😈 [ Cx01N_, Cx01N ]

This is great!
https://t.co/xkvlT03Wf1

🔗 https://github.com/NARKOZ/hacker-noscripts

🐥 [ tweet ]

😈 [ _nwodtuhs, Charlie Bromberg (Shutdown) ]

After 4 months of testing/peer-review and the PR being in draft, dacledit is now ready for official review and merge in Impacket 💪 This noscript can be used to read, write, remove, backup, restore ACEs in an object's DACL, see you soon when merged 😊

https://t.co/nQGZy1dnbR

🔗 https://github.com/SecureAuthCorp/impacket/pull/1291

🐥 [ tweet ]

😈 [ lpha3ch0, Steve Campbell ]

My latest blog post, Pivoting for Pentesters https://t.co/9N1gxtdJXn #infosec #pentest #redteam

🔗 https://www.stevencampbell.info/Pivoting-for-pentesters/

🐥 [ tweet ]

😈 [ ReconOne_, ReconOne ]

Shodan Dork in Manual mode - Part 1

Now that you all have Shodan membership it's time to try Shodan Dorks 👀👇

Credits: @securitytrails

#recon #Shodan #attacksurface #bugbountytips #BugBounty #cybersecurity

🐥 [ tweet ]

😈 [ C5pider, 5pider ]

CoffeeLdr
A Beacon Object File Loader
https://t.co/vD2QlGhLov

🔗 https://github.com/Cracked5pider/CoffeeLdr

🐥 [ tweet ]

😈 [ i_bo0om, Bo0oM ]

20 years of payment processing problems

Ru: https://t.co/Xp81RFL9hQ
En: https://t.co/aDep1kdgyu

🔗 https://bo0om.ru/20-years-of-payment-processing-problems
🔗 https://bo0om.ru/20-years-of-payment-processing-problems-en

🐥 [ tweet ]

😈 [ mpgn_x64, mpgn ]

I just merged one of the most craziest module in CrackMapExec called "hash_spider" from @hackerm00n 🚀

With an initial admin access, it will dump lsass recursively using BloodHound to find local admins path (adminTo) to harvest more users and find new paths until DA 🔥

🪂

🐥 [ tweet ]

😈 [ an0n_r0, an0n ]

elevated CVE-2022-30166 EoP to SYSTEM. the work was done by @tiraniddo, here I just modified their PoC for getting TGT dump, did some custom ticket conversion stuff then RBCD attack with the machine Kerberos TGT. works only if AllowTgtSessionKey (non-default) is enabled.

🐥 [ tweet ][ quote ]

😈 [ _RastaMouse, Rasta Mouse ]

I spent some of time I was glued to my chair with sweat to put rportfwd into SharpC2 as well.

🔗 https://github.com/SharpC2/SharpC2/tree/dev

🐥 [ tweet ]

😈 [ CoreAdvisories, CoreLabs Research ]

Get an in-depth analysis of recent #Windows #vulnerability, CVE-2022-22029> from cybersecurity expert and #exploit writer @ricnar456
https://t.co/i4nyYDiapH

🔗 https://www.coresecurity.com/core-labs/articles/analysis-cve-2022-22029-windows-network-file-system-vulnerability

🐥 [ tweet ]

😈 [ HuskyHacksMK, Matt | HuskyHacks ]

Confirmed that the new Apache Spark OS Command Injection works 🎆

CVE-2022-33891 Apache Spark Shell Command Injection Vulnerability (disc. by Kostya Kortchinsky, not me)

Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1

POC soon!

🐥 [ tweet ]

😈 [ HuskyHacksMK, Matt | HuskyHacks ]

🐍My Python POC for CVE-2022-33891, Apache Spark OS Command Injection Vulnerability

hacky, slapdash, just the way I like it

Can check if a target is vuln, do a quick reverse shell, and even has an "Interactive" mode!

comes with a vuln version of Spark

https://t.co/bOXMlXYmzd

🔗 https://github.com/HuskyHacks/cve-2022-33891

🐥 [ tweet ]

😈 [ M4yFly, Mayfly ]

GOAD exploitation part5 : sAMAccountName spoofing and printNightmare.
https://t.co/F6X1HtUhCr

🔗 https://mayfly277.github.io/posts/GOADv2-pwning-part5/

🐥 [ tweet ]

😈 [ mpgn_x64, mpgn ]

Let's bring some 'domain admin' music to CME🥳

Soon, the blue team will hate this song ! 😂🔥

🐥 [ tweet ]

😈 [ kalilinux, Kali Linux ]

You know about our weekly images, but did you know we now have weekly VMs? Or, did you know you can use our build noscripts to automate creating your own VMs?

Check it out!

https://t.co/WKekW7dncr

🔗 https://www.kali.org/blog/kali-vm-builder-weekly/

🐥 [ tweet ]