NEW BOT Телеграм, страница - 437029589

hackspace

157 subscribers

279 photos

75 videos

23 files

998 links

hackspace

Download Telegram

About

Blog

Apps

Platform

157 subscribers

https://riccardoancarani.github.io/2023-09-14-attacking-an-edr-part-2/

riccardoancarani.github.io

Attacking an EDR - Part 2

For less fun but even more profit

50 views15:30

https://templates.nuclei.sh/

50 viewsedited 15:50

https://medium.com/@talthemaor/moving-laterally-between-azure-ad-joined-machines-ed1f8871da56

Moving laterally between Azure AD joined machines

51 viewsedited 18:21

https://github.com/trevorsaudi/Mshikaki?s=35

GitHub - trevorsaudi/Mshikaki: A shellcode injection tool capable of bypassing AMSI. Features the QueueUserAPC() injection technique…

A shellcode injection tool capable of bypassing AMSI. Features the QueueUserAPC() injection technique and supports XOR encryption - GitHub - trevorsaudi/Mshikaki: A shellcode injection tool capable...

52 views21:41

When investigating a suspicious process on Linux, try this:

strings /proc/<PID>/environ

For example, a socat command was used to spawn a reverse bindshell backdoor. Environ entry shows SSH connection data and traces to the socat comand. Some versions of netcat do similar.

Many attackers do not wipe their process environment and this can leave behind high fidelity forensics to help investigate. Many programs leave really obvious data in the process environment. It's there for the asking on Linux.

47 views17:56

https://medium.com/@cyb_detective/analyzing-telegram-chats-and-channels-regular-expressions-in-osint-in-practice-48810d5b77e6?s=35

Analyzing Telegram chats and channels. Regular expressions in OSINT in practice

Reading other people’s conversations in public Telegram chats can sometimes be very boring and tedious. And unfortunately, often it may not…

41 views08:09

1693861304011.gif

40 views18:52

https://www.elastic.co/security-labs/inside-microsofts-plan-to-kill-pplfault?s=35

Inside Microsoft's plan to kill PPLFault — Elastic Security Labs

In this research publication, we'll learn about upcoming improvements to the Windows Code Integrity subsystem that will make it harder for malware to tamper with Anti-Malware processes and other important security features.

43 views02:17

https://powerseb.github.io/posts/LSASS-parsing-without-a-cat/?s=35

Read memory dumps without a cat.

The aim of this article is to provide an insight in the most hidden secrets of the hacker world and the inner workings of their most holy tools, or maybe it is just an article how to read and parse LSASS memory dumps.

42 views08:38

https://gustavshen.medium.com/bypass-amsi-on-windows-11-75d231b2cac6

Bypass AMSI on Windows 11

38 views15:26

https://github.com/senzee1984/Amsi_Bypass_In_2023

GitHub - senzee1984/Amsi_Bypass_In_2023: Amsi Bypass payload that works on Windwos 11

Amsi Bypass payload that works on Windwos 11. Contribute to senzee1984/Amsi_Bypass_In_2023 development by creating an account on GitHub.

40 views15:26

https://0xdf.gitlab.io/2023/09/23/htb-snoopy.html?s=35

0xdf hacks stuff

Snoopy starts off with a website that has a file read / directory traversal vulnerability. I’ll use that to read a bind DNS configuration, and leak the keys necessary to make changes to the configuration. Once that’s updated, I can direct password reset emails…

45 views17:12

https://marcoramilli.com/2023/09/23/malware-persistence-locations-windows-and-linux/

Marco Ramilli Web Corner

Malware Persistence Locations

Malware persistence is a crucial aspect of cyber threats that often goes unnoticed by unsuspecting users. In the realm of cybersecurity, it refers to the ability of malicious software to establish a foothold on a targeted system, allowing it to maintain its…

46 views18:53

Cisco is offering Splunk $20 billion... Unclear if they're trying to buy the company, or just renew their subnoscription for another year.

40 views12:00

https://github.com/SafeBreach-Labs/EDRaser?s=35

GitHub - SafeBreach-Labs/EDRaser: EDRaser is a powerful tool for remotely deleting access logs, Windows event logs, databases,…

EDRaser is a powerful tool for remotely deleting access logs, Windows event logs, databases, and other files on remote machines. It offers two modes of operation: automated and manual. - SafeBreach...

🔥1

40 views16:19

https://github.com/Pennyw0rth/NetExec?s=35

GitHub - Pennyw0rth/NetExec: The Network Execution Tool

The Network Execution Tool. Contribute to Pennyw0rth/NetExec development by creating an account on GitHub.

👍2

41 views16:38

https://github.com/Maldev-Academy/MaldevAcademyLdr.1?s=35

GitHub - Maldev-Academy/MaldevAcademyLdr.1

Contribute to Maldev-Academy/MaldevAcademyLdr.1 development by creating an account on GitHub.

41 views04:30

https://github.com/Marmeus/capsulecorp-ad-pentest-hyperv?s=35

GitHub - Marmeus/capsulecorp-ad-pentest-hyperv: Ansible + Vagrant + Hyper-V + Vulnerable AD 😎

Ansible + Vagrant + Hyper-V + Vulnerable AD 😎. Contribute to Marmeus/capsulecorp-ad-pentest-hyperv development by creating an account on GitHub.

46 views04:33

https://github.com/t3l3machus/Villain?s=35

GitHub - t3l3machus/Villain: Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance…

Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them...

51 views06:53

https://github.com/learnwithtwoheads/devops

GitHub - LearnWithTwoHeads/devops: A collection of practices and code examples for learning all things DevOps

A collection of practices and code examples for learning all things DevOps - LearnWithTwoHeads/devops

48 views12:48