Detection Alchemy - The Purple Team Way
#trustedsec
As security practitioners, we frequently extol the virtues of penetration testing and red team exercises as a way of identifying issues for remediation. On the flip side, we also acknowledge the…
via TrustedSec Blog (author: Megan Nilsen)
#trustedsec
As security practitioners, we frequently extol the virtues of penetration testing and red team exercises as a way of identifying issues for remediation. On the flip side, we also acknowledge the…
via TrustedSec Blog (author: Megan Nilsen)
Top 10 web hacking techniques of 2023 - nominations open
#portswigger
Nominations are now open for the top 10 new web hacking techniques of 2023! Over the last year, numerous security researchers have shared their discoveries with the community through blog posts, prese
via PortSwigger Research
#portswigger
Nominations are now open for the top 10 new web hacking techniques of 2023! Over the last year, numerous security researchers have shared their discoveries with the community through blog posts, prese
via PortSwigger Research
Empire / Starkiller – New Year 2024
#bcsecurity
We recently released Empire 5.8 and Starkiller 2.7. Sometimes, we forget to highlight the cool new features or changes as they release. So, in addition to covering the Empire 5.8 / Starkiller 2.7 changes, this will also recap some of the things from the recent releases you may have missed.
via BC Security Blog (author: Vincent Rose)
#bcsecurity
We recently released Empire 5.8 and Starkiller 2.7. Sometimes, we forget to highlight the cool new features or changes as they release. So, in addition to covering the Empire 5.8 / Starkiller 2.7 changes, this will also recap some of the things from the recent releases you may have missed.
via BC Security Blog (author: Vincent Rose)
Protected: CVE-2024-20656 – Local Privilege Escalation in the VSStandardCollectorService150 Service
#mdsec
via MDSec Blog (author: Admin)
#mdsec
via MDSec Blog (author: Admin)
Level Up Your Reporting
#trustedsec
As a security consultant, our number one deliverable is a report of findings and recommendations. This is what our clients are ultimately paying for. Making sure the report can be easily read and understood should be…
via TrustedSec Blog (author: Kurt Muhl)
#trustedsec
As a security consultant, our number one deliverable is a report of findings and recommendations. This is what our clients are ultimately paying for. Making sure the report can be easily read and understood should be…
via TrustedSec Blog (author: Kurt Muhl)
Calling Home, Get Your Callbacks Through RBI
#specterops
via SpecterOps Team Medium (author: Lance B. Cain)
#specterops
via SpecterOps Team Medium (author: Lance B. Cain)
Medium
Calling Home, Get Your Callbacks Through RBI
Authored By: Lance B. Cain and Alexander DeMine
Engagement Guide: How to Prepare for Your Purple Team
#trustedsec
After performing many Purple Team engagements with organizations ranging from large enterprise networks to small-to-medium-businesses, we've found that the most effective and productive experiences were due in large…
via TrustedSec Blog (author: Megan Nilsen)
#trustedsec
After performing many Purple Team engagements with organizations ranging from large enterprise networks to small-to-medium-businesses, we've found that the most effective and productive experiences were due in large…
via TrustedSec Blog (author: Megan Nilsen)
Cobalt Strike Infrastructure Maintenance – January 2024
#cobaltstrike
We will be making a small change to the Cobalt Strike infrastructure next week. This will not result in any downtime but will affect updates using old copies of the update application. TLS Certificate Update verify.cobaltstrike.com hosts a text file with SHA256 hashes for the licensed Cobalt Strike product and distribution packages for Windows, Linux…
via Cobalt Strike Blog (author: Greg Darwin)
#cobaltstrike
We will be making a small change to the Cobalt Strike infrastructure next week. This will not result in any downtime but will affect updates using old copies of the update application. TLS Certificate Update verify.cobaltstrike.com hosts a text file with SHA256 hashes for the licensed Cobalt Strike product and distribution packages for Windows, Linux…
via Cobalt Strike Blog (author: Greg Darwin)
Insomni'hack 2024 CTF Teaser - Cache Cache
#itm4n
Last year, for the Insomni’hack 2023 CTF Teaser, I created a challenge based on a logic bug in a Windows RPC server. I was pleased with the result, so I renewed the experience. Besides, I already knew what type of bug to tackle for this new edition. 😈 Personal thoughts Like my previous write-up, I will begin with some thoughts about the difficulties of creating a challenge and fac...
via Itm4n Blog (author: itm4n)
#itm4n
Last year, for the Insomni’hack 2023 CTF Teaser, I created a challenge based on a logic bug in a Windows RPC server. I was pleased with the result, so I renewed the experience. Besides, I already knew what type of bug to tackle for this new edition. 😈 Personal thoughts Like my previous write-up, I will begin with some thoughts about the difficulties of creating a challenge and fac...
via Itm4n Blog (author: itm4n)
Atlassian Confluence - Remote Code Execution (CVE-2023-22527)
#projectdiscovery
CVE-2023-22527 is a critical vulnerability within Atlassian's Confluence Server and Data Center. This vulnerability has the potential to permit unauthenticated attackers to inject OGNL expressions into the Confluence Instance, thereby enabling the execution of arbitrary code and system commands.
via ProjectDiscovery Blog (author: Rahul Maini)
#projectdiscovery
CVE-2023-22527 is a critical vulnerability within Atlassian's Confluence Server and Data Center. This vulnerability has the potential to permit unauthenticated attackers to inject OGNL expressions into the Confluence Instance, thereby enabling the execution of arbitrary code and system commands.
via ProjectDiscovery Blog (author: Rahul Maini)
ProxyHelper2: The Sequel
#trustedsec
VersionHak5 Pineapples changed their module system in Mark VII's, breaking module compatibility.ProxyHelper2 is a reimplementation of TrustedSec's original ProxyHelper module by @_Kc57 that works on modern…
via TrustedSec Blog (author: Drew Kirkpatrick)
#trustedsec
VersionHak5 Pineapples changed their module system in Mark VII's, breaking module compatibility.ProxyHelper2 is a reimplementation of TrustedSec's original ProxyHelper module by @_Kc57 that works on modern…
via TrustedSec Blog (author: Drew Kirkpatrick)
Announcing cvemap from ProjectDiscovery
#projectdiscovery
Security professionals are constantly on guard against cyber threats, especially given the rising number and sophistication of attacks. However, there's a less obvious, yet increasingly alarming "enemy" in cybersecurity: the surge in reported Common Vulnerabilities and Exposures (CVEs). Though CVEs are vital for identifying and discussing
via ProjectDiscovery Blog (author: Brendan O'Leary)
#projectdiscovery
Security professionals are constantly on guard against cyber threats, especially given the rising number and sophistication of attacks. However, there's a less obvious, yet increasingly alarming "enemy" in cybersecurity: the surge in reported Common Vulnerabilities and Exposures (CVEs). Though CVEs are vital for identifying and discussing
via ProjectDiscovery Blog (author: Brendan O'Leary)
Hiding payloads in Java source code strings
#portswigger
In this post we'll show you how Java handles unicode escapes in source code strings in a way you might find surprising - and how you can abuse them to conceal payloads. We recently released a powerful
via PortSwigger Research
#portswigger
In this post we'll show you how Java handles unicode escapes in source code strings in a way you might find surprising - and how you can abuse them to conceal payloads. We recently released a powerful
via PortSwigger Research
Guys go C:/
#tool
Found funny C2 transport realisation through CS1.6 server via RCON
https://github.com/eversinc33/1.6_C2
#tool
Found funny C2 transport realisation through CS1.6 server via RCON
https://github.com/eversinc33/1.6_C2
🔥1
Why Join The Navy If You Can Be A Pirate?
#objectivesee
From a security point of view, pirating software is not recommended! Let's analyze a pirated application that contains a (malicious) surprise.
via Objective-See Blog
#objectivesee
From a security point of view, pirating software is not recommended! Let's analyze a pirated application that contains a (malicious) surprise.
via Objective-See Blog
ADCS Attack Paths in BloodHound — Part 1
#specterops
via SpecterOps Team Medium (author: Jonas Bülow Knudsen)
#specterops
via SpecterOps Team Medium (author: Jonas Bülow Knudsen)
Medium
ADCS Attack Paths in BloodHound — Part 1
Since Will Schroeder and Lee Christensen published the Certified Pre-Owned whitepaper, the BloodHound Enterprise team at SpecterOps has…
From Zero to Purple
#trustedsec
For any Purple Team, or team using offensive techniques for defensive purposes, we need to make sure we are developing new techniques based on real-world scenarios by threat actors and groups. You’ll receive…
via TrustedSec Blog (author: Zach Bevilacqua)
#trustedsec
For any Purple Team, or team using offensive techniques for defensive purposes, we need to make sure we are developing new techniques based on real-world scenarios by threat actors and groups. You’ll receive…
via TrustedSec Blog (author: Zach Bevilacqua)
Introducing the Mutator Kit: Creating Object File Monstrosities with Sleep Mask and LLVM
#cobaltstrike
In our ‘Cobalt Strike and YARA: Can I Have Your Signature?’ blog post, we highlighted that the sleep mask is a common target for in-memory YARA signatures. In that post we recommended using the evasive sleep mask option to scramble the sleep mask at run time and break any static signatures. However, this solves the [...]
via Cobalt Strike Blog (author: William Burgess)
#cobaltstrike
In our ‘Cobalt Strike and YARA: Can I Have Your Signature?’ blog post, we highlighted that the sleep mask is a common target for in-memory YARA signatures. In that post we recommended using the evasive sleep mask option to scramble the sleep mask at run time and break any static signatures. However, this solves the [...]
via Cobalt Strike Blog (author: William Burgess)
Forwarded from Offensive Xwitter
😈 [ 5pider @C5pider ]
Modern implant design: position independent malware development.
A small blog post on how to design "modern" malware with features like global variables, raw strings, and compile-time hashing.
🔗 https://5pider.net/blog/2024/01/27/modern-shellcode-implant-design
🔗 https://github.com/Cracked5pider/Stardust
🐥 [ tweet ]
Modern implant design: position independent malware development.
A small blog post on how to design "modern" malware with features like global variables, raw strings, and compile-time hashing.
🔗 https://5pider.net/blog/2024/01/27/modern-shellcode-implant-design
🔗 https://github.com/Cracked5pider/Stardust
🐥 [ tweet ]
A Practical Guide to PrintNightmare in 2024
#itm4n
Although PrintNightmare and its variants were theoretically all addressed by Microsoft, it is still affecting organizations to this date, mainly because of quite confusing group policies and settings. In this blog post, I want to shed a light on those configuration issues, and hopefully provide clear guidance on how to remediate them. “PrintNightmare” and “Point and Print” Unless you’ve been ...
via Itm4n Blog (author: itm4n)
#itm4n
Although PrintNightmare and its variants were theoretically all addressed by Microsoft, it is still affecting organizations to this date, mainly because of quite confusing group policies and settings. In this blog post, I want to shed a light on those configuration issues, and hopefully provide clear guidance on how to remediate them. “PrintNightmare” and “Point and Print” Unless you’ve been ...
via Itm4n Blog (author: itm4n)