Using Veeam metadata for efficient extraction of Backup artefacts (1/3)
#synacktiv
via Synacktiv Blog (author: Webmaster)
#synacktiv
via Synacktiv Blog (author: Webmaster)
Active Directory Enumeration for Red Teams
#mdsec
The Directory Service is the heart and soul of many organisations, and whether its Active Directory, OpenLDAP or something more exotic, as a source of much knowledge it often acts...
via MDSec Blog (author: Admin)
#mdsec
The Directory Service is the heart and soul of many organisations, and whether its Active Directory, OpenLDAP or something more exotic, as a source of much knowledge it often acts...
via MDSec Blog (author: Admin)
Directory.ReadWrite.All Is Not As Powerful As You Might Think
#specterops
via SpecterOps Team Medium (author: Andy Robbins)
#specterops
via SpecterOps Team Medium (author: Andy Robbins)
Medium
Directory.ReadWrite.All Is Not As Powerful As You Might Think
Directory.ReadWrite.All is an MS Graph permission that is frequently cited as granting high amounts of privilege, even being equated to the…
Offensive Lab Environments (Without the Suck)
#trustedsec
WhatHave you ever been in an engagement where you need to test an evasive payload or technique, but you lack the time or resources to spin up a replica lab environment quickly? This blog will help clear that hurdle for…
via TrustedSec Blog (author: Travis Kaun)
#trustedsec
WhatHave you ever been in an engagement where you need to test an evasive payload or technique, but you lack the time or resources to spin up a replica lab environment quickly? This blog will help clear that hurdle for…
via TrustedSec Blog (author: Travis Kaun)
Hello Lucee! Let us hack Apple again?
#projectdiscovery
Last year we conducted an in-depth analysis of multiple vulnerabilities within Adobe ColdFusion, we derived valuable insights, one of which revolved around CFM and CFC handling, parsing and execution. We wondered if there are any other CFML Servers. Does this ring a bell? Allow us to introduce Lucee.
via ProjectDiscovery Blog (author: Harsh Jaiswal)
#projectdiscovery
Last year we conducted an in-depth analysis of multiple vulnerabilities within Adobe ColdFusion, we derived valuable insights, one of which revolved around CFM and CFC handling, parsing and execution. We wondered if there are any other CFML Servers. Does this ring a bell? Allow us to introduce Lucee.
via ProjectDiscovery Blog (author: Harsh Jaiswal)
❤1
Hardware Hacking: Plunder With a Bus Pirate
#trustedsec
For this blog, I'm going to assume you have a Bus Pirate, you are able to access its terminal, and you are ready to use it—but what are you going to use it on? Grab a digital multimeter (you can get something for around…
via TrustedSec Blog (author: Brian Berg)
#trustedsec
For this blog, I'm going to assume you have a Bus Pirate, you are able to access its terminal, and you are ready to use it—but what are you going to use it on? Grab a digital multimeter (you can get something for around…
via TrustedSec Blog (author: Brian Berg)
Better Living Through OpenSSH Config Files
#redsiege
SSH is an incredibly valuable tool for penetration testing. It provides us with a secure channel for administering machines, remotely executing tools, transferring…
via RedSiege Blog (author: Justin Connors)
#redsiege
SSH is an incredibly valuable tool for penetration testing. It provides us with a secure channel for administering machines, remotely executing tools, transferring…
via RedSiege Blog (author: Justin Connors)
Delegated NT DLL
#odzhan
Introduction redplait and Adam/Hexacorn already documented this in 2017 and 2018 respectively, so it’s not a new discovery. Available since RedStone 2 released in April 2017. redplait states it was introduced with insider build 15007 that appeared in January 2017.
via modexp Blog (author: odzhan)
#odzhan
Introduction redplait and Adam/Hexacorn already documented this in 2017 and 2018 respectively, so it’s not a new discovery. Available since RedStone 2 released in April 2017. redplait states it was introduced with insider build 15007 that appeared in January 2017.
via modexp Blog (author: odzhan)
The Most Dangerous Entra Role You’ve (Probably) Never Heard Of
#specterops
via SpecterOps Team Medium (author: Andy Robbins)
#specterops
via SpecterOps Team Medium (author: Andy Robbins)
Medium
The Most Dangerous Entra Role You’ve (Probably) Never Heard Of
Entra ID has a built-in role called “Partner Tier2 Support” that enables escalation to Global Admin, but this role is hidden from view in…
Top 10 web hacking techniques of 2023
#portswigger
Welcome to the Top 10 Web Hacking Techniques of 2023, the 17th edition of our annual community-powered effort to identify the most innovative must-read web security research published in the last year
via PortSwigger Research
#portswigger
Welcome to the Top 10 Web Hacking Techniques of 2023, the 17th edition of our annual community-powered effort to identify the most innovative must-read web security research published in the last year
via PortSwigger Research
🛠 HTMLSmuggler
#tool
Added smart bot detection to my HTMLSmuggler. Now it can detect headless bots and crawlers (e.g. secure mail gateways) and skip them.
#tool
Added smart bot detection to my HTMLSmuggler. Now it can detect headless bots and crawlers (e.g. secure mail gateways) and skip them.
🔥4
CMMC NOPE: Why You Don’t Need to be CMMC Compliant
#trustedsec
As a Cybersecurity Maturity Model Certification Registered Practitioner Organization (CMMC-RPO), TrustedSec fields many requests from organizations looking for help getting ready for the upcoming CMMC compliance…
via TrustedSec Blog (author: Chris Camejo)
#trustedsec
As a Cybersecurity Maturity Model Certification Registered Practitioner Organization (CMMC-RPO), TrustedSec fields many requests from organizations looking for help getting ready for the upcoming CMMC compliance…
via TrustedSec Blog (author: Chris Camejo)
SCCM Hierarchy Takeover with High Availability
#specterops
via SpecterOps Team Medium (author: Garrett Foster)
#specterops
via SpecterOps Team Medium (author: Garrett Foster)
Medium
SCCM Hierarchy Takeover with High Availability
TL;DR: SCCM sites configured to support high availability can be abused to compromise the entire hierarchy
MailItemsAccessed Woes: M365 Investigation Challenges
#trustedsec
Email compromises within Microsoft 365 are too common these days. The TrustedSec Incident Response team receives a lot of calls to investigate M365 email breaches, and one (1) of the most common investigation goals is…
via TrustedSec Blog (author: Tyler Hudak)
#trustedsec
Email compromises within Microsoft 365 are too common these days. The TrustedSec Incident Response team receives a lot of calls to investigate M365 email breaches, and one (1) of the most common investigation goals is…
via TrustedSec Blog (author: Tyler Hudak)
CMMC NOPE: Why You Don’t Need to be CMMC Compliant
#trustedsec
As a Cybersecurity Maturity Model Certification Registered Practitioner Organization (CMMC-RPO), TrustedSec fields many requests from organizations looking for help getting ready for the upcoming CMMC compliance…
via TrustedSec Blog (author: Chris Camejo)
#trustedsec
As a Cybersecurity Maturity Model Certification Registered Practitioner Organization (CMMC-RPO), TrustedSec fields many requests from organizations looking for help getting ready for the upcoming CMMC compliance…
via TrustedSec Blog (author: Chris Camejo)
Extracting PEAP Credentials from Wired Network Profiles
#itm4n
A colleague of mine recently found himself in a situation where he had physical access to a Windows machine connected to a wired network using 802.1X and saved user credentials for the authentication. Naturally, he wanted to extract those credentials. Nothing extraordinary about that you might think, and yet, there was a twist… Where to start? For this blog post, I will assume the reader is a...
via Itm4n Blog (author: itm4n)
#itm4n
A colleague of mine recently found himself in a situation where he had physical access to a Windows machine connected to a wired network using 802.1X and saved user credentials for the authentication. Naturally, he wanted to extract those credentials. Nothing extraordinary about that you might think, and yet, there was a twist… Where to start? For this blog post, I will assume the reader is a...
via Itm4n Blog (author: itm4n)
Apple Gets an 'F' for Slicing Apples
#objectivesee
Universal binaries contain multiple architecture-specific Mach-O, known as slices ...however, it turns out the Apple API to identify the best slice is broken. Let's investigate and find out why!
via Objective-See Blog
#objectivesee
Universal binaries contain multiple architecture-specific Mach-O, known as slices ...however, it turns out the Apple API to identify the best slice is broken. Let's investigate and find out why!
via Objective-See Blog
Weaponization of Token Theft – A Red Team Perspective
#trustedsec
This blog is the start of several deep dives into the weaponization of token theft. The focus of this blog will be on conditional access around devices and attacker behavior on compromising Microsoft 365 users.…
via TrustedSec Blog (author: Edwin David)
#trustedsec
This blog is the start of several deep dives into the weaponization of token theft. The focus of this blog will be on conditional access around devices and attacker behavior on compromising Microsoft 365 users.…
via TrustedSec Blog (author: Edwin David)
Dumping LSASS Like it’s 2019
#redsiege
By Alex Reid, Current Red Siege Intern A long-time tactic of threat actors and offensive security processionals alike, tampering with LSASS.exe in order to recover credentials remains a highly […]
via RedSiege Blog (author: Red Siege)
#redsiege
By Alex Reid, Current Red Siege Intern A long-time tactic of threat actors and offensive security processionals alike, tampering with LSASS.exe in order to recover credentials remains a highly […]
via RedSiege Blog (author: Red Siege)
🌭1