😈 [ D1rkMtr, D1rkMtr ]

Github as C2 Demonstration , free API = free C2 Infrastructure
https://t.co/cZc2RtAJxn

🔗 https://github.com/TheD1rkMtr/GithubC2

🐥 [ tweet ]

😈 [ PortSwiggerRes, PortSwigger Research ]

Server-side prototype pollution: Black-box detection without the DoS

https://t.co/6guKOcUmdS

🔗 https://portswigger.net/research/server-side-prototype-pollution

🐥 [ tweet ]

😈 [ _zblurx, Thomas Seigneuret ]

https://t.co/1AxsR43O5Z
In order to learn Rust, I made a complete rewrite of @Defte_ Impersonate in plain Rust, and thanks to @g0h4n_0 it is now also usable as a dependency in your Rust projects (and he also made my code readable tho).

🔗 https://github.com/zblurx/impersonate-rs

🐥 [ tweet ]

😈 [ EmpireC2Project, Empire ]

How about pop-out windows and a process tab? Only 6 more days until Empire 5.0.

🐥 [ tweet ]

выглядит круто, конечно, но такой он «игрушечный» все-таки

👹 [ snovvcrash, sn🥶vvcr💥sh ]

Feeling guilty about steeling #DInvoke version of #RunPE from @_RastaMouse’s #SharpC2 for DInjector, but man this looks so 🔥🤤

🐥 [ tweet ][ quote ]

😈 [ 0x6d69636b, Michael Schneider ]

I wrote about the Microsoft Defender configuration with Microsoft Intune and what's different compared to GPO.

Surprise: Non-admin users can read exclusion lists! https://t.co/50zkrFKkSC

🔗 https://www.scip.ch/en/?labs.20230216

🐥 [ tweet ]

😈 [ decoder_it, ap ]

Short blog post on security issue in Windows group policy processing, fixed in CVE-2022-37955 https://t.co/fhoYftdOhQ

🔗 http://decoder.cloud/2023/02/16/eop-via-arbitrary-file-write-overwite-in-group-policy-client-gpsvc-cve-2022-37955/

🐥 [ tweet ]

😈 [ pdiscoveryio, ProjectDiscovery.io ]

Our very own @olearycrew is new to the security engineering game - but he was able to use ProjectDiscovery tools to get his first bug bounty (from a Fortune 50 company no less).

Learn how: https://t.co/G64avj7AFM

#hackwithautomation #pdteam

🔗 https://blog.projectdiscovery.io/using-pd-tools-to-find-my-first-subdomain-takeover/

🐥 [ tweet ]

😈 [ biskopp3n, biskopp3n ]

Released a new Backup Operator to Domain Admin tool. It contains 4 different methods for escalation, more methods will be added: https://t.co/UytiiAipIO

🔗 https://github.com/improsec/BackupOperatorToolkit

🐥 [ tweet ]

🔥 NimPlant С2

This is a new light-weight, first-stage C2 implant written in Nim, with a supporting Python server and Next.JS web GUI.

https://github.com/chvancooten/NimPlant

#c2 #nim #python #redteam

😈 [ 0x0SojalSec, Md Ismail Šojal ]

#oneliner

✅ Subdomain enumeration
✅ Full port scan
✅ HTTP web server detection

#security #bugbountytips #portscan #subdomain #chaos

🐥 [ tweet ]

😈 [ _RastaMouse, Rasta Mouse ]

ThreadlessInject updated with Nt APIs
https://t.co/GFghBMLedm

🔗 https://github.com/CCob/ThreadlessInject

🐥 [ tweet ]

😈 [ bugch3ck, Jonas Vestberg ]

Disclosed today at @Disobey_fi - psexec from #impacket expose the target system for authenticated command execution as SYSTEM. That means any user that can authenticate over the network (usually Domain Users) can run code as SYSTEM over the network.

🐥 [ tweet ]

После компрометации домена встала задача: проанализировать, проводились ли какие нибудь атаки на ACL в AD и остались ли какие нибудь закладки? Беглый взгляд на текущие состояние домена привел меня в ужас. Было совершенно не понятно какие ACL появились после компрометации, а какие были до. При этом под рукой был бэкап контроллера домена до взлома. Оказывается в инструменте ADExplorer есть режим сравнения двух дампов LDAP схемы. Этот функционал просто прекрасен! Сравнив 2 дампа я выявил странные аномалии и изменения в атрибуте NtSecurityDescriptor, которые удобее было уже посмотреть в BloodHound (напомню, можно дамп ADExplorer удобно конвертировать в json для BloodHound с помощью скрипта). Зачем смотреть в BloodHound? Дело в том, что ACL в ADExplorer представляются в формате Security Descriptor Definition Language (SDDL) , к тому же не все ACL нам интересны, а только опасные (Generic'и и специфичные), а их нам подсветит именно BloodHound.
Так же данный приём по сравнению схем LDAP удобно использовать BlueTeam: уходя в отпуск сделайте один дамп, а вернувшись - второй. А потом сравните что и где наделали админы, пока вас не было на рабочем месте))

😈 [ ustayready, Mike Felch (Stay Ready) ]

Dropped a small utility that splits a large BloodHound/AzureHound JSON file into a bunch of smaller files. Is helpful when you encounter a large environment and have a multi-gb JSON file. https://t.co/Fh91IEVrPO

🔗 https://github.com/ustayready/ShredHound

🐥 [ tweet ]

😈 [ _Kudaes_, Kurosh Dabbagh ]

This was such a simple and "stupid" idea, but at the end it seems it's working. Apply a divide and conquer approach to perform remote process injection (or any other activity) bypassing some of the most common EDRs out there.
https://t.co/CIGsgZ447q

🔗 https://github.com/Kudaes/Split

🐥 [ tweet ]

😈 [ 0xLegacyy, Jordan Jay ]

Converted @_EthicalChaos_'s novel threadless process injection project into a BOF.

Gain shellcode execution via using a relative call to hook an exported function within the remote process.

https://t.co/TLGfEmDCGs

🔗 https://github.com/iiLegacyyii/ThreadlessInject-BOF

🐥 [ tweet ]

😈 [ cube0x0, Cube0x0 ]

@bugch3ck @Disobey_fi @ippsec is way ahead of you ;) https://t.co/zfbBrPEKTP

🔗 https://youtu.be/VVZZgqIyD0Q?t=2692

🐥 [ tweet ]

хд хд