👹 [ snovvcrash, sn🥶vvcr💥sh ]

[#Tooling ⚔️] Inspired by @s4ntiago_p and NanoDump I’ve fully switched to API Hashing for Windows API and syscalls resolution in DInjector. A quick re-hashing can be performed before compilation with a Python noscript.

🐥 [ tweet ]

😈 [ Cx01N_, Cx01N ]

This is great!
https://t.co/xkvlT03Wf1

🔗 https://github.com/NARKOZ/hacker-noscripts

🐥 [ tweet ]

😈 [ _nwodtuhs, Charlie Bromberg (Shutdown) ]

After 4 months of testing/peer-review and the PR being in draft, dacledit is now ready for official review and merge in Impacket 💪 This noscript can be used to read, write, remove, backup, restore ACEs in an object's DACL, see you soon when merged 😊

https://t.co/nQGZy1dnbR

🔗 https://github.com/SecureAuthCorp/impacket/pull/1291

🐥 [ tweet ]

😈 [ lpha3ch0, Steve Campbell ]

My latest blog post, Pivoting for Pentesters https://t.co/9N1gxtdJXn #infosec #pentest #redteam

🔗 https://www.stevencampbell.info/Pivoting-for-pentesters/

🐥 [ tweet ]

😈 [ ReconOne_, ReconOne ]

Shodan Dork in Manual mode - Part 1

Now that you all have Shodan membership it's time to try Shodan Dorks 👀👇

Credits: @securitytrails

#recon #Shodan #attacksurface #bugbountytips #BugBounty #cybersecurity

🐥 [ tweet ]

😈 [ C5pider, 5pider ]

CoffeeLdr
A Beacon Object File Loader
https://t.co/vD2QlGhLov

🔗 https://github.com/Cracked5pider/CoffeeLdr

🐥 [ tweet ]

😈 [ i_bo0om, Bo0oM ]

20 years of payment processing problems

Ru: https://t.co/Xp81RFL9hQ
En: https://t.co/aDep1kdgyu

🔗 https://bo0om.ru/20-years-of-payment-processing-problems
🔗 https://bo0om.ru/20-years-of-payment-processing-problems-en

🐥 [ tweet ]

😈 [ mpgn_x64, mpgn ]

I just merged one of the most craziest module in CrackMapExec called "hash_spider" from @hackerm00n 🚀

With an initial admin access, it will dump lsass recursively using BloodHound to find local admins path (adminTo) to harvest more users and find new paths until DA 🔥

🪂

🐥 [ tweet ]

😈 [ an0n_r0, an0n ]

elevated CVE-2022-30166 EoP to SYSTEM. the work was done by @tiraniddo, here I just modified their PoC for getting TGT dump, did some custom ticket conversion stuff then RBCD attack with the machine Kerberos TGT. works only if AllowTgtSessionKey (non-default) is enabled.

🐥 [ tweet ][ quote ]

😈 [ _RastaMouse, Rasta Mouse ]

I spent some of time I was glued to my chair with sweat to put rportfwd into SharpC2 as well.

🔗 https://github.com/SharpC2/SharpC2/tree/dev

🐥 [ tweet ]

😈 [ CoreAdvisories, CoreLabs Research ]

Get an in-depth analysis of recent #Windows #vulnerability, CVE-2022-22029> from cybersecurity expert and #exploit writer @ricnar456
https://t.co/i4nyYDiapH

🔗 https://www.coresecurity.com/core-labs/articles/analysis-cve-2022-22029-windows-network-file-system-vulnerability

🐥 [ tweet ]

😈 [ HuskyHacksMK, Matt | HuskyHacks ]

Confirmed that the new Apache Spark OS Command Injection works 🎆

CVE-2022-33891 Apache Spark Shell Command Injection Vulnerability (disc. by Kostya Kortchinsky, not me)

Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1

POC soon!

🐥 [ tweet ]

😈 [ HuskyHacksMK, Matt | HuskyHacks ]

🐍My Python POC for CVE-2022-33891, Apache Spark OS Command Injection Vulnerability

hacky, slapdash, just the way I like it

Can check if a target is vuln, do a quick reverse shell, and even has an "Interactive" mode!

comes with a vuln version of Spark

https://t.co/bOXMlXYmzd

🔗 https://github.com/HuskyHacks/cve-2022-33891

🐥 [ tweet ]

😈 [ M4yFly, Mayfly ]

GOAD exploitation part5 : sAMAccountName spoofing and printNightmare.
https://t.co/F6X1HtUhCr

🔗 https://mayfly277.github.io/posts/GOADv2-pwning-part5/

🐥 [ tweet ]

😈 [ mpgn_x64, mpgn ]

Let's bring some 'domain admin' music to CME🥳

Soon, the blue team will hate this song ! 😂🔥

🐥 [ tweet ]