Top 10 web hacking techniques of 2023
#portswigger
Welcome to the Top 10 Web Hacking Techniques of 2023, the 17th edition of our annual community-powered effort to identify the most innovative must-read web security research published in the last year
via PortSwigger Research
#portswigger
Welcome to the Top 10 Web Hacking Techniques of 2023, the 17th edition of our annual community-powered effort to identify the most innovative must-read web security research published in the last year
via PortSwigger Research
🛠 HTMLSmuggler
#tool
Added smart bot detection to my HTMLSmuggler. Now it can detect headless bots and crawlers (e.g. secure mail gateways) and skip them.
#tool
Added smart bot detection to my HTMLSmuggler. Now it can detect headless bots and crawlers (e.g. secure mail gateways) and skip them.
🔥4
CMMC NOPE: Why You Don’t Need to be CMMC Compliant
#trustedsec
As a Cybersecurity Maturity Model Certification Registered Practitioner Organization (CMMC-RPO), TrustedSec fields many requests from organizations looking for help getting ready for the upcoming CMMC compliance…
via TrustedSec Blog (author: Chris Camejo)
#trustedsec
As a Cybersecurity Maturity Model Certification Registered Practitioner Organization (CMMC-RPO), TrustedSec fields many requests from organizations looking for help getting ready for the upcoming CMMC compliance…
via TrustedSec Blog (author: Chris Camejo)
SCCM Hierarchy Takeover with High Availability
#specterops
via SpecterOps Team Medium (author: Garrett Foster)
#specterops
via SpecterOps Team Medium (author: Garrett Foster)
Medium
SCCM Hierarchy Takeover with High Availability
TL;DR: SCCM sites configured to support high availability can be abused to compromise the entire hierarchy
MailItemsAccessed Woes: M365 Investigation Challenges
#trustedsec
Email compromises within Microsoft 365 are too common these days. The TrustedSec Incident Response team receives a lot of calls to investigate M365 email breaches, and one (1) of the most common investigation goals is…
via TrustedSec Blog (author: Tyler Hudak)
#trustedsec
Email compromises within Microsoft 365 are too common these days. The TrustedSec Incident Response team receives a lot of calls to investigate M365 email breaches, and one (1) of the most common investigation goals is…
via TrustedSec Blog (author: Tyler Hudak)
CMMC NOPE: Why You Don’t Need to be CMMC Compliant
#trustedsec
As a Cybersecurity Maturity Model Certification Registered Practitioner Organization (CMMC-RPO), TrustedSec fields many requests from organizations looking for help getting ready for the upcoming CMMC compliance…
via TrustedSec Blog (author: Chris Camejo)
#trustedsec
As a Cybersecurity Maturity Model Certification Registered Practitioner Organization (CMMC-RPO), TrustedSec fields many requests from organizations looking for help getting ready for the upcoming CMMC compliance…
via TrustedSec Blog (author: Chris Camejo)
Extracting PEAP Credentials from Wired Network Profiles
#itm4n
A colleague of mine recently found himself in a situation where he had physical access to a Windows machine connected to a wired network using 802.1X and saved user credentials for the authentication. Naturally, he wanted to extract those credentials. Nothing extraordinary about that you might think, and yet, there was a twist… Where to start? For this blog post, I will assume the reader is a...
via Itm4n Blog (author: itm4n)
#itm4n
A colleague of mine recently found himself in a situation where he had physical access to a Windows machine connected to a wired network using 802.1X and saved user credentials for the authentication. Naturally, he wanted to extract those credentials. Nothing extraordinary about that you might think, and yet, there was a twist… Where to start? For this blog post, I will assume the reader is a...
via Itm4n Blog (author: itm4n)
Apple Gets an 'F' for Slicing Apples
#objectivesee
Universal binaries contain multiple architecture-specific Mach-O, known as slices ...however, it turns out the Apple API to identify the best slice is broken. Let's investigate and find out why!
via Objective-See Blog
#objectivesee
Universal binaries contain multiple architecture-specific Mach-O, known as slices ...however, it turns out the Apple API to identify the best slice is broken. Let's investigate and find out why!
via Objective-See Blog
Weaponization of Token Theft – A Red Team Perspective
#trustedsec
This blog is the start of several deep dives into the weaponization of token theft. The focus of this blog will be on conditional access around devices and attacker behavior on compromising Microsoft 365 users.…
via TrustedSec Blog (author: Edwin David)
#trustedsec
This blog is the start of several deep dives into the weaponization of token theft. The focus of this blog will be on conditional access around devices and attacker behavior on compromising Microsoft 365 users.…
via TrustedSec Blog (author: Edwin David)
Dumping LSASS Like it’s 2019
#redsiege
By Alex Reid, Current Red Siege Intern A long-time tactic of threat actors and offensive security processionals alike, tampering with LSASS.exe in order to recover credentials remains a highly […]
via RedSiege Blog (author: Red Siege)
#redsiege
By Alex Reid, Current Red Siege Intern A long-time tactic of threat actors and offensive security processionals alike, tampering with LSASS.exe in order to recover credentials remains a highly […]
via RedSiege Blog (author: Red Siege)
🌭1
Behind the Code: Assessing Public Compile-Time Obfuscators for Enhanced OPSEC
#trustedsec
Recently, I’ve seen an uptick in interest in compile-time obfuscation of native code through the use of LLVM. Many of the base primitives used to perform these obfuscation methods are themselves over a year old, and…
via TrustedSec Blog (author: Christopher Paschen)
#trustedsec
Recently, I’ve seen an uptick in interest in compile-time obfuscation of native code through the use of LLVM. Many of the base primitives used to perform these obfuscation methods are themselves over a year old, and…
via TrustedSec Blog (author: Christopher Paschen)
Using form hijacking to bypass CSP
#portswigger
In this post we'll show you how to bypass CSP by using an often overlooked technique that can enable password theft in a seemingly secure configuration. What is form hijacking? Form hijacking isn't re
via PortSwigger Research
#portswigger
In this post we'll show you how to bypass CSP by using an often overlooked technique that can enable password theft in a seemingly secure configuration. What is form hijacking? Form hijacking isn't re
via PortSwigger Research
Release v1.9 - Eclipse
#bruteratel
Brute Ratel v1.9 [codename Eclipse] is now available for download. This update includes enhancements in evasion techniques, anti-debugging measures, and new encryption keying methods for the core, along with an update to the licensing algorithm. Please note that the Ratel server, Commander, and previous versions of badgers are not compatible with v1.8 or older releases due to significant changes in the core architecture.
via Brute Ratel C4 Blog (author: Chetan Nayak (chetan@bruteratel.com))
#bruteratel
Brute Ratel v1.9 [codename Eclipse] is now available for download. This update includes enhancements in evasion techniques, anti-debugging measures, and new encryption keying methods for the core, along with an update to the licensing algorithm. Please note that the Ratel server, Commander, and previous versions of badgers are not compatible with v1.8 or older releases due to significant changes in the core architecture.
via Brute Ratel C4 Blog (author: Chetan Nayak (chetan@bruteratel.com))
Unwelcome Guest: Abusing Azure Guest Access to Dump Users, Groups, and more
#trustedsec
Abusing Guest Access: Dumping User Lists and Group Membership with Guest Access in Azure ADThis post will walk through a user, group, and application enumeration attack against a tenant where the attacker has guest…
via TrustedSec Blog (author: nyx geek)
#trustedsec
Abusing Guest Access: Dumping User Lists and Group Membership with Guest Access in Azure ADThis post will walk through a user, group, and application enumeration attack against a tenant where the attacker has guest…
via TrustedSec Blog (author: nyx geek)
Forwarded from Red Team Manager
Как часто вы сталкиваетесь с ситуацией, когда смотришь на коллегу и думаешь: "да как тебя еще не уволили"? Решил ответить на данный вопрос и разобраться, стоит ли бояться увольнений
https://teletype.in/@redteammanager/OqRhIw5ep6n
https://teletype.in/@redteammanager/OqRhIw5ep6n
Teletype
Терпеть нельзя уволить
Как часто вы сталкиваетесь с ситуацией, когда смотришь на коллегу и думаешь: "да как тебя еще не уволили"? Увы, реальность такова, что...
Easy cross compilation - zig
#tool #maldev
Sometimes on engagement you need to cross compile your c(++) tools, but doing it is a headache because of lots of compilers you need for every OS and architecture. I found an interesting way to do it using only one tool: Zig compiler.
Leveraging the ability of LLVM and integrated cross-os and cross-architecture support built-in to the Zig compiler, you can cross compile for lots of OS and architectures.
Here is an example for cross compiling for x64 Windows, Linux and OSX:
👉
Also it can be integrated into your build system (e.g. CMake or Makefile):
👉
In addition, you also can easily leverage a power of LLVM obfuscators (e.g. https://github.com/eshard/obfuscator-llvm) to make it harder to analyze your malware.
Btw, don't forget to strip your binary 😉
#tool #maldev
Sometimes on engagement you need to cross compile your c(++) tools, but doing it is a headache because of lots of compilers you need for every OS and architecture. I found an interesting way to do it using only one tool: Zig compiler.
Leveraging the ability of LLVM and integrated cross-os and cross-architecture support built-in to the Zig compiler, you can cross compile for lots of OS and architectures.
Here is an example for cross compiling for x64 Windows, Linux and OSX:
👉
zig c++ -target x86_64-macos hello_world.cpp -o hw_mac.out
👉zig c++ -target x86_64-linux hello_world.cpp -o hw_lin.out
👉zig c++ -target x86_64-windows hello_world.cpp -o hw_win.out
Also it can be integrated into your build system (e.g. CMake or Makefile):
👉
CC="zig cc -target x86_64-macos" CXX="zig c++ -target x86_64-macos" AR="zig ar" RANLIB="zig ranlib" USE_JEMALLOC=no USE_SYSTEMD=no
In addition, you also can easily leverage a power of LLVM obfuscators (e.g. https://github.com/eshard/obfuscator-llvm) to make it harder to analyze your malware.
Btw, don't forget to strip your binary 😉
👍3