😈 [ _zblurx, Thomas Seigneuret ]

Want to bypass Windows Defender when dumping LSASS ? Just dump into .log files😅

🐥 [ tweet ]

😈 [ kleiton0x7e, Kleiton Kurti ]

Came up with an improved version of WMIExec. By leveraging the Win32_ScheduledJob class, we can remotely create scheduled jobs. This way it's not required anymore to rely on port 139 and 445.

Github:

#CyberSecurity #redteam #infosec #infosecurity

🔗 https://github.com/WKL-Sec/wmiexec/

🐥 [ tweet ]

😈 [ passthehashbrwn, Josh ]

Just published a new blog post covering how to hide Beacon during BOF execution. If your BOF triggers a memory scan then EDR is likely to find Beacon and kill your process, but we can mask it using a simple technique.

🔗 https://securityintelligence.com/posts/how-to-hide-beacon-during-bof-execution/
🔗 https://github.com/xforcered/bofmask

🐥 [ tweet ]

😈 [ an0n_r0, an0n ]

Just recreated this awesome @SpecterOps (@zyn3rgy, @0xthirteen) technique for initial access by #backdooring a random #ClickOnce application with a Cobalt Strike stager. While I became a ClickOnce addict🙃, compiled a short writeup about my journey:

🔗 https://an0n-r0.medium.com/backdooring-clickonce-net-for-initial-access-a-practical-example-1eb6863c0579

🐥 [ tweet ][ quote ]

4 новых видео на канале SpecterOps

Security Distilled: Building a First-Principles Approach to Security
https://www.youtube.com/watch?v=zjJaYwqVHxY

A Taste of Kerberos Abuse
https://www.youtube.com/watch?v=9SUXifUp9ZY

The BloodHound 4.3 Release: Get Global Admin More Often
https://www.youtube.com/watch?v=H1q-CBHbmHE

Red + Blue, How Purple Are You? Identifying Gaps in The Spectrum of Security
https://www.youtube.com/watch?v=B_2AfoT2WxU

😈 [ ricnar456, Ricardo Narvaja ]

As promised, the research on CVE-2023-28252 is already published with its PoC and the detailed explanation of the reversing that we did with my friend @solidclt.

🔗 https://www.coresecurity.com/core-labs/articles/understanding-cve-2022-37969-windows-clfs-lpe
🔗 https://github.com/fortra/CVE-2023-28252

🐥 [ tweet ]

Долистал твиттер до рейт лимита, поэтому вместо постов про пенетресты вот

😈 [ VirtualAllocEx, Daniel Feichter ]

Although the Hell's Gate POC is a few years old, I was interested in understanding it in more detail.
So I wrote the new blog post "Exploring Hell's Gate" - an in-depth look at Hell's Gate.

🔗 https://redops.at/en/blog/exploring-hells-gate

🐥 [ tweet ]

😈 [ _RastaMouse, Rasta Mouse ]

[BLOG]
Short post showing how C# Source Generators could be used to build customisable implants.

🔗 https://rastamouse.me/csharp-source-generators/

🐥 [ tweet ]

😈 [ D1rkMtr, D1rkMtr ]

A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes, It utilizes a low-level keyboard input hook, allowing it to record keystrokes in certain contexts (like in mstsc.exe and CredentialUIBroker.exe)

🔗 https://github.com/TheD1rkMtr/TakeMyRDP

🐥 [ tweet ]

😈 [ HackAndDo, Pixis ]

Here we go, new articles are ready on a brand new and exciting topic, smart contracts security! ⛓️

⏩To get things off to a good start, here's the first article, Blockchain 101.
Happy reading!

🔗 https://en.hackndo.com/blockchain/

🐥 [ tweet ]

не сильно увлекаюсь блокчейнами, но почитать можно раз от увОжаемого автора

😈 [ sensepost, Orange Cyberdefense's SensePost Team ]

Read how you can JOIN @steampipeio on @pdiscoveryio to get structured output in your reconnaissance / footprinting / bugbounty data in this experimental steampipe plugin by @leonjza!

Code here:

🔗 https://sensepost.com/blog/2023/select-from-projectdiscovery-join-steampipe/
🔗 https://github.com/sensepost/steampipe-plugin-projectdiscovery

🐥 [ tweet ]

😈 [ Octoberfest73, Octoberfest7 ]

Happy early 4th- TeamsPhisher is out now! Send messages + attachments to external Teams users for the purpose of phishing for access.

This short project was a fun departure from all of the BOF and Post-ex stuff I typically focus on.

#redteam #Malware

🔗 https://github.com/Octoberfest7/TeamsPhisher

🐥 [ tweet ]

😈 [ SEKTOR7net, SEKTOR7 Institute ]

A guide to building your engagement infrastructure, by André Tschapeller (@hipstertrojan)

#redteam

🔗 https://www.securesystems.de/blog/building-a-red-team-infrastructure-in-2023/

🐥 [ tweet ]

😈 [ rayanlecat, Rayan Bouyaiche ]

Hello everyone ! This weekend I participated to @_leHACK_ where i could do the CrackMapExec workshop of @mpgn_x64 . I did a little writeup if you're interested

🔗 https://rayanlecat.ghost.io/write-up-workshop-cme-lehack-2023/

🐥 [ tweet ]

😈 [ eversinc33, eversinc33 ]

I was tired of manually creating wordlists or having to rely on python for pre2k sprays, so did some small adjustments to @dafthack's DomainPasswordSpray to run pre2k password spraying on all computer objects of a domain.

🔗 https://github.com/eversinc33/Invoke-Pre2kSpray

🐥 [ tweet ]

😈 [ EricaZelic, typedef struct _MALCOM { ]

Finally has some time to put the LDAP queries tweet in a blog post. Added some brief descriptions, how to enumerate nested group membership and members of Protected Users group.

🔗 https://www.politoinc.com/post/ldap-queries-for-offensive-and-defensive-operations

🐥 [ tweet ]

😈 [ cnotin, Clément Notin ]

📄 "How to read Windows serialized certificates"

Sharing a code sample to read binary files in "%APPDATA%\Microsoft\SystemCertificates\My\Certificates", which are serialized certificates, using CryptQueryObject() (and more!)

🔗 https://medium.com/tenable-techblog/code-for-reading-windows-serialized-certificates-8634d3487ec7

🐥 [ tweet ]

😈 [ 0x6d69636b, Michael Schneider ]

My colleague @m8r1us has written an article about hardware keyloggers:

🔗 https://www.scip.ch/en/?labs.20230706

🐥 [ tweet ]