๐ [ ricnar456, Ricardo Narvaja ]
As promised, the research on CVE-2023-28252 is already published with its PoC and the detailed explanation of the reversing that we did with my friend @solidclt.
๐ https://www.coresecurity.com/core-labs/articles/understanding-cve-2022-37969-windows-clfs-lpe
๐ https://github.com/fortra/CVE-2023-28252
๐ฅ [ tweet ]
As promised, the research on CVE-2023-28252 is already published with its PoC and the detailed explanation of the reversing that we did with my friend @solidclt.
๐ https://www.coresecurity.com/core-labs/articles/understanding-cve-2022-37969-windows-clfs-lpe
๐ https://github.com/fortra/CVE-2023-28252
๐ฅ [ tweet ]
๐ฅ6
This media is not supported in your browser
VIEW IN TELEGRAM
ะะพะปะธััะฐะป ัะฒะธััะตั ะดะพ ัะตะนั ะปะธะผะธัะฐ, ะฟะพััะพะผั ะฒะผะตััะพ ะฟะพััะพะฒ ะฟัะพ ะฟะตะฝะตััะตััั ะฒะพั
๐ข8๐3๐ฅ2
๐ [ VirtualAllocEx, Daniel Feichter ]
Although the Hell's Gate POC is a few years old, I was interested in understanding it in more detail.
So I wrote the new blog post "Exploring Hell's Gate" - an in-depth look at Hell's Gate.
๐ https://redops.at/en/blog/exploring-hells-gate
๐ฅ [ tweet ]
Although the Hell's Gate POC is a few years old, I was interested in understanding it in more detail.
So I wrote the new blog post "Exploring Hell's Gate" - an in-depth look at Hell's Gate.
๐ https://redops.at/en/blog/exploring-hells-gate
๐ฅ [ tweet ]
๐1
๐ [ _RastaMouse, Rasta Mouse ]
[BLOG]
Short post showing how C# Source Generators could be used to build customisable implants.
๐ https://rastamouse.me/csharp-source-generators/
๐ฅ [ tweet ]
[BLOG]
Short post showing how C# Source Generators could be used to build customisable implants.
๐ https://rastamouse.me/csharp-source-generators/
๐ฅ [ tweet ]
๐1
๐ [ D1rkMtr, D1rkMtr ]
A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes, It utilizes a low-level keyboard input hook, allowing it to record keystrokes in certain contexts (like in mstsc.exe and CredentialUIBroker.exe)
๐ https://github.com/TheD1rkMtr/TakeMyRDP
๐ฅ [ tweet ]
A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes, It utilizes a low-level keyboard input hook, allowing it to record keystrokes in certain contexts (like in mstsc.exe and CredentialUIBroker.exe)
๐ https://github.com/TheD1rkMtr/TakeMyRDP
๐ฅ [ tweet ]
๐4
๐ [ HackAndDo, Pixis ]
Here we go, new articles are ready on a brand new and exciting topic, smart contracts security! โ๏ธ
โฉTo get things off to a good start, here's the first article, Blockchain 101.
Happy reading!
๐ https://en.hackndo.com/blockchain/
๐ฅ [ tweet ]
Here we go, new articles are ready on a brand new and exciting topic, smart contracts security! โ๏ธ
โฉTo get things off to a good start, here's the first article, Blockchain 101.
Happy reading!
๐ https://en.hackndo.com/blockchain/
๐ฅ [ tweet ]
ะฝะต ัะธะปัะฝะพ ัะฒะปะตะบะฐััั ะฑะปะพะบัะตะนะฝะฐะผะธ, ะฝะพ ะฟะพัะธัะฐัั ะผะพะถะฝะพ ัะฐะท ะพั ัะฒะะถะฐะตะผะพะณะพ ะฐะฒัะพัะฐ๐ฅ4๐2
๐ [ sensepost, Orange Cyberdefense's SensePost Team ]
Read how you can JOIN @steampipeio on @pdiscoveryio to get structured output in your reconnaissance / footprinting / bugbounty data in this experimental steampipe plugin by @leonjza!
Code here:
๐ https://sensepost.com/blog/2023/select-from-projectdiscovery-join-steampipe/
๐ https://github.com/sensepost/steampipe-plugin-projectdiscovery
๐ฅ [ tweet ]
Read how you can JOIN @steampipeio on @pdiscoveryio to get structured output in your reconnaissance / footprinting / bugbounty data in this experimental steampipe plugin by @leonjza!
Code here:
๐ https://sensepost.com/blog/2023/select-from-projectdiscovery-join-steampipe/
๐ https://github.com/sensepost/steampipe-plugin-projectdiscovery
๐ฅ [ tweet ]
๐ฅ2๐1
๐ [ Octoberfest73, Octoberfest7 ]
Happy early 4th- TeamsPhisher is out now! Send messages + attachments to external Teams users for the purpose of phishing for access.
This short project was a fun departure from all of the BOF and Post-ex stuff I typically focus on.
#redteam #Malware
๐ https://github.com/Octoberfest7/TeamsPhisher
๐ฅ [ tweet ]
Happy early 4th- TeamsPhisher is out now! Send messages + attachments to external Teams users for the purpose of phishing for access.
This short project was a fun departure from all of the BOF and Post-ex stuff I typically focus on.
#redteam #Malware
๐ https://github.com/Octoberfest7/TeamsPhisher
๐ฅ [ tweet ]
๐ฅ3๐1
๐ [ SEKTOR7net, SEKTOR7 Institute ]
A guide to building your engagement infrastructure, by Andrรฉ Tschapeller (@hipstertrojan)
#redteam
๐ https://www.securesystems.de/blog/building-a-red-team-infrastructure-in-2023/
๐ฅ [ tweet ]
A guide to building your engagement infrastructure, by Andrรฉ Tschapeller (@hipstertrojan)
#redteam
๐ https://www.securesystems.de/blog/building-a-red-team-infrastructure-in-2023/
๐ฅ [ tweet ]
๐ฅ1
๐ [ rayanlecat, Rayan Bouyaiche ]
Hello everyone ! This weekend I participated to @_leHACK_ where i could do the CrackMapExec workshop of @mpgn_x64 . I did a little writeup if you're interested
๐ https://rayanlecat.ghost.io/write-up-workshop-cme-lehack-2023/
๐ฅ [ tweet ]
Hello everyone ! This weekend I participated to @_leHACK_ where i could do the CrackMapExec workshop of @mpgn_x64 . I did a little writeup if you're interested
๐ https://rayanlecat.ghost.io/write-up-workshop-cme-lehack-2023/
๐ฅ [ tweet ]
๐ฅ6
๐ [ eversinc33, eversinc33 ]
I was tired of manually creating wordlists or having to rely on python for pre2k sprays, so did some small adjustments to @dafthack's DomainPasswordSpray to run pre2k password spraying on all computer objects of a domain.
๐ https://github.com/eversinc33/Invoke-Pre2kSpray
๐ฅ [ tweet ]
I was tired of manually creating wordlists or having to rely on python for pre2k sprays, so did some small adjustments to @dafthack's DomainPasswordSpray to run pre2k password spraying on all computer objects of a domain.
๐ https://github.com/eversinc33/Invoke-Pre2kSpray
๐ฅ [ tweet ]
๐3
๐ [ EricaZelic, typedef struct _MALCOM { ]
Finally has some time to put the LDAP queries tweet in a blog post. Added some brief descriptions, how to enumerate nested group membership and members of Protected Users group.
๐ https://www.politoinc.com/post/ldap-queries-for-offensive-and-defensive-operations
๐ฅ [ tweet ]
Finally has some time to put the LDAP queries tweet in a blog post. Added some brief descriptions, how to enumerate nested group membership and members of Protected Users group.
๐ https://www.politoinc.com/post/ldap-queries-for-offensive-and-defensive-operations
๐ฅ [ tweet ]
๐ฅ1
๐ [ cnotin, Clรฉment Notin ]
๐ "How to read Windows serialized certificates"
Sharing a code sample to read binary files in "%APPDATA%\Microsoft\SystemCertificates\My\Certificates", which are serialized certificates, using CryptQueryObject() (and more!)
๐ https://medium.com/tenable-techblog/code-for-reading-windows-serialized-certificates-8634d3487ec7
๐ฅ [ tweet ]
๐ "How to read Windows serialized certificates"
Sharing a code sample to read binary files in "%APPDATA%\Microsoft\SystemCertificates\My\Certificates", which are serialized certificates, using CryptQueryObject() (and more!)
๐ https://medium.com/tenable-techblog/code-for-reading-windows-serialized-certificates-8634d3487ec7
๐ฅ [ tweet ]
๐ฅ1
๐ [ 0x6d69636b, Michael Schneider ]
My colleague @m8r1us has written an article about hardware keyloggers:
๐ https://www.scip.ch/en/?labs.20230706
๐ฅ [ tweet ]
My colleague @m8r1us has written an article about hardware keyloggers:
๐ https://www.scip.ch/en/?labs.20230706
๐ฅ [ tweet ]
๐ฅ1
๐ [ vxunderground, vx-underground ]
The classic Russian "Hacker" magazine had some of the coolest artwork in the 90s
๐ฅ [ tweet ]
The classic Russian "Hacker" magazine had some of the coolest artwork in the 90s
๐ฅ [ tweet ]
true๐ฅ10๐1
๐ [ ShitSecure, S3cur3Th1sSh1t ]
After holding the talks at @x33fcon
and @WEareTROOPERS
done, I also finally managed to write down my latest research about userland hook evasion:
๐ https://s3cur3th1ssh1t.github.io/Cat_Mouse_or_Chess/
๐ฅ [ tweet ]
After holding the talks at @x33fcon
and @WEareTROOPERS
done, I also finally managed to write down my latest research about userland hook evasion:
๐ https://s3cur3th1ssh1t.github.io/Cat_Mouse_or_Chess/
๐ฅ [ tweet ]
๐ฅ3