😈 [ VakninHai, Hai vaknin ]
me and @cybergentix just published Lateral movement using Internet Explorer DCOM object and StdRegProv
#redteam
#Security
https://t.co/pm5AAHUX9N
🔗 https://link.medium.com/1vF0htMuExb
🐥 [ tweet ]
me and @cybergentix just published Lateral movement using Internet Explorer DCOM object and StdRegProv
#redteam
#Security
https://t.co/pm5AAHUX9N
🔗 https://link.medium.com/1vF0htMuExb
🐥 [ tweet ]
😈 [ 0xdf_, 0xdf ]
Awkward is all about web exploitation, with auth bypass, jwt forging into awk injection, and command injection. In Beyond Root, I'll show two unintended paths (one patched, one not) that are fun learning opportunities as well.
https://t.co/rEqywcTkoV
🔗 https://0xdf.gitlab.io/2023/02/25/htb-awkward.html
🐥 [ tweet ]
Awkward is all about web exploitation, with auth bypass, jwt forging into awk injection, and command injection. In Beyond Root, I'll show two unintended paths (one patched, one not) that are fun learning opportunities as well.
https://t.co/rEqywcTkoV
🔗 https://0xdf.gitlab.io/2023/02/25/htb-awkward.html
🐥 [ tweet ]
😈 [ secu_x11, Secu ]
The Kraken has been released! A modular multi-language webshell (PHP, JSP, ASPX) focused on web post-exploitation and defense evasion.
https://t.co/AcN0hNdPre
🔗 https://github.com/kraken-ng/Kraken
🐥 [ tweet ]
The Kraken has been released! A modular multi-language webshell (PHP, JSP, ASPX) focused on web post-exploitation and defense evasion.
https://t.co/AcN0hNdPre
🔗 https://github.com/kraken-ng/Kraken
🐥 [ tweet ]
🔥2
😈 [ David3141593, David Buchanan ]
python memfd_create() oneliner:
This prints the path of a memfd, which you can use to do whatever you want (like fileless ELF execution!)
🐥 [ tweet ]
python memfd_create() oneliner:
python3 -c "import os;os.fork()or(os.setsid(),print(f'/proc/{os.getpid()}/fd/{os.memfd_create(str())}'),os.kill(os.getpid(),19))"This prints the path of a memfd, which you can use to do whatever you want (like fileless ELF execution!)
🐥 [ tweet ]
🤯2
Offensive Xwitter
😈 [ Tyl0us, Matt Eidelberg ] I've had so much fun learning rust. This is an excellent example of the power of rust, no EDR unhooking, patching of ETW, syscalls, or LITCRYPT and it calls home against EDRs. More to come soon #redteam 🐥 [ tweet ] давно пора…
Че, пацаны, аниме?
Пока еще бесплатный курс по расту от Расты, рекомендую ⬇️
🔗 https://training.zeropointsecurity.co.uk/courses/take/rust-for-n00bs
UPD. И в догонку еще плейлист от 0xdf по AOC2015 на расте ⬇️
🔗 https://www.youtube.com/playlist?list=PLJt6nPUdQbiSLYLKKRfydWeMOBwOjzM2y
#rust #courses
Пока еще бесплатный курс по расту от Расты, рекомендую ⬇️
🔗 https://training.zeropointsecurity.co.uk/courses/take/rust-for-n00bs
UPD. И в догонку еще плейлист от 0xdf по AOC2015 на расте ⬇️
🔗 https://www.youtube.com/playlist?list=PLJt6nPUdQbiSLYLKKRfydWeMOBwOjzM2y
#rust #courses
🔥1🤯1
Offensive Xwitter
😈 [ 0gtweet, Grzegorz Tworek ] Need an almost invisible, post-exploitation, persistent, fileless, LPE backdoor? There are many, but this one looks really beautiful for me: type "sc.exe sdset scmanager D:(A;;KA;;;WD)" from an elevated command prompt. 🐥 […
👹 [ snovvcrash, sn🥶vvcr💥sh ]
Now something more useful (I guess) ⬇️
https://t.co/IRqg93jbA3
Once again, inspired by another recent example from @0gtweet (#persistence by backdooring SCManager SDDL) 🙌🏻
🔗 https://github.com/snovvcrash/BOFs/blob/main/BackdoorSCManager/entry.c
🐥 [ tweet ][ quote ]
Now something more useful (I guess) ⬇️
https://t.co/IRqg93jbA3
Once again, inspired by another recent example from @0gtweet (#persistence by backdooring SCManager SDDL) 🙌🏻
🔗 https://github.com/snovvcrash/BOFs/blob/main/BackdoorSCManager/entry.c
🐥 [ tweet ][ quote ]
🔥4
APT
🔥 NimPlant С2 This is a new light-weight, first-stage C2 implant written in Nim, with a supporting Python server and Next.JS web GUI. https://github.com/chvancooten/NimPlant #c2 #nim #python #redteam
😈 [ thehackerish, thehackerish ]
Nimplant can be customized. But be CAREFUL, @chvancooten has a good sense of humor that will get you flagged😆
Here is a full tutorial
https://t.co/Np8GJK5ugT
🔗 https://www.youtube.com/watch?v=c2_g8--GvA0&ab_channel=thehackerish
🐥 [ tweet ]
Nimplant can be customized. But be CAREFUL, @chvancooten has a good sense of humor that will get you flagged😆
Here is a full tutorial
https://t.co/Np8GJK5ugT
🔗 https://www.youtube.com/watch?v=c2_g8--GvA0&ab_channel=thehackerish
🐥 [ tweet ]
🔥1
😈 [ hetmehtaa, Het Mehta ]
Firefox Add-ons For Penetration Testers 🦊
#Infosec #Firefox #Bugbounty #TheSecureEdge
🐥 [ tweet ]
Firefox Add-ons For Penetration Testers 🦊
#Infosec #Firefox #Bugbounty #TheSecureEdge
🐥 [ tweet ]
🔥1
Offensive Xwitter
😈 [ David3141593, David Buchanan ] python memfd_create() oneliner: python3 -c "import os;os.fork()or(os.setsid(),print(f'/proc/{os.getpid()}/fd/{os.memfd_create(str())}'),os.kill(os.getpid(),19))" This prints the path of a memfd, which you can use to do…
😈 [ CraigHRowland, Craig Rowland - Agentless Linux Security ]
Nice variant of memfd_create fileless attack on Linux.
Here are some things to try to find this on a box:
Nice variant of memfd_create fileless attack on Linux.
Here are some things to try to find this on a box:
ls -alR /proc/*/fd 2> /dev/null | grep "memfd: (deleted)"
grep "memfd_create" /proc/*/cmdline
strings /proc/PID/cmdline
🐥 [ tweet ][ quote ]😈 [ ZeroMemoryEx, V2 ]
New AMSI lifetime bypass, it works by searching for the first byte of each instruction to prevent updates from affecting it, Check it out.
#amsi #redteam #cybersecurity
https://t.co/J6lBOXWFyx
🔗 https://github.com/ZeroMemoryEx/Amsi-Killer
🐥 [ tweet ]
New AMSI lifetime bypass, it works by searching for the first byte of each instruction to prevent updates from affecting it, Check it out.
#amsi #redteam #cybersecurity
https://t.co/J6lBOXWFyx
🔗 https://github.com/ZeroMemoryEx/Amsi-Killer
🐥 [ tweet ]
Offensive Xwitter
😈 [ 0gtweet, Grzegorz Tworek ] Need an almost invisible, post-exploitation, persistent, fileless, LPE backdoor? There are many, but this one looks really beautiful for me: type "sc.exe sdset scmanager D:(A;;KA;;;WD)" from an elevated command prompt. 🐥 […
😈 [ 0gtweet, Grzegorz Tworek ]
Great writeup by @0xv1n explaining how it works, and how to use it. https://t.co/B1bhaisd3m
🔗 https://0xv1n.github.io/posts/scmanager/
🐥 [ tweet ][ quote ]
Great writeup by @0xv1n explaining how it works, and how to use it. https://t.co/B1bhaisd3m
🔗 https://0xv1n.github.io/posts/scmanager/
🐥 [ tweet ][ quote ]
😈 [ 0xdeaddood, leandro ]
📝 New blog post! Let's talk about NTLM authentication coercion methods using Impacket.
Somedays ago, we updated mssqlclient[.]py with many new commands. Among them, the xp_dirtree option was added. MSSQL and xp_dirtree, you know the rest 😉.
https://t.co/hbfSi3YTRC
🔗 https://0xdeaddood.rocks/2023/02/28/relaying-everything-coercing-authentications-episode-1-mssql/
🐥 [ tweet ]
📝 New blog post! Let's talk about NTLM authentication coercion methods using Impacket.
Somedays ago, we updated mssqlclient[.]py with many new commands. Among them, the xp_dirtree option was added. MSSQL and xp_dirtree, you know the rest 😉.
https://t.co/hbfSi3YTRC
🔗 https://0xdeaddood.rocks/2023/02/28/relaying-everything-coercing-authentications-episode-1-mssql/
🐥 [ tweet ]
😈 [ pdiscoveryio, ProjectDiscovery.io ]
An in-depth guide to subfinder: Beginner to advanced 🚀
What's all this about?
✅ Installation
✅ Navigating subfinder
✅ Output options
✅ Advanced options
Let us know in the comments if we missed anything 👇
https://t.co/ZKZd33KRfH
🔗 https://blog.projectdiscovery.io/do-you-really-know-subfinder-an-in-depth-guide-to-all-features-of-subfinder-beginner-to-advanced/
🐥 [ tweet ]
An in-depth guide to subfinder: Beginner to advanced 🚀
What's all this about?
✅ Installation
✅ Navigating subfinder
✅ Output options
✅ Advanced options
Let us know in the comments if we missed anything 👇
https://t.co/ZKZd33KRfH
🔗 https://blog.projectdiscovery.io/do-you-really-know-subfinder-an-in-depth-guide-to-all-features-of-subfinder-beginner-to-advanced/
🐥 [ tweet ]
😈 [ CrowdStrike, CrowdStrike ]
🚨 The 2023 Global Threat Report is now live.
Discover the latest activities of the world’s most dangerous adversaries and CrowdStrike’s recommendations for protecting your business against modern attacks.
Access the report: https://t.co/Wa7tkn56NZ
🔗 https://crwdstr.ke/60123vKer
🐥 [ tweet ]
🚨 The 2023 Global Threat Report is now live.
Discover the latest activities of the world’s most dangerous adversaries and CrowdStrike’s recommendations for protecting your business against modern attacks.
Access the report: https://t.co/Wa7tkn56NZ
🔗 https://crwdstr.ke/60123vKer
🐥 [ tweet ]
Offensive Xwitter
😈 [ CrowdStrike, CrowdStrike ] 🚨 The 2023 Global Threat Report is now live. Discover the latest activities of the world’s most dangerous adversaries and CrowdStrike’s recommendations for protecting your business against modern attacks. Access the report:…
CrowdStrike Global Threat Report 2023.pdf
11.8 MB
🔥2
😈 [ ShitSecure, S3cur3Th1sSh1t ]
Just added an Offensive Hooking example to the OffensiveNim repo:
https://t.co/5i294uVf1b
🔗 https://github.com/byt3bl33d3r/OffensiveNim/pull/57
🐥 [ tweet ]
Just added an Offensive Hooking example to the OffensiveNim repo:
https://t.co/5i294uVf1b
🔗 https://github.com/byt3bl33d3r/OffensiveNim/pull/57
🐥 [ tweet ]
😈 [ Nettitude_Labs, Nettitude Labs ]
Introducing Aladdin, a new tool by @lefterispan for red teamers to generate payloads bypassing misconfigured WDAC and AppLocker.
https://t.co/doyRU7GYad
🔗 https://labs.nettitude.com/blog/introducing-aladdin/
🐥 [ tweet ]
Introducing Aladdin, a new tool by @lefterispan for red teamers to generate payloads bypassing misconfigured WDAC and AppLocker.
https://t.co/doyRU7GYad
🔗 https://labs.nettitude.com/blog/introducing-aladdin/
🐥 [ tweet ]
😈 [ 0x0SojalSec, Md Ismail Šojal ]
just scan for subdomain without downloding the tools:
🐥 [ tweet ]
just scan for subdomain without downloding the tools:
curl -s -L https://github.com/cihanmehmet/sub.sh/raw/master/sub.sh | bash -s webscantest.com#infosec #bugbounty #cybersec
🐥 [ tweet ]
😈 [ pdiscoveryio, ProjectDiscovery.io ]
Installing all of our open source tools couldn't be easier than with 'pdtm' 🧰
1️⃣ Install pdtm here 👉 https://t.co/p52D5Af83i
2️⃣ Run pdtm
3️⃣ Sit back and watch all of our tools install.
4️⃣ Don't get comfy because it won't take long and there's hacking to do!
#opensource
🔗 https://github.com/projectdiscovery/pdtm
🐥 [ tweet ]
Installing all of our open source tools couldn't be easier than with 'pdtm' 🧰
1️⃣ Install pdtm here 👉 https://t.co/p52D5Af83i
2️⃣ Run pdtm
3️⃣ Sit back and watch all of our tools install.
4️⃣ Don't get comfy because it won't take long and there's hacking to do!
#opensource
🔗 https://github.com/projectdiscovery/pdtm
🐥 [ tweet ]
найс найс найс найсForwarded from Внутрянка
Небольшая теория про токены доступа в Windows
Ardent101
Неприметные токены. Часть 1. Теория
Вступление В ходе тестирования на проникновение нередко удается получить доступ с правами уровня локального администратора к какому-то сетевому объекту, функционирующему под управлением операционной системы семейства Windows.
Следующим этапом, как правило…
Следующим этапом, как правило…