π [ serioton @seriotonctf ]
Just updated my NetExec cheatsheet. Added some new commands and tweaks. It includes the commands I use when working on HackTheBox and Vulnlab machines
π https://github.com/seriotonctf/cme-nxc-cheat-sheet
π₯ [ tweet ]
Just updated my NetExec cheatsheet. Added some new commands and tweaks. It includes the commands I use when working on HackTheBox and Vulnlab machines
π https://github.com/seriotonctf/cme-nxc-cheat-sheet
π₯ [ tweet ]
π12π₯±4
This media is not supported in your browser
VIEW IN TELEGRAM
π [ ProjectDiscovery @pdiscoveryio ]
Replace request headers from your terminal with Proxify by ProjectDiscovery!
β¨οΈ
Check it out π
π₯ [ tweet ]
Replace request headers from your terminal with Proxify by ProjectDiscovery!
β¨οΈ
proxify -req-mrd "replace_regex(request, 'User-Agent: .*', 'User-Agent: <YOUR-PAYLOAD>')"
Check it out π
π₯ [ tweet ]
π₯±13π10
π [ RedTeam Pentesting @RedTeamPT ]
The LLMNR response name spoofing pioneered by @tiraniddo and @Synacktiv does not seem to work with mDNS & NetBIOS π’
But guess what! It works with DNSπ―
π₯³ Here's the new pretender release supporting Kerberos relaying via DHCPv6-DNS-Takeover: π
π https://github.com/RedTeamPentesting/pretender/releases/tag/v1.3.1
π₯ [ tweet ]
The LLMNR response name spoofing pioneered by @tiraniddo and @Synacktiv does not seem to work with mDNS & NetBIOS π’
But guess what! It works with DNSπ―
π₯³ Here's the new pretender release supporting Kerberos relaying via DHCPv6-DNS-Takeover: π
π https://github.com/RedTeamPentesting/pretender/releases/tag/v1.3.1
π₯ [ tweet ]
π₯13π6π€1
π [ MANSK1ES @mansk1es ]
Check out my new blog post, "Weaponizing Background Images for Information Disclosure and LPE" where I walk through the AnyDesk vuln I found a few months ago (CVE-2024-12754/ZDI-24-1711):
π https://mansk1es.gitbook.io/AnyDesk_CVE-2024-12754
π₯ [ tweet ]
Check out my new blog post, "Weaponizing Background Images for Information Disclosure and LPE" where I walk through the AnyDesk vuln I found a few months ago (CVE-2024-12754/ZDI-24-1711):
π https://mansk1es.gitbook.io/AnyDesk_CVE-2024-12754
π₯ [ tweet ]
π₯3
Forwarded from Ralf Hacker Channel (Ralf Hacker)
ΠΡΠΎΡΡΠ°Ρ ΡΠ΅Π°Π»ΠΈΠ·Π°ΡΠΈΡ
https://gist.github.com/S3cur3Th1sSh1t/8294ec59d1ef38cba661697edcfacb9b
#soft #ad #pentest #redteam #dev
ts::multirdphttps://gist.github.com/S3cur3Th1sSh1t/8294ec59d1ef38cba661697edcfacb9b
#soft #ad #pentest #redteam #dev
π6π₯±2
This media is not supported in your browser
VIEW IN TELEGRAM
π [ Wietze @Wietze ]
π Today I'm launching ArgFuscator: an open-source platform documenting command-line obfuscation tricks AND letting you generate your own
π₯ 68 executables supported out of the box - use right away, make tweaks, or create your own
π Now available at
π http://argfuscator.net
π₯ [ tweet ]
π Today I'm launching ArgFuscator: an open-source platform documenting command-line obfuscation tricks AND letting you generate your own
π₯ 68 executables supported out of the box - use right away, make tweaks, or create your own
π Now available at
π http://argfuscator.net
π₯ [ tweet ]
π₯10π₯±4π2π€2
Offensive Xwitter
π [ MANSK1ES @mansk1es ] Check out my new blog post, "Weaponizing Background Images for Information Disclosure and LPE" where I walk through the AnyDesk vuln I found a few months ago (CVE-2024-12754/ZDI-24-1711): π https://mansk1es.gitbook.io/AnyDesk_CVEβ¦
π [ CICADA8Research @CICADA8Research ]
Hi friends, Recently @mansk1es presented his research about LPE in AnyDesk (CVE-2024-12754). Our team developed a POC on this vulnerabilityπ
Check it here:
π https://github.com/CICADA8-Research/Penetration/tree/main/POCs/CVE-2024-12754
π₯ [ tweet ]
Hi friends, Recently @mansk1es presented his research about LPE in AnyDesk (CVE-2024-12754). Our team developed a POC on this vulnerabilityπ
Check it here:
π https://github.com/CICADA8-Research/Penetration/tree/main/POCs/CVE-2024-12754
π₯ [ tweet ]
π₯11π3π€1
π [ Bobby Cooke @0xBoku ]
πͺOpen-sourcing πStringReaper BOF!
I've had great success in engagements carving credentials out of remote process memory with this BOF
π https://github.com/boku7/StringReaper
π₯ [ tweet ]
πͺOpen-sourcing πStringReaper BOF!
I've had great success in engagements carving credentials out of remote process memory with this BOF
π https://github.com/boku7/StringReaper
π₯ [ tweet ]
π [ eversinc33 π€πͺβο½‘Λ β @eversinc33 ]
@0xBoku recent unhooking bof reminded of this fun trick on how to unhook any windows DLL without opening a handle to an on disk file - just download it from the MS symbol server and replace in memory :3
π https://gist.github.com/eversinc33/86b4d1d71748a55efceb69a4f18f4d1d
π₯ [ tweet ]
@0xBoku recent unhooking bof reminded of this fun trick on how to unhook any windows DLL without opening a handle to an on disk file - just download it from the MS symbol server and replace in memory :3
π https://gist.github.com/eversinc33/86b4d1d71748a55efceb69a4f18f4d1d
π₯ [ tweet ]
π5
π [ Chetan Nayak (Brute Ratel C4 Author) @NinjaParanoid ]
BOF Development is in full flow at Dark Vortex. Multiple new standalone BOFs have been added and ported from various open source projects to BRC4-BOF-Artillery git-repo. New ones are mentioned in the commits. More crazy updates are on the way...
π https://github.com/paranoidninja/BRC4-BOF-Artillery
π₯ [ tweet ]
BOF Development is in full flow at Dark Vortex. Multiple new standalone BOFs have been added and ported from various open source projects to BRC4-BOF-Artillery git-repo. New ones are mentioned in the commits. More crazy updates are on the way...
π https://github.com/paranoidninja/BRC4-BOF-Artillery
π₯ [ tweet ]
π10π₯2
π [ n00py @n00py1 ]
ESC15 Manual Exploitation
π https://www.mannulinux.org/2025/02/Curious-case-of-AD-CS-ESC15-vulnerable-instance-and-its-manual-exploitation.html
π₯ [ tweet ]
ESC15 Manual Exploitation
π https://www.mannulinux.org/2025/02/Curious-case-of-AD-CS-ESC15-vulnerable-instance-and-its-manual-exploitation.html
π₯ [ tweet ]
π5π₯4
π [ vx-underground @vxunderground ]
π https://vx-api.gitbook.io/vx-api/my-projects/jeff-com-only-keylogger
π₯ [ tweet ]
Hi,
Just wrote a keylogger that uses ONLY the Windows COM (Component Object Model). The only WINAPI functions it has is GetModuleHandleW (could be replaced with a custom implemented to remove the function invocation), and GetConsoleWindow (forwards to actual SYSCALLs, can't strip it out).
Everything else is pure suffering. It is an abomination.
I'll be releasing it later once I clean up the code. It's a cool little proof-of-concept.
What should I name this thing?
-smelly smellington
π https://vx-api.gitbook.io/vx-api/my-projects/jeff-com-only-keylogger
π₯ [ tweet ]
π2π₯2
π [ CodeX @codex_tf2 ]
Releasing WebcamBOFπΈ
Webcam capture capability for Cobalt Strike as a BOF, with in-memory download options (as a file or screenshot). USB webcams supported (at least mine is)
Remind me never to use the MF API in BOFs againπ
(god i hate this codebase)
π https://github.com/CodeXTF2/WebcamBOF
π₯ [ tweet ]
Releasing WebcamBOFπΈ
Webcam capture capability for Cobalt Strike as a BOF, with in-memory download options (as a file or screenshot). USB webcams supported (at least mine is)
Remind me never to use the MF API in BOFs againπ
(god i hate this codebase)
π https://github.com/CodeXTF2/WebcamBOF
π₯ [ tweet ]
π4
Offensive Xwitter
π [ Daniel @0x64616e ] My current understanding of Kerberos Relaying π₯ [ tweet ]
π [ CICADA8Research @CICADA8Research ]
Hello friends! There is a lot of information about Kerberos Relay out and it is easy to get confused! That's why we have created a small MindMap to help you understand Kerberos Relay
U can find PDF/HTML/PNG version here:
π https://github.com/CICADA8-Research/Penetration/tree/main/KrbRelay%20MindMap
π₯ [ tweet ]
Hello friends! There is a lot of information about Kerberos Relay out and it is easy to get confused! That's why we have created a small MindMap to help you understand Kerberos Relay
U can find PDF/HTML/PNG version here:
π https://github.com/CICADA8-Research/Penetration/tree/main/KrbRelay%20MindMap
π₯ [ tweet ]
π9π₯4π€1
π [ Ellis Springe @knavesec ]
Dropping a one-off script to pull arbitrary AD attributes from ADExplorer snapshots. @0xBoku and I used this on a recent op to pull custom attributes that listed Computer objects owned by specific users so we could correlate high-value targets to systems:
π https://github.com/c3c/ADExplorerSnapshot.py/pull/66
π₯ [ tweet ]
Dropping a one-off script to pull arbitrary AD attributes from ADExplorer snapshots. @0xBoku and I used this on a recent op to pull custom attributes that listed Computer objects owned by specific users so we could correlate high-value targets to systems:
π https://github.com/c3c/ADExplorerSnapshot.py/pull/66
π₯ [ tweet ]
π₯3
π [ RedTeam Pentesting @RedTeamPT ]
π We've just released π keycred π
A cross-platform tool for handling Active Directory Shadow Credentials/msDS-KeyCredentialLink π.
It supports UnPAC-the-Hash/PKINIT, Pass-the-Cert, Channel Binding and more πͺπ
π₯ Get it while it's still hot! π₯
π https://github.com/RedTeamPentesting/keycred
π₯ [ tweet ]
π We've just released π keycred π
A cross-platform tool for handling Active Directory Shadow Credentials/msDS-KeyCredentialLink π.
It supports UnPAC-the-Hash/PKINIT, Pass-the-Cert, Channel Binding and more πͺπ
π₯ Get it while it's still hot! π₯
π https://github.com/RedTeamPentesting/keycred
π₯ [ tweet ]
π8π₯±6
π [ Synacktiv @Synacktiv ]
In our latest article, @l4x4 revisits the secretsdump implementation, offering an alternative avoiding reg save and eliminates writing files to disk, significantly reducing the likelihood of triggering security alerts. Read the details at .
π https://www.synacktiv.com/publications/lsa-secrets-revisiting-secretsdump
π₯ [ tweet ]
In our latest article, @l4x4 revisits the secretsdump implementation, offering an alternative avoiding reg save and eliminates writing files to disk, significantly reducing the likelihood of triggering security alerts. Read the details at .
π https://www.synacktiv.com/publications/lsa-secrets-revisiting-secretsdump
π₯ [ tweet ]
π₯±4π₯3
π [ TrustedSec @TrustedSec ]
In our new #blog, Senior Research Analyst @codewhisperer84 unveils his new tool DIT Explorer which he created after researching NTDS.dit files on Active Directory. Read part one of this series now to find out what this tool can do!
π https://trustedsec.com/blog/exploring-ntds-dit-part-1-cracking-the-surface-with-dit-explorer
π₯ [ tweet ]
In our new #blog, Senior Research Analyst @codewhisperer84 unveils his new tool DIT Explorer which he created after researching NTDS.dit files on Active Directory. Read part one of this series now to find out what this tool can do!
π https://trustedsec.com/blog/exploring-ntds-dit-part-1-cracking-the-surface-with-dit-explorer
π₯ [ tweet ]
π3π₯±3
π [ Orange Cyberdefense Switzerland @orangecyberch ]
π»π‘οΈIn this blog post, ClΓ©ment Labro explains how he developed a tool that lets you run Powershell without the various system protections.
π Discover this article on our blog:
π https://blog.scrt.ch/2025/02/18/reinventing-powershell-in-c-c
π₯ [ tweet ]
π»π‘οΈIn this blog post, ClΓ©ment Labro explains how he developed a tool that lets you run Powershell without the various system protections.
π Discover this article on our blog:
π https://blog.scrt.ch/2025/02/18/reinventing-powershell-in-c-c
π₯ [ tweet ]
π5π₯±3π₯2
DFS Targets & Links
Π§ΡΠΎΠ±Ρ Π½Π΅ Π΄Π΅Π»Π°ΡΡ ΡΠ°ΠΊ:
π https://ppn.snovvcra.sh/pentest/infrastructure/ad/post-exploitation#locate-dfs-targets
Π’Π΅ΠΏΠ΅ΡΡ ΠΌΠΎΠΆΠ½ΠΎ Π΄Π΅Π»Π°ΡΡ ΡΠ°ΠΊ:
π https://github.com/c3c/ADExplorerSnapshot.py/pull/67
Π§ΡΠΎΠ±Ρ Π½Π΅ Π΄Π΅Π»Π°ΡΡ ΡΠ°ΠΊ:
π https://ppn.snovvcra.sh/pentest/infrastructure/ad/post-exploitation#locate-dfs-targets
Π’Π΅ΠΏΠ΅ΡΡ ΠΌΠΎΠΆΠ½ΠΎ Π΄Π΅Π»Π°ΡΡ ΡΠ°ΠΊ:
π https://github.com/c3c/ADExplorerSnapshot.py/pull/67
π₯7