
🐥 [ tweet ]
A single slide from my Malware Development training @x33fcon .
Suprising how widespread VBA actually is. 💀
☢️ Anyone fancy trying out VBA for:
- Terminal emulator serving critical systems,
- CAD projects of military equipment,
- SCADA consoles
https://t.co/8wRuj7ZGQc
🔗 https://www.x33fcon.com/#!t/maldev.md
🐥 [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ citronneur, Sylvain Peyrefitte ]
Pamspy is a credential dumper for Linux, that use #eBPF to hook libpam ! Enjoy !
https://t.co/PwsseTe4iJ
🔗 https://github.com/citronneur/pamspy
🐥 [ tweet ]
Pamspy is a credential dumper for Linux, that use #eBPF to hook libpam ! Enjoy !
https://t.co/PwsseTe4iJ
🔗 https://github.com/citronneur/pamspy
🐥 [ tweet ]
😈 [ C5pider, 5pider ]
How I send over data to my server. Nothing big. maybe someone finds this useful for something.
https://t.co/DGyT7Ws55J
🔗 https://gist.github.com/Cracked5pider/1857e292a9fec28cba88bed80d4e509d
🐥 [ tweet ]
How I send over data to my server. Nothing big. maybe someone finds this useful for something.
https://t.co/DGyT7Ws55J
🔗 https://gist.github.com/Cracked5pider/1857e292a9fec28cba88bed80d4e509d
🐥 [ tweet ]
😈 [ NinjaParanoid, Paranoid Ninja (Brute Ratel C4) ]
A thoroughly detailed blog on Brute Ratel C4 by Palo Alto. Proper Actions have been taken to against the found licenses which were sold in the Black Market. As for existing customers, #BRc4 v1.1 release will change every aspect of IOC found in the previous releases.
🔗 https://unit42.paloaltonetworks.com/brute-ratel-c4-tool/
🐥 [ tweet ][ quote ]
A thoroughly detailed blog on Brute Ratel C4 by Palo Alto. Proper Actions have been taken to against the found licenses which were sold in the Black Market. As for existing customers, #BRc4 v1.1 release will change every aspect of IOC found in the previous releases.
🔗 https://unit42.paloaltonetworks.com/brute-ratel-c4-tool/
🐥 [ tweet ][ quote ]
😈 [ tiraniddo, James Forshaw ]
Finally I can release details about my most serious RCG bug. RCE/EoP in LSASS via CredSSP. Reachable through RDP or WinRM if configured correctly. Will try and put together a blog about it at some point😁https://t.co/ujuMXRCxNT
🔗 https://bugs.chromium.org/p/project-zero/issues/detail?id=2271
🐥 [ tweet ]
Finally I can release details about my most serious RCG bug. RCE/EoP in LSASS via CredSSP. Reachable through RDP or WinRM if configured correctly. Will try and put together a blog about it at some point😁https://t.co/ujuMXRCxNT
🔗 https://bugs.chromium.org/p/project-zero/issues/detail?id=2271
🐥 [ tweet ]
😈 [ SemperisTech, Semperis ]
You're familiar with the Golden Ticket attack, but what about the Diamond Ticket? Semperis Security Researcher Charlie Clark reveals the result of research into this potential #securityvulnerability. https://t.co/p7alMaSr4t
🔗 https://lnkd.in/gNYf2Gxz
🐥 [ tweet ]
You're familiar with the Golden Ticket attack, but what about the Diamond Ticket? Semperis Security Researcher Charlie Clark reveals the result of research into this potential #securityvulnerability. https://t.co/p7alMaSr4t
🔗 https://lnkd.in/gNYf2Gxz
🐥 [ tweet ]
😈 [ ippsec, ippsec ]
Really enjoyed reading the APT-29 Article from Unit 42. Decided to do a video talking about it and some light reversing at the malware. Its pretty sad that APT-29 has been doing the LNK in a ZIP TTP for 5+ years and remained succesful by swapping payloads https://t.co/D15cwzATDn
🔗 https://www.youtube.com/watch?v=a7W6rhkpVSM
🐥 [ tweet ]
Really enjoyed reading the APT-29 Article from Unit 42. Decided to do a video talking about it and some light reversing at the malware. Its pretty sad that APT-29 has been doing the LNK in a ZIP TTP for 5+ years and remained succesful by swapping payloads https://t.co/D15cwzATDn
🔗 https://www.youtube.com/watch?v=a7W6rhkpVSM
🐥 [ tweet ]
😈 [ ShitSecure, S3cur3Th1sSh1t ]
The original work author @maorkor also released an 64 bit implementation for Powershell now, worth checking out! The Providers and number of Providers are enumerated automatically here. 🔥
https://t.co/13mU1Zv6iA
🔗 https://github.com/deepinstinct/AMSI-Unchained/blob/main/ScanInterception_x64.ps1
🐥 [ tweet ][ quote ]
The original work author @maorkor also released an 64 bit implementation for Powershell now, worth checking out! The Providers and number of Providers are enumerated automatically here. 🔥
https://t.co/13mU1Zv6iA
🔗 https://github.com/deepinstinct/AMSI-Unchained/blob/main/ScanInterception_x64.ps1
🐥 [ tweet ][ quote ]
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ dani_ruiz24, daniruiz ]
🔥 Huge improvements to my custom BASH/ZSH reverse shell function.
If you have not seen it
👉 Wrapper for nc (same syntax)
👉 Arrows, Ctrl+C...
👉 Loads the default bashrc config
👉 Color works
👉 sets terminal size
👉 No need to `stty -echo raw; fg`
https://t.co/jkPGFMjpjJ
🔗 https://gist.github.com/daniruiz/c073f631d514bf38e516b62c48366efb#file-kali-shell-aliases-and-functions-sh-L59-L85
🐥 [ tweet ]
🔥 Huge improvements to my custom BASH/ZSH reverse shell function.
If you have not seen it
👉 Wrapper for nc (same syntax)
👉 Arrows, Ctrl+C...
👉 Loads the default bashrc config
👉 Color works
👉 sets terminal size
👉 No need to `stty -echo raw; fg`
https://t.co/jkPGFMjpjJ
🔗 https://gist.github.com/daniruiz/c073f631d514bf38e516b62c48366efb#file-kali-shell-aliases-and-functions-sh-L59-L85
🐥 [ tweet ]
👍1
😈 [ _mohemiv, Arseniy Sharoglazov ]
⚡️ Cool PR to Impacket by @synacktiv: displaying timestamps for DCC/DCC2 hashes in secretsdump
New format: CORP.LOCAL/user:$DCC2$10240#user#0123456789abcdef0123456789abcdef: (2022-07-05 20:09:09)
Should be helpful, DCC2 hashes are so slow!
https://t.co/EPBQAkyrBd
🔗 https://github.com/SecureAuthCorp/impacket/pull/1367
🐥 [ tweet ]
⚡️ Cool PR to Impacket by @synacktiv: displaying timestamps for DCC/DCC2 hashes in secretsdump
New format: CORP.LOCAL/user:$DCC2$10240#user#0123456789abcdef0123456789abcdef: (2022-07-05 20:09:09)
Should be helpful, DCC2 hashes are so slow!
https://t.co/EPBQAkyrBd
🔗 https://github.com/SecureAuthCorp/impacket/pull/1367
🐥 [ tweet ]
😈 [ dottor_morte, Riccardo ]
For those who care, I uploaded the slides of my talk on lateral movement that I gave at TROOPERS this year:
https://t.co/wAoGPUv1Zj
🔗 https://github.com/RiccardoAncarani/talks/blob/master/F-Secure/unorthodox-lateral-movement.pdf
🐥 [ tweet ]
For those who care, I uploaded the slides of my talk on lateral movement that I gave at TROOPERS this year:
https://t.co/wAoGPUv1Zj
🔗 https://github.com/RiccardoAncarani/talks/blob/master/F-Secure/unorthodox-lateral-movement.pdf
🐥 [ tweet ]
👍1
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ podalirius_, Podalirius ]
Today in #AwesomeRCEs, I present a technique to achieve remote code execution on Apache #Tomcat by uploading an #app as admin.
In order to do this, I wrote a WAR application exposing a JSON API to execute code on the server and download files:
https://t.co/OJIr4V4R8D
🔗 https://github.com/p0dalirius/Tomcat-webshell-application
🐥 [ tweet ]
Today in #AwesomeRCEs, I present a technique to achieve remote code execution on Apache #Tomcat by uploading an #app as admin.
In order to do this, I wrote a WAR application exposing a JSON API to execute code on the server and download files:
https://t.co/OJIr4V4R8D
🔗 https://github.com/p0dalirius/Tomcat-webshell-application
🐥 [ tweet ]
😈 [ ORCA10K, ORCA ]
i released i tiny poc on getting the syscalls from ntdll of a new suspended process :
https://t.co/wtCeeEpaJI
🔗 https://gitlab.com/ORCA000/suspendedntdllunhook
🐥 [ tweet ]
i released i tiny poc on getting the syscalls from ntdll of a new suspended process :
https://t.co/wtCeeEpaJI
🔗 https://gitlab.com/ORCA000/suspendedntdllunhook
🐥 [ tweet ]
😈 [ 0xBoku, Bobby Cooke ]
BokuLoader features update! Added Find-Beacon EggHunter, Stomp MZ Magic Bytes, PE Header Obfuscation, PE String Replacement, and Prepend ASM Instructions! Shoutouts to @passthehashbrwn & @anthemtotheego ;)
https://t.co/WnolPDNPuo
🔗 https://github.com/xforcered/BokuLoader
🐥 [ tweet ]
BokuLoader features update! Added Find-Beacon EggHunter, Stomp MZ Magic Bytes, PE Header Obfuscation, PE String Replacement, and Prepend ASM Instructions! Shoutouts to @passthehashbrwn & @anthemtotheego ;)
https://t.co/WnolPDNPuo
🔗 https://github.com/xforcered/BokuLoader
🐥 [ tweet ]
😈 [ tiraniddo, James Forshaw ]
Another of my recent Kerberos bugs has been opened, this time _another_ way of bypassing AppContainer enterprise authentication capability this time by using LsaCallAuthenticationPackage https://t.co/axda3g2XDm
🔗 https://bugs.chromium.org/p/project-zero/issues/detail?id=2273
🐥 [ tweet ]
Another of my recent Kerberos bugs has been opened, this time _another_ way of bypassing AppContainer enterprise authentication capability this time by using LsaCallAuthenticationPackage https://t.co/axda3g2XDm
🔗 https://bugs.chromium.org/p/project-zero/issues/detail?id=2273
🐥 [ tweet ]
😈 [ harmj0y, Will Schroeder ]
Very cool Kerberoasting implementation using LsaCallAuthenticationPackage, all through a macro https://t.co/BswTJvqzHg
🔗 https://github.com/Adepts-Of-0xCC/VBA-macro-experiments/blob/main/kerberoast.vba
🐥 [ tweet ]
Very cool Kerberoasting implementation using LsaCallAuthenticationPackage, all through a macro https://t.co/BswTJvqzHg
🔗 https://github.com/Adepts-Of-0xCC/VBA-macro-experiments/blob/main/kerberoast.vba
🐥 [ tweet ]
😈 [ 0xdf_, 0xdf ]
What Happens In a "Shell Upgrade" video released:
https://t.co/ql6kIj6RK5
I love this one because I learned so much making it. Hopefully that knowledge transfers to you as well.
🔗 https://youtu.be/DqE6DxqJg8Q
🐥 [ tweet ][ quote ]
What Happens In a "Shell Upgrade" video released:
https://t.co/ql6kIj6RK5
I love this one because I learned so much making it. Hopefully that knowledge transfers to you as well.
🔗 https://youtu.be/DqE6DxqJg8Q
🐥 [ tweet ][ quote ]
😈 [ 0xBoku, Bobby Cooke ]
Dannnggggg.. @CaptMeelo has some great blog posts 🔥 Thanks @FuzzySec for directing me back there :)
https://t.co/0gbd1VHqRl
🔗 https://captmeelo.com/category/maldev
🐥 [ tweet ]
Dannnggggg.. @CaptMeelo has some great blog posts 🔥 Thanks @FuzzySec for directing me back there :)
https://t.co/0gbd1VHqRl
🔗 https://captmeelo.com/category/maldev
🐥 [ tweet ]
😈 [ podalirius_, Podalirius ]
Heard of #Printerbug, #PetitPotam, #ShadowCoerce and #DFSCoerce ? These are only the tip of the Iceberg and there is probably many more to find. 👀
Want to find a new call ? Here is 242 probable #RPC calls with python poc ready to be triaged! 🎉
https://t.co/WjmEzuSOcz
🔗 https://github.com/p0dalirius/windows-coerced-authentication-methods
🐥 [ tweet ]
Heard of #Printerbug, #PetitPotam, #ShadowCoerce and #DFSCoerce ? These are only the tip of the Iceberg and there is probably many more to find. 👀
Want to find a new call ? Here is 242 probable #RPC calls with python poc ready to be triaged! 🎉
https://t.co/WjmEzuSOcz
🔗 https://github.com/p0dalirius/windows-coerced-authentication-methods
🐥 [ tweet ]