😈 [ HackerRalf @hacker_ralf ]

Everyone takes a lot from the community... it's time to give something back yourself.

Kerbeus - BOF implementation of Rubeus (not all).

🔗 https://github.com/RalfHacker/Kerbeus-BOF

P. S. PM me about all bugs

#redteam #kerberos #havoc #cobaltstrike #bof

🐥 [ tweet ]

😈 [ hermit @ackmage ]

hi, check out this tool for easy Linux kernel building and debugging - easylkb

worked on it together with @netspooky! 💕

writeup:
🔗 http://tmpout.sh/3/20.html

repo:
🔗 http://github.com/deepseagirl/easylkb

🐥 [ tweet ]

😈 [ Synacktiv @Synacktiv ]

Unlock the Global Admin access 🏆 on Azure with this pentesting mindmap made by @alexisdanizan!

🔗 https://github.com/synacktiv/Mindmaps

🐥 [ tweet ]

😈 [ OtterHacker @OtterHacker ]

Finally 🤩 I got a PIC code for my #beacon! It was a really nice journey and a lot of things have been learnt on the way. If you want to try it too, I found this blog by @winternl_t really interesting:

🔗 https://winternl.com/shellcodestdio/

And as usual, the @C5pider #Havoc ❤️

🐥 [ tweet ]

😈 [ soka @pentest_soka ]

I just released a blogpost where I describe how two open source tools can be easily converted to Reflective DLL to be loaded in memory with Cobalt Strike.

This post comes along with which exists thanks to @Prepouce_ work

🔗 https://sokarepo.github.io/redteam/2023/10/11/create-reflective-dll-for-cobaltstrike.html
🔗 https://github.com/sokaRepo/CoercedPotatoRDLL

🐥 [ tweet ]

😈 [ 𝙁 𝙀 𝙇 𝙄 𝙓 𝙈 @felixm_pw ]

Indisputable C2 tier list

🐥 [ tweet ]

кринж или рофл?

😈 [ SAINTCON @SAINTCON ]

Lee Christensen, Will Schroeder, and Maxwell Harley - Fighting Data With Data

Detailing the various red team challenges regarding data, leading into how this influenced Nemesis’ architectural decisions and design.

🔗 https://youtu.be/0q9u2hDcpIo

🐥 [ tweet ]

😈 [ an0n @an0n_r0 ]

just found that SharpHound used this RemoteRegistry trigger already earlier for session enumeration, like nmap smb-enum-sessions script and Sysinternals PsLoggedOn also. here is a nice summary about it from Sven Defatsch (@compasssecurity) in 2022:

🔗 https://blog.compass-security.com/2022/05/bloodhound-inner-workings-part-3/

🐥 [ tweet ][ quote ]

Очень круто

Some nerd on Twitter named Bjorn Staal is programming out of his mind.

11/10. Solid programming skills (designed to demonstrate quantum entanglement)

😈 [ 𝕭𝖏ø𝖗𝖓 𝕾𝖙𝖆𝖆𝖑 @_nonfigurativ_ ]

Ok, so a lot of people have been asking me for code/writeup of this so I made a stripped down example (works with an infinite amount of windows) so that you can look at to get the basic gist of it (that's all I have time for now, sorry!).

🔗 https://bgstaal.github.io/multipleWindow3dScene/
🔗 https://github.com/bgstaal/multipleWindow3dScene

🐥 [ tweet ][ quote ]

😈 [ WHOAMI @wh0amitz ]

To audit the security of read-only domain controllers, I created the SharpRODC project, a simple .NET tool for RODC-related misconfigurations.

🔗 https://github.com/wh0amitz/SharpRODC

#infosec #redteam #cybersecurity #pentesting

🐥 [ tweet ]

😈 [ OtterHacker @OtterHacker ]

Majority of custom #GetProcAddress I found didn't handle well forwarded export, here is a snippet for #GetProcAddress and #GetModuleHandle that handle this edge case !

Feel free to use it !

🔗 https://gist.github.com/OtterHacker/8abaf54694ef27b9e3d38dfe57f13bd3

🐥 [ tweet ]

Развернуть приватный Gitea на VPS-ке за 5 минут? Изи 👇🏻

$ docker run -d --name mysql-gitea -e MYSQL_ROOT_PASSWORD='my_mysql_root_pass' -v /opt/volume/mysql-gitea:/var/lib/mysql mysql:latest

$ docker container exec -it mysql-gitea bash
# mysql -u root -p'my_mysql_root_pass'
mysql> CREATE USER 'gitea-user'@'%' IDENTIFIED BY 'my_gitea_db_password';
mysql> CREATE DATABASE giteadb;
mysql> GRANT ALL PRIVILEGES ON giteadb.* TO 'gitea-user'@'%';
mysql> FLUSH PRIVILEGES;
mysql> ^DBye
# exit

$ docker run -d --name gitea -v /opt/volume/gitea:/data -p 127.0.0.1:3000:3000 -p 127.0.0.1:2222:22 -e VIRTUAL_HOST=mygitea.local -e VIRTUAL_PORT=3000 -e USER_UID=1001 -e USER_GID=1001 -e DB_TYPE=mysql -e DB_HOST=172.17.0.2:3306 -e DB_NAME=giteadb -e DB_USER=gitea-user -e DB_PASSWD='my_gitea_db_password' gitea/gitea:latest

$ socat TCP4-LISTEN:31337,bind=0.0.0.0,fork TCP4:127.0.0.1:2222

Пушить и пуллить теперь можно по такому ремоуту 👇🏻

$ git remote set-url origin '[git@mygitea.local:31337]:snovvcrash/HackThePlanet.git'

Как же похорошел девопс при контейнеризации...

#devops #git #gitea

😈 [ XMander @checkymander ]

Setting up Nemesis can be daunting, I wrote a blog post detailing the exact steps you need to to go from a fresh Ubuntu 22.04 image to a running Nemesis setup.

Future posts, I'd like to go into operational usage of it with Mythic and other tools

🔗 https://blog.checkymander.com/red%20team/tools/operations/Nemesis-Zero-To-Hero/

🐥 [ tweet ]