😈 [ cfalta, Christoph Falta ]
I wrote something to compare the content of two volume shadow copies. Let's hope that's useful 😅 #dfir #PowerShell
https://t.co/ip15QPFaTq
🔗 https://github.com/cfalta/vsctool
🐥 [ tweet ]
I wrote something to compare the content of two volume shadow copies. Let's hope that's useful 😅 #dfir #PowerShell
https://t.co/ip15QPFaTq
🔗 https://github.com/cfalta/vsctool
🐥 [ tweet ]
😈 [ filip_dragovic, Filip Dragovic ]
Just another way to abuse SeImpersonate privilege...
https://t.co/Q175DkLnyX
Hard work is done by crisprss (dont know twitter handle) , i simply found way to weaponize it. :)
🔗 https://github.com/Wh04m1001/DiagTrackEoP
🐥 [ tweet ]
Just another way to abuse SeImpersonate privilege...
https://t.co/Q175DkLnyX
Hard work is done by crisprss (dont know twitter handle) , i simply found way to weaponize it. :)
🔗 https://github.com/Wh04m1001/DiagTrackEoP
🐥 [ tweet ]
😈 [ MDSecLabs, MDSec ]
In part 1 of this blog series, @domchell provides an overview on detecting beacons https://t.co/hsTgTqQKs7
🔗 https://www.mdsec.co.uk/2022/07/part-1-how-i-met-your-beacon-overview/
🐥 [ tweet ]
In part 1 of this blog series, @domchell provides an overview on detecting beacons https://t.co/hsTgTqQKs7
🔗 https://www.mdsec.co.uk/2022/07/part-1-how-i-met-your-beacon-overview/
🐥 [ tweet ]
😈 [ chvancooten, Cas van Cooten ]
Slides for my talk "BYOT: Build Your Own Tools for Fun and Profit" presented at @x33fcon 2022 published here! 👇
https://t.co/630BRCEi3Q
🔗 https://github.com/chvancooten/conferences/blob/main/2022-07%20-%20BYOT%20Build%20Your%20Own%20Tools%20for%20Fun%20%26%20Profit%20%40%20X33fcon/BYOT%20%20-%20Build%20Your%20Own%20Tools%20For%20Fun%20And%20Profit.pdf
🐥 [ tweet ]
Slides for my talk "BYOT: Build Your Own Tools for Fun and Profit" presented at @x33fcon 2022 published here! 👇
https://t.co/630BRCEi3Q
🔗 https://github.com/chvancooten/conferences/blob/main/2022-07%20-%20BYOT%20Build%20Your%20Own%20Tools%20for%20Fun%20%26%20Profit%20%40%20X33fcon/BYOT%20%20-%20Build%20Your%20Own%20Tools%20For%20Fun%20And%20Profit.pdf
🐥 [ tweet ]
👹 [ snovvcrash, sn🥶vvcr💥sh ]
[#HackTip ⚒] When there’s not much info revealed about AD sites from CME subnets module, we can combine @_dirkjan’s adidnsdump with @pdiscoveryio mapcidr to get a nicely formatted list of the target intranetworks 🕸
#ad #dns
🐥 [ tweet ]
[#HackTip ⚒] When there’s not much info revealed about AD sites from CME subnets module, we can combine @_dirkjan’s adidnsdump with @pdiscoveryio mapcidr to get a nicely formatted list of the target intranetworks 🕸
#ad #dns
🐥 [ tweet ]
🔥1
😈 [ 0xdf_, 0xdf ]
The best part of Catch from @hackthebox_eu is poisoning a config such that the server uses my VM for Redis, and serving a serialized PHP object to get RCE. There's several paths, and lots of interesting exploitation.
https://t.co/hRViK12SW6
🔗 https://0xdf.gitlab.io/2022/07/23/htb-catch.html
🐥 [ tweet ]
The best part of Catch from @hackthebox_eu is poisoning a config such that the server uses my VM for Redis, and serving a serialized PHP object to get RCE. There's several paths, and lots of interesting exploitation.
https://t.co/hRViK12SW6
🔗 https://0xdf.gitlab.io/2022/07/23/htb-catch.html
🐥 [ tweet ]
😈 [ m3g9tr0n, Spiros Fraganastasis ]
Self-removing PE's with Remote Thread Injection
https://t.co/wSBqhFOl5b
🔗 http://0xthem.blogspot.com/2014/10/self-delete-pe.html
🐥 [ tweet ]
Self-removing PE's with Remote Thread Injection
https://t.co/wSBqhFOl5b
🔗 http://0xthem.blogspot.com/2014/10/self-delete-pe.html
🐥 [ tweet ]
😈 [ itm4n, Clément Labro ]
The July 2022 update of Windows 10/11 killed PPLdump 💀😢
Find out how in this blog post...
👉 https://t.co/o0izvkkSm0
🔗 https://itm4n.github.io/the-end-of-ppldump/
🐥 [ tweet ]
The July 2022 update of Windows 10/11 killed PPLdump 💀😢
Find out how in this blog post...
👉 https://t.co/o0izvkkSm0
🔗 https://itm4n.github.io/the-end-of-ppldump/
🐥 [ tweet ]
😈 [ s4tan, Antonio 's4tan' Parata ]
With the intent to be more transparent, I decided to release the source code of my C2 framework. Don't be evil :) https://t.co/xgbUxkX5Nl
🔗 https://github.com/enkomio/AlanFramework
🐥 [ tweet ]
With the intent to be more transparent, I decided to release the source code of my C2 framework. Don't be evil :) https://t.co/xgbUxkX5Nl
🔗 https://github.com/enkomio/AlanFramework
🐥 [ tweet ]
😈 [ last0x00, last ]
Following the news about @microsoft patching the exploit which made @itm4n's PPLDump a reality, it's finally time to make my RIPPL tool public. The project, heavily based off PPLDump, added many offensive functionalities to tamper with EDRs. RIP buddy ❤️
https://t.co/tYEYe0eHQS
🔗 https://github.com/last-byte/RIPPL/
🐥 [ tweet ]
Following the news about @microsoft patching the exploit which made @itm4n's PPLDump a reality, it's finally time to make my RIPPL tool public. The project, heavily based off PPLDump, added many offensive functionalities to tamper with EDRs. RIP buddy ❤️
https://t.co/tYEYe0eHQS
🔗 https://github.com/last-byte/RIPPL/
🐥 [ tweet ]
😈 [ MDSecLabs, MDSec ]
In part 2 of the How I Met Your Beacon series, we look at some strategies for detecting Cobalt Strike https://t.co/d3GujiN5QO by @domchell
🔗 https://www.mdsec.co.uk/2022/07/part-2-how-i-met-your-beacon-cobalt-strike/
🐥 [ tweet ]
In part 2 of the How I Met Your Beacon series, we look at some strategies for detecting Cobalt Strike https://t.co/d3GujiN5QO by @domchell
🔗 https://www.mdsec.co.uk/2022/07/part-2-how-i-met-your-beacon-cobalt-strike/
🐥 [ tweet ]
😈 [ 80vul, heige ]
DeimosC2 https://t.co/iful3m4ErI DeimosC2 is a post-exploitation Command & Control (C2) tool that leverages multiple communication methods in order to control machines that have been compromised. D https://t.co/XfMPOwkr0o #ZoomEye Dork
🔗 https://github.com/DeimosC2/DeimosC2
🔗 https://www.zoomeye.org/searchResult?q=%22%3Cnoscript%3EDeimos%20C2%3C%2Fnoscript%3E%22
🐥 [ tweet ]
DeimosC2 https://t.co/iful3m4ErI DeimosC2 is a post-exploitation Command & Control (C2) tool that leverages multiple communication methods in order to control machines that have been compromised. D https://t.co/XfMPOwkr0o #ZoomEye Dork
🔗 https://github.com/DeimosC2/DeimosC2
🔗 https://www.zoomeye.org/searchResult?q=%22%3Cnoscript%3EDeimos%20C2%3C%2Fnoscript%3E%22
🐥 [ tweet ]
😈 [ cnotin, Clément Notin ]
Just noticed that the amazing "Remediation And Hardening Strategies For Microsoft 365 To Defend Against UNC2452" @Mandiant whitepaper has a version 1.2 with two additional techniques from version 1.1
📜https://t.co/4WhQTixrxE
Awesome reference on #AzureAD, #M365, #ADFS security
🔗 https://www.mandiant.com/sites/default/files/2021-11/wp-m-unc2452-000343.pdf
🐥 [ tweet ]
Just noticed that the amazing "Remediation And Hardening Strategies For Microsoft 365 To Defend Against UNC2452" @Mandiant whitepaper has a version 1.2 with two additional techniques from version 1.1
📜https://t.co/4WhQTixrxE
Awesome reference on #AzureAD, #M365, #ADFS security
🔗 https://www.mandiant.com/sites/default/files/2021-11/wp-m-unc2452-000343.pdf
🐥 [ tweet ]
😈 [ LittleJoeTables, Moloch ]
Offline implant builds now supported out of the box in Sliver thanks to @capnspacehook
https://t.co/5MjdULcdXc
🔗 https://github.com/BishopFox/sliver/releases/tag/v1.5.21
🐥 [ tweet ]
Offline implant builds now supported out of the box in Sliver thanks to @capnspacehook
https://t.co/5MjdULcdXc
🔗 https://github.com/BishopFox/sliver/releases/tag/v1.5.21
🐥 [ tweet ]
😈 [ m3g9tr0n, Spiros Fraganastasis ]
Public Cloud Services Comparison
https://t.co/JNYNTXm5O7
🔗 https://comparecloud.in/
🐥 [ tweet ]
Public Cloud Services Comparison
https://t.co/JNYNTXm5O7
🔗 https://comparecloud.in/
🐥 [ tweet ]
😈 [ OscarAkaElvis, Óscar Alfonso Díaz ]
If you are interested in Binance data analysis, take a look to this awesome lib: https://t.co/uDftIcv5Cc
#binance #pandas #python3
🔗 https://github.com/nand0san/binpan_studio
🐥 [ tweet ]
If you are interested in Binance data analysis, take a look to this awesome lib: https://t.co/uDftIcv5Cc
#binance #pandas #python3
🔗 https://github.com/nand0san/binpan_studio
🐥 [ tweet ]
😈 [ ShitSecure, S3cur3Th1sSh1t ]
Another AMSI bypass alternative, usable from for example C++/C/Nim binaries as amsi.dll is not loaded there by default:
https://t.co/4isRAszjLC
🔗 https://waawaa.github.io/es/amsi_bypass-hooking-NtCreateSection/
🐥 [ tweet ]
Another AMSI bypass alternative, usable from for example C++/C/Nim binaries as amsi.dll is not loaded there by default:
https://t.co/4isRAszjLC
🔗 https://waawaa.github.io/es/amsi_bypass-hooking-NtCreateSection/
🐥 [ tweet ]