APT – Telegram

Forwarded from Ralf Hacker Channel (Ralf Hacker)

Если кто-то не совсем разобрался с техникой DLL Hijacking, или может совсем не в курсе, что это такое, советую данный материал. Очень хорошая работа!

https://elliotonsecurity.com/perfect-dll-hijacking/

So today, we're doing 100% original research reverse engineering the Windows library loader to not just cleanly workaround Loader Lock but, in the end, disable it outright. Plus, coming up with some stable mitigation & detection mechanisms defenders can use to help guard against DLL hijacking.

#maldev #redteam

Elliot on Security

Elliot on Security - Perfect DLL Hijacking

Disengaging Loader Lock to do anything directly from DLLMain...

🔥10

3.57K views20:57

APT

Forwarded from Ralf Hacker Channel (Ralf Hacker)

Давно думал, публиковать свой софт или нет... Вот и решил для начала переписать Rubeus (не весь конечно) на C и перевести в COF файлы. В общем, из коробки работает с Cobalt Strike и Havoc😁😁

https://github.com/RalfHacker/Kerbeus-BOF

#bof #git #soft #redteam #pentest

🔥15❤1

3.22K views13:48

APT

Forwarded from Ralf Hacker Channel (Ralf Hacker)

SMTP Smuggling - Spoofing E-Mails Worldwide. Очень крутой, при этом подробный ресерч. Вкратце, благодаря смаглу сообщений, позволяет отправить сообщение от имени любого пользователя почтового сервера в обход фильтров.

https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/

P.S. Ну и судя по реакции вендоров, они того рот ... патчить это дело😁 А значит ждем много отчётов об апте, использующей данный метод

#initial #fishing #pentest #redteam

👍13🔥3❤2👎2

3.9K views12:28

APT

😴 Creating Object File Monstrosities with Sleep Mask and LLVM

The Mutator kit is now part of the Cobalt Strike Arsenal Kit. It allows you to mutate BOFs, sleep masks and more with LLVM.

Read about it on the blog:
🔗 https://www.cobaltstrike.com/blog/introducing-the-mutator-kit-creating-object-file-monstrosities-with-sleep-mask-and-llvm

#c2 #sleepmask #llvm #redteam

👍5

3.87K views11:01

APT

👩‍💻 Azure Outlook Command & Control

Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid/ScarCruft/APT37.

🔗 https://github.com/boku7/azureOutlookC2

#c2 #azure #outlook #graphapi #redteam

Please open Telegram to view this post

VIEW IN TELEGRAM

GitHub

GitHub - boku7/azureOutlookC2: Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook…

Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP...

👍8

4.47K views11:13

APT

🖼️

BOFHound

This is an offline BloodHound ingestor and LDAP result parser. BOFHound allows operators to utilize BloodHound's beloved interface while maintaining full control over the LDAP queries being run and the spped at which they are executed. This leaves room for operator discretion to account for potential honeypot accounts, expensive LDAP query thresholds and other detection mechanisms designed with the traditional, automated BloodHound collectors in mind.

Tools:
🔗 https://github.com/coffeegist/bofhound

Research:
🔗 https://posts.specterops.io/bofhound-session-integration-7b88b6f18423

#c2 #bof #cobaltstrike #redteam

Please open Telegram to view this post

VIEW IN TELEGRAM

GitHub

GitHub - coffeegist/bofhound: Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's…

Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel - coffeegist/bofhound

🔥7❤1👍1

4.62K views08:42

APT

Forwarded from Ralf Hacker Channel (Ralf Hacker)

Набор инструментов для удалённого дампа паролей.

https://github.com/Slowerzs/ThievingFox/

Ну и сам блог:
https://blog.slowerzs.net/posts/thievingfox/

#pentest #redteam #creds

🔥10

3.78K views09:14