hackspace – Telegram
hackspace
@hackspace
157 subscribers
279 photos
75 videos
23 files
998 links
hackspace
Download Telegram
About
Blog
Apps
Platform
Join
hackspace
157 subscribers
hackspace
When you log into a Linux system, make it a habit to look at the processes with this command:

ps -auxwf

This will list out all processes in tree format. It makes it easy to spot unusual activity.

For instance, this is what a PHP reverse bindshell backdoor will look like.
94 views
hackspace
https://tastypepperoni.medium.com/bypassing-defenders-lsass-dump-detection-and-ppl-protection-in-go-7dd85d9a32e6?s=35
Medium
Bypassing Defender’s LSASS dump detection and PPL protection In Go
Overview
53 views
hackspace
https://www.bleepingcomputer.com/news/security/mgm-resorts-esxi-servers-allegedly-encrypted-in-ransomware-attack/?s=35
BleepingComputer
MGM Resorts ESXi servers allegedly encrypted in ransomware attack
An affiliate of the BlackCat ransomware group, also known as APLHV, is behind the attack that disrupted MGM Resorts' operations, forcing the company to shut down IT systems.
51 views
hackspace
https://github.com/YOLOP0wn/POSTDump?s=35
GitHub
GitHub - YOLOP0wn/POSTDump
Contribute to YOLOP0wn/POSTDump development by creating an account on GitHub.
48 views
hackspace
https://github.com/ihebski/A-Red-Teamer-diaries?s=35
GitHub
GitHub - ihebski/A-Red-Teamer-diaries: RedTeam/Pentest notes and experiments tested on several infrastructures related to professional…
RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements. - ihebski/A-Red-Teamer-diaries
54 views
hackspace
Bypassing UAC with SSPI Datagram Contexts


https://splintercod3.blogspot.com/p/bypassing-uac-with-sspi-datagram.html
50 viewsedited  
hackspace
https://github.com/pwnfoo/NTLMRecon/?s=35
GitHub
GitHub - pwnfoo/NTLMRecon: Enumerate information from NTLM authentication enabled web endpoints 🔎
Enumerate information from NTLM authentication enabled web endpoints 🔎 - GitHub - pwnfoo/NTLMRecon: Enumerate information from NTLM authentication enabled web endpoints 🔎
52 views
hackspace
This media is not supported in your browser
VIEW IN TELEGRAM
51 views
hackspace
https://github.com/n0a/telegram-get-remote-ip
GitHub
GitHub - n0a/telegram-get-remote-ip: Get IP address on other side audio call in Telegram.
Get IP address on other side audio call in Telegram. - n0a/telegram-get-remote-ip
50 views
hackspace
https://labs.watchtowr.com/xortigate-or-cve-2023-27997/?s=35
watchTowr Labs
Xortigate, or CVE-2023-27997 - The Rumoured RCE That Was
When Lexfo Security teased a critical pre-authentication RCE bug in FortiGate devices on Saturday 10th, many people speculated on the practical impact of the bug. Would this be a true, sky-is-falling level vulnerability like the recent CVE-2022-42475? Or…
51 views
hackspace
https://riccardoancarani.github.io/2023-09-14-attacking-an-edr-part-2/
riccardoancarani.github.io
Attacking an EDR - Part 2
For less fun but even more profit
50 views
hackspace
https://templates.nuclei.sh/
50 viewsedited  
hackspace
https://medium.com/@talthemaor/moving-laterally-between-azure-ad-joined-machines-ed1f8871da56
Medium
Moving laterally between Azure AD joined machines
. . .
51 viewsedited  
hackspace
https://github.com/trevorsaudi/Mshikaki?s=35
GitHub
GitHub - trevorsaudi/Mshikaki: A shellcode injection tool capable of bypassing AMSI. Features the QueueUserAPC() injection technique…
A shellcode injection tool capable of bypassing AMSI. Features the QueueUserAPC() injection technique and supports XOR encryption - GitHub - trevorsaudi/Mshikaki: A shellcode injection tool capable...
52 views
hackspace
When investigating a suspicious process on Linux, try this:

strings /proc/<PID>/environ

For example, a socat command was used to spawn a reverse bindshell backdoor. Environ entry shows SSH connection data and traces to the socat comand. Some versions of netcat do similar.

Many attackers do not wipe their process environment and this can leave behind high fidelity forensics to help investigate. Many programs leave really obvious data in the process environment. It's there for the asking on Linux.
47 views
hackspace
https://medium.com/@cyb_detective/analyzing-telegram-chats-and-channels-regular-expressions-in-osint-in-practice-48810d5b77e6?s=35
Medium
Analyzing Telegram chats and channels. Regular expressions in OSINT in practice
Reading other people’s conversations in public Telegram chats can sometimes be very boring and tedious. And unfortunately, often it may not…
41 views
hackspace
1693861304011.gif
4.9 MB
40 views
hackspace
https://www.elastic.co/security-labs/inside-microsofts-plan-to-kill-pplfault?s=35
www.elastic.co
Inside Microsoft's plan to kill PPLFault — Elastic Security Labs
In this research publication, we'll learn about upcoming improvements to the Windows Code Integrity subsystem that will make it harder for malware to tamper with Anti-Malware processes and other important security features.
43 views
hackspace
https://powerseb.github.io/posts/LSASS-parsing-without-a-cat/?s=35
Powerseb
Read memory dumps without a cat.
The aim of this article is to provide an insight in the most hidden secrets of the hacker world and the inner workings of their most holy tools, or maybe it is just an article how to read and parse LSASS memory dumps.
42 views