Forwarded from Offensive Xwitter
😈 [ 0xdea, raptor@infosec.exchange ]
Everything you never knew about #NAT and wish you hadn't asked
// by @ekr____
🔗 https://educatedguesswork.org/posts/nat-part-1/
🔗 https://educatedguesswork.org/posts/nat-part-2/
🔗 https://educatedguesswork.org/posts/nat-part-3/
🔗 https://educatedguesswork.org/posts/nat-part-4/
🐥 [ tweet ]
Everything you never knew about #NAT and wish you hadn't asked
// by @ekr____
🔗 https://educatedguesswork.org/posts/nat-part-1/
🔗 https://educatedguesswork.org/posts/nat-part-2/
🔗 https://educatedguesswork.org/posts/nat-part-3/
🔗 https://educatedguesswork.org/posts/nat-part-4/
🐥 [ tweet ]
Forwarded from 1N73LL1G3NC3
This media is not supported in your browser
VIEW IN TELEGRAM
S4UTomato
Escalate Service Account To LocalSystem via Kerberos
In any scenario where a machine is joined to a domain, you can leverage the aforementioned techniques for local privilege escalation as long as you can run code under the context of a Windows service account or a Microsoft virtual account. In a Windows domain environment, SYSTEM, NT AUTHORITY\NETWORK SERVICE, and Microsoft virtual accounts are used for authentication by system computer accounts that are joined to the domain. Understanding this is crucial because in modern versions of Windows, most Windows services run by default using Microsoft virtual accounts. Therefore, we can abuse the S4U extension to obtain the service ticket for the domain administrator account "Administrator" on the local machine. Then, with the help of SCMUACBypass, we can use that ticket to create a system service and gain SYSTEM privileges.
Techniques: Resource-based Constrained Delegation, Shadow Credentials, and Tgtdeleg.
Escalate Service Account To LocalSystem via Kerberos
In any scenario where a machine is joined to a domain, you can leverage the aforementioned techniques for local privilege escalation as long as you can run code under the context of a Windows service account or a Microsoft virtual account. In a Windows domain environment, SYSTEM, NT AUTHORITY\NETWORK SERVICE, and Microsoft virtual accounts are used for authentication by system computer accounts that are joined to the domain. Understanding this is crucial because in modern versions of Windows, most Windows services run by default using Microsoft virtual accounts. Therefore, we can abuse the S4U extension to obtain the service ticket for the domain administrator account "Administrator" on the local machine. Then, with the help of SCMUACBypass, we can use that ticket to create a system service and gain SYSTEM privileges.
Techniques: Resource-based Constrained Delegation, Shadow Credentials, and Tgtdeleg.
Forwarded from Magama Bazarov
Guide-to-Enterprise-Protocols-pdf.pdf
827 KB
Forwarded from Offensive Xwitter
👹 [ snovvcrash, sn🥶vvcr💥sh ]
FYI, #masscan users. The original masscan does NOT include the ‘TCP options’ field with MSS value which is required for some hosts to reply to the packet. The fork by @IvreRocks features the
For me that’s the masscan version of choice from now on:
🔗 https://github.com/ivre/masscan
🐥 [ tweet ]
FYI, #masscan users. The original masscan does NOT include the ‘TCP options’ field with MSS value which is required for some hosts to reply to the packet. The fork by @IvreRocks features the
--tcpmss switch that includes the mentioned field for your better scope coverage.For me that’s the masscan version of choice from now on:
🔗 https://github.com/ivre/masscan
🐥 [ tweet ]
Forwarded from Offensive Xwitter
😈 [ harmj0y, Will Schroeder - ✈ HACKER SUMMER CAMP ]
@tifkin_ , @0xdab0 , and I are very proud to announce that the alpha release of Nemesis is now public! The code is at and we have a post explaining details at 1/3
🔗 https://github.com/SpecterOps/Nemesis
🔗 https://posts.specterops.io/hacking-with-your-nemesis-7861f75fcab4
🐥 [ tweet ]
@tifkin_ , @0xdab0 , and I are very proud to announce that the alpha release of Nemesis is now public! The code is at and we have a post explaining details at 1/3
🔗 https://github.com/SpecterOps/Nemesis
🔗 https://posts.specterops.io/hacking-with-your-nemesis-7861f75fcab4
🐥 [ tweet ]
Forwarded from APT
🪄 Red Wizard
This tool automates the deployment of a comprehensive infrastructure with redirectors, backend systems, phishing relays, OSINT machines, and more. It is designed to be user-friendly, providing wizards to walk administrators and Red Team operators through the deployment process. The infrastructure is also self-documenting, making the sharing of all relevant details to the team of operators an effortless task.
🌐 Details:
https://www.secura.com/blog/red-wizard-1
#redteam #relay #infrastructure #phishing
This tool automates the deployment of a comprehensive infrastructure with redirectors, backend systems, phishing relays, OSINT machines, and more. It is designed to be user-friendly, providing wizards to walk administrators and Red Team operators through the deployment process. The infrastructure is also self-documenting, making the sharing of all relevant details to the team of operators an effortless task.
🌐 Details:
https://www.secura.com/blog/red-wizard-1
#redteam #relay #infrastructure #phishing
Forwarded from Cybred
https://blog.securitybreached.org/2023/08/18/bug-bounty-blueprint-a-beginners-guide/
Подробное руководство по Bug Bounty в 2023 году. Где, что и как нужно искать, чтобы получить максимальный профит.
Много ссылок на кейсы из жизни, ресерчи известных баг хантеров, лабы и репозитории с полезными утилитами.
Подробное руководство по Bug Bounty в 2023 году. Где, что и как нужно искать, чтобы получить максимальный профит.
Много ссылок на кейсы из жизни, ресерчи известных баг хантеров, лабы и репозитории с полезными утилитами.
Security Breached Blog
Bug Bounty Blueprint: A Beginner's Guide
This guide is a must-read for beginners to dive into Bug Bounty Hunting. It provides foundational skills, tips, tools, and resources for Bug Bounty Hunters. I've covered various aspects including vulnerabilities and learning resources. Are you ready to embark…
Forwarded from APT
This media is not supported in your browser
VIEW IN TELEGRAM
⚛️ Nuclei Templates AI Generator
Nuclei Template Editor - AI-powered hub to create, debug, scan, and store templates. Covering a wide array of vulnerabilities using public templates & rich CVE data.
📝 Note:
Current focus is HTTP, more protocols coming soon
🌐 Source:
https://templates.nuclei.sh
https://docs.nuclei.sh/editor
#nuclei #template #generator
Nuclei Template Editor - AI-powered hub to create, debug, scan, and store templates. Covering a wide array of vulnerabilities using public templates & rich CVE data.
📝 Note:
Current focus is HTTP, more protocols coming soon
🌐 Source:
https://templates.nuclei.sh
https://docs.nuclei.sh/editor
#nuclei #template #generator
Forwarded from Ralf Hacker Channel (Ralf Hacker)
Довольно интересна и свежая серия статей, в частности по AD и чуть-чуть туннелям
1. https://blog.bitsadmin.com/living-off-the-foreign-land-windows-as-offensive-platform
2. https://blog.bitsadmin.com/living-off-the-foreign-land-windows-as-offensive-platform-part-2
3. https://blog.bitsadmin.com/living-off-the-foreign-land-windows-as-offensive-platform-part-3
#ad #pentest #redteam #lofl
1. https://blog.bitsadmin.com/living-off-the-foreign-land-windows-as-offensive-platform
2. https://blog.bitsadmin.com/living-off-the-foreign-land-windows-as-offensive-platform-part-2
3. https://blog.bitsadmin.com/living-off-the-foreign-land-windows-as-offensive-platform-part-3
#ad #pentest #redteam #lofl