😈 [ 📔 Michael Grafnetter @MGrafnetter ]
New Indicator of Compromise (IoC) by the NTLM Relay Attack with Shadow Credentials, thanks to bugs in Impacket, a popular Python implementation. Will probably be fixed in the near future.
🔗 https://www.dsinternals.com/en/indicator-of-compromise-shadow-credentials-ntlm-relay-impacket/
🐥 [ tweet ]
New Indicator of Compromise (IoC) by the NTLM Relay Attack with Shadow Credentials, thanks to bugs in Impacket, a popular Python implementation. Will probably be fixed in the near future.
🔗 https://www.dsinternals.com/en/indicator-of-compromise-shadow-credentials-ntlm-relay-impacket/
🐥 [ tweet ]
👍5
😈 [ MrAle98 @MrAle_98 ]
Hey there,
Finally published the article on the exploit for CVE-2025-21333-POC exploit.
Here the link to the article:
🔗 https://medium.com/@ale18109800/cve-2025-21333-windows-heap-based-buffer-overflow-analysis-d1b597ae4bae
🐥 [ tweet ]
Hey there,
Finally published the article on the exploit for CVE-2025-21333-POC exploit.
Here the link to the article:
🔗 https://medium.com/@ale18109800/cve-2025-21333-windows-heap-based-buffer-overflow-analysis-d1b597ae4bae
🐥 [ tweet ]
🔥8
😈 [ Oddvar Moe @Oddvarmoe ]
TIL, the attribute userWorkstations is still in play in modern windows 🤯
If you set the attribute on a user to something random the user cannot login to the computers anymore. Need privs to adjust, but I can see potential when you want to lock someone out for a while
🐥 [ tweet ]
TIL, the attribute userWorkstations is still in play in modern windows 🤯
If you set the attribute on a user to something random the user cannot login to the computers anymore. Need privs to adjust, but I can see potential when you want to lock someone out for a while
🐥 [ tweet ]
👍15😁4🤔4
😈 [ c0rnbread @0xC0rnbread ]
Today I'm releasing Xenon, a custom Mythic agent for Windows targets written in C.
Notable features include:
📁 Modular command/code inclusion
🦠 Malleable C2 Profile support
🪨 Compatible with Cobalt Strike BOFs
🔗 https://github.com/MythicAgents/Xenon
Blog series:
🔗 https://c0rnbread.com/creating-mythic-c2-agent-part1/
🐥 [ tweet ]
Today I'm releasing Xenon, a custom Mythic agent for Windows targets written in C.
Notable features include:
📁 Modular command/code inclusion
🦠 Malleable C2 Profile support
🪨 Compatible with Cobalt Strike BOFs
🔗 https://github.com/MythicAgents/Xenon
Blog series:
🔗 https://c0rnbread.com/creating-mythic-c2-agent-part1/
🐥 [ tweet ]
👍6
😈 [ Andrea Pierini @decoder_it ]
KrbRelayEx-RPC tool is out! 🎉
Intercepts ISystemActivator requests, extracts Kerberos AP-REQ & dynamic port bindings and relays the AP-REQ to access SMB shares or HTTP ADCS, all fully transparent to the victim ;)
🔗 https://github.com/decoder-it/KrbRelayEx-RPC
🐥 [ tweet ]
KrbRelayEx-RPC tool is out! 🎉
Intercepts ISystemActivator requests, extracts Kerberos AP-REQ & dynamic port bindings and relays the AP-REQ to access SMB shares or HTTP ADCS, all fully transparent to the victim ;)
🔗 https://github.com/decoder-it/KrbRelayEx-RPC
🐥 [ tweet ]
🔥10🥱1
😈 [ Thomas Seigneuret @_zblurx ]
Fear no more for LDAP Signing and Channel binding with Impacket based tools 😎
🔗 https://github.com/fortra/impacket/pull/1919
🐥 [ tweet ]
Fear no more for LDAP Signing and Channel binding with Impacket based tools 😎
🔗 https://github.com/fortra/impacket/pull/1919
🐥 [ tweet ]
🤔3👍2😁2
😈 [ 5pider @C5pider ]
spend some time rewriting stardust to be more minimalist and easier to use! I needed a generic minimal shellcode template that works for both x86 and x64 out of the box so I rewrote stardust to do so.
It is now written in C++20 and utilizing some of its language features. The template can be used to easily write shellcode fast in a more modern and less painful way.
The project can be compiled in release or debug mode, where as debug mode will just allow the use of DBG_PRINTF, which calls DbgPrint under the hood to print out strings to the currently attached debugger.
There are more things i have added so consider checking it out. I removed global variable access since i no longer use it nor require it (went for diff design heh). If u still need that feature I would recommend to change the branch to "globals-support" where the old version is hosted.
🔗 https://github.com/Cracked5pider/Stardust
🐥 [ tweet ]
spend some time rewriting stardust to be more minimalist and easier to use! I needed a generic minimal shellcode template that works for both x86 and x64 out of the box so I rewrote stardust to do so.
It is now written in C++20 and utilizing some of its language features. The template can be used to easily write shellcode fast in a more modern and less painful way.
The project can be compiled in release or debug mode, where as debug mode will just allow the use of DBG_PRINTF, which calls DbgPrint under the hood to print out strings to the currently attached debugger.
There are more things i have added so consider checking it out. I removed global variable access since i no longer use it nor require it (went for diff design heh). If u still need that feature I would recommend to change the branch to "globals-support" where the old version is hosted.
🔗 https://github.com/Cracked5pider/Stardust
🐥 [ tweet ]
👍2
😈 [ Bobby Cooke @0xBoku ]
Loki C2 blog drop! Thank you for all those who helped and all the support from the community. Big shoutout to @d_tranman and @chompie1337 for all their contributions to Loki C2! @IBM @IBMSecurity @XForce
🔗 https://securityintelligence.com/x-force/bypassing-windows-defender-application-control-loki-c2/
🐥 [ tweet ]
Loki C2 blog drop! Thank you for all those who helped and all the support from the community. Big shoutout to @d_tranman and @chompie1337 for all their contributions to Loki C2! @IBM @IBMSecurity @XForce
🔗 https://securityintelligence.com/x-force/bypassing-windows-defender-application-control-loki-c2/
🐥 [ tweet ]
👍5
Offensive Xwitter
Мир, труд, май и PHDays 2025 (22–24 мая) Грядущий ПэХэДэйз будет особенным, ведь в довесок ко всем стандартным вкусностям в виде докладов, наливайки и нетворкинга с коллегами вас ждет порция хардкор-стайл материала для Offense-трека, где мы (a.k.a. 🟥 SWARM)…
FYI, в этом году мы сотрудничаем с тремя фондами — «Подари Жизнь», «Улица Мира» и «Старость в радость» — и все средства, вырученные от продажи билетов, идут на благотворительность.
Проходка на закрытую часть феста🟰 пожертвование от 1.5к:
🔗 https://phdays.com/ru/
Проходка на закрытую часть феста
🔗 https://phdays.com/ru/
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥8👍5🥱4
😈 [ NetSPI @NetSPI ]
Beacon Object Files (BOFs) in C2 platforms limit developers.
Read NetSPI's blog post to explore a reference design for a new BOF portable executable (PE) concept that bridges the gap between modern C++ development and memory-executable C2 integration.
🔗 https://www.netspi.com/blog/technical-blog/network-pentesting/the-future-of-beacon-object-files/
🐥 [ tweet ]
Beacon Object Files (BOFs) in C2 platforms limit developers.
Read NetSPI's blog post to explore a reference design for a new BOF portable executable (PE) concept that bridges the gap between modern C++ development and memory-executable C2 integration.
🔗 https://www.netspi.com/blog/technical-blog/network-pentesting/the-future-of-beacon-object-files/
🐥 [ tweet ]
😈 [ Daniel @0x64616e ]
You can relay a user to LDAP that has WriteDacl/GenericAll on a valuable object but you can't use ShadowCredentials? Fear no more! You can now use "gain_fullcontrol" in ntlmrelayx ldapshell to give your account control over that object.
🔗 https://github.com/fortra/impacket/pull/1927
🐥 [ tweet ]
You can relay a user to LDAP that has WriteDacl/GenericAll on a valuable object but you can't use ShadowCredentials? Fear no more! You can now use "gain_fullcontrol" in ntlmrelayx ldapshell to give your account control over that object.
🔗 https://github.com/fortra/impacket/pull/1927
🐥 [ tweet ]
👍6🔥3
😈 [ Wietze @Wietze ]
By making minor changes to command-line arguments, it is possible to bypass EDR/AV detections.
My research, comprising ~70 Windows executables, found that all of them were vulnerable to this, to varying degrees.
Here’s what I found and why it matters:
🔗 https://wietze.github.io/blog/bypassing-detections-with-command-line-obfuscation
🐥 [ tweet ]
By making minor changes to command-line arguments, it is possible to bypass EDR/AV detections.
My research, comprising ~70 Windows executables, found that all of them were vulnerable to this, to varying degrees.
Here’s what I found and why it matters:
🔗 https://wietze.github.io/blog/bypassing-detections-with-command-line-obfuscation
🐥 [ tweet ]
🔥23🥱6😁3
😈 [ bohops @bohops ]
This ended up being a great applied research project with @d_tranman on weaponizing a technique for fileless DCOM lateral movement based on the original work of @tiraniddo. Excellent work, Dylan!
Blog:
🔗 https://www.ibm.com/think/news/fileless-lateral-movement-trapped-com-objects
PoC:
🔗 https://github.com/xforcered/ForsHops
🐥 [ tweet ][ quote ]
This ended up being a great applied research project with @d_tranman on weaponizing a technique for fileless DCOM lateral movement based on the original work of @tiraniddo. Excellent work, Dylan!
Blog:
🔗 https://www.ibm.com/think/news/fileless-lateral-movement-trapped-com-objects
PoC:
🔗 https://github.com/xforcered/ForsHops
🐥 [ tweet ][ quote ]
👍3🥱2
😈 [ Craig Rowland - Agentless Linux Security @CraigHRowland ]
This new Linux script from THC will encrypt and obfuscate any executable or script to hide from on-disk detection:
🔗 https://github.com/hackerschoice/bincrypter
I'm going to show you how to detect it with command line tools in this thread:
🔗 https://threadreaderapp.com/thread/1905052948935377402.html
🐥 [ tweet ]
This new Linux script from THC will encrypt and obfuscate any executable or script to hide from on-disk detection:
🔗 https://github.com/hackerschoice/bincrypter
I'm going to show you how to detect it with command line tools in this thread:
🔗 https://threadreaderapp.com/thread/1905052948935377402.html
🐥 [ tweet ]
🔥12👍3🥱2
😈 [ Oddvar Moe @Oddvarmoe ]
Many people wanted my slides from the Windows Client Privilege Escalation webinar yesterday.
Here are links to the slides and the recording of the webinar.
Slides:
🔗 https://www.slideshare.net/slideshow/windows-client-privilege-escalation-shared-pptx/277239036
Recording:
🔗 https://youtu.be/EG2Mbw2DVnU?si=rlx-GG2QMQpIxQYi
🐥 [ tweet ]
Many people wanted my slides from the Windows Client Privilege Escalation webinar yesterday.
Here are links to the slides and the recording of the webinar.
Slides:
🔗 https://www.slideshare.net/slideshow/windows-client-privilege-escalation-shared-pptx/277239036
Recording:
🔗 https://youtu.be/EG2Mbw2DVnU?si=rlx-GG2QMQpIxQYi
🐥 [ tweet ]
👍7🔥5
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ Duncan Ogilvie 🍍 @mrexodia ]
Success! Claude 3.7 with my IDA Pro MCP server managed to solve the crackme that was previously failing🦾
The trick was adding a convert_number tool and stress to always use it for conversions. It took ~7 minutes to run and the cost was $1.85. Also includes an analysis report.
🔗 https://github.com/mrexodia/ida-pro-mcp
🐥 [ tweet ]
Success! Claude 3.7 with my IDA Pro MCP server managed to solve the crackme that was previously failing🦾
The trick was adding a convert_number tool and stress to always use it for conversions. It took ~7 minutes to run and the cost was $1.85. Also includes an analysis report.
🔗 https://github.com/mrexodia/ida-pro-mcp
🐥 [ tweet ]
рип цтфы категории пвн👍7😁4🤯3🔥1
😈 [ Yehuda Smirnov @yudasm_ ]
Excited to release a tool I've been working on lately: ShareFiltrator
ShareFiltrator finds credentials exposed in SharePoint/OneDrive via the Search API (_api/search/query) and also automates mass downloading of the discovered items.
Blog:
🔗 https://blog.fndsec.net/2025/04/02/breaking-down-sharepoint-walls/
Code:
🔗 https://github.com/Friends-Security/sharefiltrator
🐥 [ tweet ]
Excited to release a tool I've been working on lately: ShareFiltrator
ShareFiltrator finds credentials exposed in SharePoint/OneDrive via the Search API (_api/search/query) and also automates mass downloading of the discovered items.
Blog:
🔗 https://blog.fndsec.net/2025/04/02/breaking-down-sharepoint-walls/
Code:
🔗 https://github.com/Friends-Security/sharefiltrator
🐥 [ tweet ]
👍11😁1
Offensive Xwitter
😈 [ Bobby Cooke @0xBoku ] Loki C2 blog drop! Thank you for all those who helped and all the support from the community. Big shoutout to @d_tranman and @chompie1337 for all their contributions to Loki C2! @IBM @IBMSecurity @XForce 🔗 https://securityintelligence.com/x…
😈 [ Bobby Cooke @0xBoku ]
As promised... this is Loki Command & Control! 🧙♂️🔮🪄
Thanks to @d_tranman for his work done on the project and everyone else on the team for making this release happen!
🔗 https://github.com/boku7/Loki
🐥 [ tweet ]
As promised... this is Loki Command & Control! 🧙♂️🔮🪄
Thanks to @d_tranman for his work done on the project and everyone else on the team for making this release happen!
🔗 https://github.com/boku7/Loki
🐥 [ tweet ]
👍6