😈 [ MDSecLabs, MDSec ]
"Fourteen Ways to Read the PID for the Local Security Authority Subsystem Service" - @modexpblog
presents some lesser known techniques for enumerating LSASS PIDs https://t.co/o7uzJpA0Iq
🔗 https://www.mdsec.co.uk/2022/08/fourteen-ways-to-read-the-pid-for-the-local-security-authority-subsystem-service-lsass/
🐥 [ tweet ]
"Fourteen Ways to Read the PID for the Local Security Authority Subsystem Service" - @modexpblog
presents some lesser known techniques for enumerating LSASS PIDs https://t.co/o7uzJpA0Iq
🔗 https://www.mdsec.co.uk/2022/08/fourteen-ways-to-read-the-pid-for-the-local-security-authority-subsystem-service-lsass/
🐥 [ tweet ]
😈 [ R0h1rr1m, Furkan Göksel ]
Another technique which is Call Stack Spoofing is in Nim right now! I developed the pure Nim version of the Call Stack Spoofing method thanks to @joehowwolf 's PoC and blogpost. You can find the repository below.
https://t.co/R7y34dQaYu
🔗 https://github.com/frkngksl/NimicStack
🐥 [ tweet ]
Another technique which is Call Stack Spoofing is in Nim right now! I developed the pure Nim version of the Call Stack Spoofing method thanks to @joehowwolf 's PoC and blogpost. You can find the repository below.
https://t.co/R7y34dQaYu
🔗 https://github.com/frkngksl/NimicStack
🐥 [ tweet ]
👹 [ snovvcrash, sn🥶vvcr💥sh ]
[#HackTip ⚒] Such a tiny code snippet that can help you bypass some automatic sandbox detections ⏳
#maldev
🐥 [ tweet ]
[#HackTip ⚒] Such a tiny code snippet that can help you bypass some automatic sandbox detections ⏳
#maldev
🐥 [ tweet ]
😈 [ SemperisTech, Semperis ]
Privilege escalation is a prime tool for attackers to infiltrate your #ActiveDirectory--and from there, anything they want. Learn more about a vulnerability that can enable #cyberattackers to target AD Certificate Services and take over your domain. https://t.co/rwUp9tIiAn
🔗 https://www.semperis.com/blog/ad-vulnerability-cve-2022-26923/
🐥 [ tweet ]
Privilege escalation is a prime tool for attackers to infiltrate your #ActiveDirectory--and from there, anything they want. Learn more about a vulnerability that can enable #cyberattackers to target AD Certificate Services and take over your domain. https://t.co/rwUp9tIiAn
🔗 https://www.semperis.com/blog/ad-vulnerability-cve-2022-26923/
🐥 [ tweet ]
😈 [ s4ntiago_p, S4ntiagoP ]
A small blogpost (and PoC) about creating Windows processes using syscalls 😊
https://t.co/P5isRGOnN7
🔗 https://www.coresecurity.com/core-labs/articles/creating-processes-using-system-calls
🐥 [ tweet ]
A small blogpost (and PoC) about creating Windows processes using syscalls 😊
https://t.co/P5isRGOnN7
🔗 https://www.coresecurity.com/core-labs/articles/creating-processes-using-system-calls
🐥 [ tweet ]
😈 [ _RastaMouse, Rasta Mouse ]
[BLOG]
Fun post on how to combine evilginx by @mrgretzky and BITB by @mrd0x.
https://t.co/8gShYwEyPY
🔗 https://rastamouse.me/evilginx-meet-bitb/
🐥 [ tweet ]
[BLOG]
Fun post on how to combine evilginx by @mrgretzky and BITB by @mrd0x.
https://t.co/8gShYwEyPY
🔗 https://rastamouse.me/evilginx-meet-bitb/
🐥 [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ MDSecLabs, MDSec ]
In part 3 of our "How I Met Your Beacon" series, @domchell analyses techniques to detect Brute Ratel https://t.co/4wNtM5mNH7 #brc4
🔗 https://www.mdsec.co.uk/2022/08/part-3-how-i-met-your-beacon-brute-ratel/
🐥 [ tweet ]
In part 3 of our "How I Met Your Beacon" series, @domchell analyses techniques to detect Brute Ratel https://t.co/4wNtM5mNH7 #brc4
🔗 https://www.mdsec.co.uk/2022/08/part-3-how-i-met-your-beacon-brute-ratel/
🐥 [ tweet ]
😈 [ last0x00, last ]
After a few weeks of development, I'm happy to share my new work: PersistenceSniper. It is a #Powershell module that allows #BlueTeams, #IncidentResponders and #Sysadmins to hunt persistences implanted in their Windows machines. Check it out!
https://t.co/oma0h8gFfF
🔗 https://github.com/last-byte/PersistenceSniper/
🐥 [ tweet ]
After a few weeks of development, I'm happy to share my new work: PersistenceSniper. It is a #Powershell module that allows #BlueTeams, #IncidentResponders and #Sysadmins to hunt persistences implanted in their Windows machines. Check it out!
https://t.co/oma0h8gFfF
🔗 https://github.com/last-byte/PersistenceSniper/
🐥 [ tweet ]
Forwarded from Ralf Hacker Channel (Ralf Hacker)
Спасибо @snovvcrash, снова запостил годный материал
https://habr.com/ru/company/angarasecurity/blog/680138/
#pentest #redteam #ad
https://habr.com/ru/company/angarasecurity/blog/680138/
#pentest #redteam #ad
Хабр
Делегируй меня полностью, или Новый взгляд на RBCD-атаки в AD
«Злоупотребление ограниченным делегированием Kerberos на основе ресурсов» — как много в этом звуке! Точнее уже не просто звуке и даже не словосочетании, а целом классе наступательных техник в доменной...
😈 [ praetorianlabs, Praetorian ]
Anatomy of an automotive security assessment that help protect life and limb
https://t.co/cg7pAq5Luz
#automotivesecurity #carhacking
🔗 https://www.praetorian.com/blog/automotive-security-assessment-anatomy/
🐥 [ tweet ]
Anatomy of an automotive security assessment that help protect life and limb
https://t.co/cg7pAq5Luz
#automotivesecurity #carhacking
🔗 https://www.praetorian.com/blog/automotive-security-assessment-anatomy/
🐥 [ tweet ]
😈 [ chvancooten, Cas van Cooten ]
Very cool that Elastic published their EDR rules. Really builds confidence that their detections are actually worthwhile vs some other EDR vendors that seem to rely on frantically obscuring and limiting access to their product 👀
https://t.co/KBQZ03aOdV
🔗 https://github.com/elastic/protections-artifacts
🐥 [ tweet ][ quote ]
Very cool that Elastic published their EDR rules. Really builds confidence that their detections are actually worthwhile vs some other EDR vendors that seem to rely on frantically obscuring and limiting access to their product 👀
https://t.co/KBQZ03aOdV
🔗 https://github.com/elastic/protections-artifacts
🐥 [ tweet ][ quote ]
😈 [ ly4k_, Oliver Lyak ]
Certipy reached 1k stars on GitHub. Let’s celebrate with a brand new version, new research, a forked BloodHound GUI with ADCS support, and many new features, for instance Schannel authentication via LDAPS, SSPI authentication, and much more!
https://t.co/h85p3cCO1N
🔗 https://research.ifcr.dk/certipy-4-0-esc9-esc10-bloodhound-gui-new-authentication-and-request-methods-and-more-7237d88061f7
🐥 [ tweet ]
Certipy reached 1k stars on GitHub. Let’s celebrate with a brand new version, new research, a forked BloodHound GUI with ADCS support, and many new features, for instance Schannel authentication via LDAPS, SSPI authentication, and much more!
https://t.co/h85p3cCO1N
🔗 https://research.ifcr.dk/certipy-4-0-esc9-esc10-bloodhound-gui-new-authentication-and-request-methods-and-more-7237d88061f7
🐥 [ tweet ]
👹 [ snovvcrash, sn🥶vvcr💥sh ]
[#HackTip ⚒] A cool technique for initial AD access during a pentest. Got a Cisco IP Phone nearby? Congrats, you’re (almost) a domain user!
#pentest #ad #cisco
🔗 https://www.trustedsec.com/blog/seeyoucm-thief-exploiting-common-misconfigurations-in-cisco-phone-systems/
🔗 https://www.n00py.io/2022/01/unauthenticated-dumping-of-usernames-via-cisco-unified-call-manager-cucm/
🔗 https://github.com/llt4l/iCULeak.py
🐥 [ tweet ]
[#HackTip ⚒] A cool technique for initial AD access during a pentest. Got a Cisco IP Phone nearby? Congrats, you’re (almost) a domain user!
#pentest #ad #cisco
🔗 https://www.trustedsec.com/blog/seeyoucm-thief-exploiting-common-misconfigurations-in-cisco-phone-systems/
🔗 https://www.n00py.io/2022/01/unauthenticated-dumping-of-usernames-via-cisco-unified-call-manager-cucm/
🔗 https://github.com/llt4l/iCULeak.py
🐥 [ tweet ]
😈 [ ntlmrelay, Ring3API ]
📌How Does Windows Execute Shortcuts (.LNK)? - by @LabsSentinel
➡️https://t.co/azJmSz7A5T
#BlueTeam #ThreatHunting #DFIR
🔗 https://www.sentinelone.com/labs/who-needs-macros-threat-actors-pivot-to-abusing-explorer-and-other-lolbins-via-windows-shortcuts/
🐥 [ tweet ]
📌How Does Windows Execute Shortcuts (.LNK)? - by @LabsSentinel
➡️https://t.co/azJmSz7A5T
#BlueTeam #ThreatHunting #DFIR
🔗 https://www.sentinelone.com/labs/who-needs-macros-threat-actors-pivot-to-abusing-explorer-and-other-lolbins-via-windows-shortcuts/
🐥 [ tweet ]
😈 [ mariuszbit, mgeeky | Mariusz Banach ]
☢️OFFICE_VBA VBE7.dll AMSI picks up on SaveToFile(.exe)
but sees no problem with saving the same PE MZ to DLL
¯\_(ツ)_/¯
Just as I pointed out in my Modern Initial Access slides:
Office VBA -> File Dropper -> DLL Side-Loading -> Teams/Defender/Anything
🐥 [ tweet ]
☢️OFFICE_VBA VBE7.dll AMSI picks up on SaveToFile(.exe)
but sees no problem with saving the same PE MZ to DLL
¯\_(ツ)_/¯
Just as I pointed out in my Modern Initial Access slides:
Office VBA -> File Dropper -> DLL Side-Loading -> Teams/Defender/Anything
🐥 [ tweet ]
😈 [ mariuszbit, mgeeky | Mariusz Banach ]
☢️ Backdooring Office Structures. Part 1: The Oldschool
I've just published a blog post touching on different payload hiding strategies within macro-enabled Office documents.
First part touches on basics, whilst the Part 2 will reveal my novel technique
https://t.co/8XLuYbnEqU
🔗 https://bit.ly/3vKKZaZ
🐥 [ tweet ]
☢️ Backdooring Office Structures. Part 1: The Oldschool
I've just published a blog post touching on different payload hiding strategies within macro-enabled Office documents.
First part touches on basics, whilst the Part 2 will reveal my novel technique
https://t.co/8XLuYbnEqU
🔗 https://bit.ly/3vKKZaZ
🐥 [ tweet ]
Pentester's Promiscuous Notebook (by snovvcrash).pdf
7 MB
Я тут решил поиграться с пробной подпиской GitBook ради фичи выгрузки спейса Pentester's Promiscuous Notebook в PDF (было множество запросов в ЛС). Не знаю, зачем вам это, но все для людей, как говорится.
Получите, распишитесь.
Получите, распишитесь.
🔥5