😈 [ praetorianlabs, Praetorian ]

Anatomy of an automotive security assessment that help protect life and limb

https://t.co/cg7pAq5Luz

#automotivesecurity #carhacking

🔗 https://www.praetorian.com/blog/automotive-security-assessment-anatomy/

🐥 [ tweet ]

😈 [ chvancooten, Cas van Cooten ]

Very cool that Elastic published their EDR rules. Really builds confidence that their detections are actually worthwhile vs some other EDR vendors that seem to rely on frantically obscuring and limiting access to their product 👀

https://t.co/KBQZ03aOdV

🔗 https://github.com/elastic/protections-artifacts

🐥 [ tweet ][ quote ]

😈 [ ly4k_, Oliver Lyak ]

Certipy reached 1k stars on GitHub. Let’s celebrate with a brand new version, new research, a forked BloodHound GUI with ADCS support, and many new features, for instance Schannel authentication via LDAPS, SSPI authentication, and much more!

https://t.co/h85p3cCO1N

🔗 https://research.ifcr.dk/certipy-4-0-esc9-esc10-bloodhound-gui-new-authentication-and-request-methods-and-more-7237d88061f7

🐥 [ tweet ]

👹 [ snovvcrash, sn🥶vvcr💥sh ]

[#HackTip ⚒] A cool technique for initial AD access during a pentest. Got a Cisco IP Phone nearby? Congrats, you’re (almost) a domain user!

#pentest #ad #cisco

🔗 https://www.trustedsec.com/blog/seeyoucm-thief-exploiting-common-misconfigurations-in-cisco-phone-systems/
🔗 https://www.n00py.io/2022/01/unauthenticated-dumping-of-usernames-via-cisco-unified-call-manager-cucm/
🔗 https://github.com/llt4l/iCULeak.py

🐥 [ tweet ]

😈 [ ntlmrelay, Ring3API ]

📌How Does Windows Execute Shortcuts (.LNK)? - by @LabsSentinel
➡️https://t.co/azJmSz7A5T

#BlueTeam #ThreatHunting #DFIR

🔗 https://www.sentinelone.com/labs/who-needs-macros-threat-actors-pivot-to-abusing-explorer-and-other-lolbins-via-windows-shortcuts/

🐥 [ tweet ]

😈 [ mariuszbit, mgeeky | Mariusz Banach ]

☢️OFFICE_VBA VBE7.dll AMSI picks up on SaveToFile(.exe)

but sees no problem with saving the same PE MZ to DLL
¯\_(ツ)_/¯

Just as I pointed out in my Modern Initial Access slides:

Office VBA -> File Dropper -> DLL Side-Loading -> Teams/Defender/Anything

🐥 [ tweet ]

😈 [ mariuszbit, mgeeky | Mariusz Banach ]

☢️ Backdooring Office Structures. Part 1: The Oldschool

I've just published a blog post touching on different payload hiding strategies within macro-enabled Office documents.

First part touches on basics, whilst the Part 2 will reveal my novel technique

https://t.co/8XLuYbnEqU

🔗 https://bit.ly/3vKKZaZ

🐥 [ tweet ]

Я тут решил поиграться с пробной подпиской GitBook ради фичи выгрузки спейса Pentester's Promiscuous Notebook в PDF (было множество запросов в ЛС). Не знаю, зачем вам это, но все для людей, как говорится.

Получите, распишитесь.

👹 [ snovvcrash, sn🥶vvcr💥sh ]

🧶 (1/3) PCredz in Docker Thread

I’m a big fan of the #Impacket multi-relay feature that not only allows an attacker to keep multiple relay targets alive, but can also be used for performing both #NTLM relay AND #hashes dump at the same time ⏬

https://t.co/EZtH02ynTN

#pentest

🔗 https://www.secureauth.com/blog/we-love-relaying-credentials-a-technical-guide-to-relaying-credentials-everywhere/

🐥 [ tweet ]

👹 [ snovvcrash, sn🥶vvcr💥sh ]

🧶 (2/3) Unfortunately, I couldn’t get it working recently (no idea why), so I decided to use another great tool PCredz (👋🏻 @porchetta_ind) to capture hashes directly from my network interface. That also failed due to the Cython bug with Python 3.10 ⏬

https://t.co/sX0Q6Pchyz

🔗 https://stackoverflow.com/a/70454853/6253579

🐥 [ tweet ]

👹 [ snovvcrash, sn🥶vvcr💥sh ]

(3/3) 🧶 So I decide to come up with a quick Dockerfile for PCredz. Feel free to use the snovvcrash/pcredz image (available on Docker Hub) if you find yourself in a similar situation!

https://t.co/rTf6PDiykA

🔗 https://github.com/snovvcrash/PCredz

🐥 [ tweet ]

😈 [ icyguider, icyguider ]

MEGA TOOL UPDATE! I've added a ton of new features to my C++ shellcode loader. These include GetSyscallStub integration, OLLVM support, Module Stomping, DLL Proxy generation, new sandbox evasion options, and storing your shellcode as an English word list!
https://t.co/XZUXwvfYk8

🔗 https://github.com/icyguider/Shhhloader

🐥 [ tweet ]

😈 [ ORCA10K, ORCA ]

after some struggling, it was done, a 217 bytes custom dynamic shellcode, that can download and run your payload from a webpage : https://t.co/cSXEHDLBif

🔗 https://gitlab.com/ORCA000/d.rdynamicshellcode

🐥 [ tweet ]

😈 [ Haus3c, Ryan ]

Pushed an update to PowerZure for some bug fixes but more importantly to remove the AzureAD PS Module requirement. It's all Graph API requests now for AAD functions. https://t.co/d7sGB1PO0K

🔗 https://github.com/hausec/PowerZure/commit/ff52222a1cfa6f756f384d53df6609f04e316a9a

🐥 [ tweet ]

😈 [ x86matthew, x86matthew ]

ClipboardInject - Abusing the clipboard to inject code into remote processes

This PoC uses the clipboard to copy a payload into a remote process, eliminating the need for VirtualAllocEx / WriteProcessMemory.

https://t.co/eELCUgAg80

🔗 https://www.x86matthew.com/view_post?id=clipboard_inject

🐥 [ tweet ]

😈 [ bohops, bohops ]

Sometimes, you just gotta

rundll32.exe -sta {clsid}

https://t.co/eaNSgO1sFy

🔗 https://lolbas-project.github.io/lolbas/Binaries/Rundll32/

🐥 [ tweet ]

😈 [ bohops, bohops ]

Other great 'rundll32' resources:

- https://t.co/IWbd6yMonw

- https://t.co/mtpH4mRkfX

- https://t.co/eaNSgO1sFy

🔗 https://nasbench.medium.com/a-deep-dive-into-rundll32-exe-642344b41e90
🔗 https://redcanary.com/threat-detection-report/techniques/rundll32/
🔗 https://lolbas-project.github.io/lolbas/Binaries/Rundll32/

🐥 [ tweet ][ quote ]