😈 [ DirectoryRanger, DirectoryRanger ]

S4uDelegator. tool to perform S4U logon with SeTcbPrivilege, by @@daem0nc0re
https://t.co/7qFTFtX6Um

🔗 https://github.com/daem0nc0re/PrivFu#s4udelegator

🐥 [ tweet ]

😈 [ m3g9tr0n, Spiros Fraganastasis ]

How the Active Directory Replication Model Works
https://t.co/oQKPMswqK5

🔗 https://premglitz.wordpress.com/2013/03/20/how-the-active-directory-replication-model-works/

🐥 [ tweet ]

😈 [ citronneur, Sylvain Peyrefitte ]

Time Travel Debugging for #IDA https://t.co/9QRB0UBuAy

🔗 https://github.com/airbus-cert/ttddbg

🐥 [ tweet ]

👹 [ snovvcrash, sn🥶vvcr💥sh ]

Two-week security assessment is over, finally… Way too many lessons learned, oh well. Here’s the final step of taking down the critical OpenShift cluster with a single curl (hard-coded tokens is always a bad idea). So current mood is like the Burning Chrome last paragraphs 🫡

🐥 [ tweet ]

😈 [ DebugPrivilege, • ]

I came across a video of a talk from @MSwannMSFT on Intrusion Detection with Graphs https://t.co/4hKezgfM6N - interesting talk for blue teamers!

🔗 https://youtu.be/tGWSnuyZ4GQ

🐥 [ tweet ]

⚠️ DISCLAIMER ⚠️

‼️ All information posted in this channel (https://xn--r1a.website/OffensiveTwitter) is intended for research and/or educational purposes only.

‼️ The owner of this channel is NOT responsible for any illegal use of the information this channel is providing or referring to.

‼️ The owner of this channel does NOT promote any illegal activity related to unethical hacking, cybercrimes, malware distribution, etc.

‼️ Remember that computer crimes are ALWAYS punishable by the law, so please do watch what you are doing.

#disclaimer

😈 [ HackingLZ, Justin ]

Actual details on the Confluence CVE-2022-26134

https://t.co/qU3BfAQEa9

🔗 https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/

🐥 [ tweet ]

😈 [ vxunderground, vx-underground ]

We've updated the vx-underground Malware Analysis collection. We have added 13 new papers courtesy of @malpedia.

Check it out here: https://t.co/djuVYEkbLT

Have a nice day.

🔗 https://www.vx-underground.org/malware_defense.html#malware_analysis

🐥 [ tweet ]

😈 [ hackinarticles, Hacking Articles ]

Memory Hunting

Credit https://t.co/OHtDiELsy5

#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #bugbountytips #forensics #dfir

🔗 https://github.com/christophetd/mindmaps/blob/master/pdf/memory-hunting.pdf

🐥 [ tweet ]

😈 [ HackingLZ, Justin ]

Since everyone is mentioning AzureAD to protect assets instead of putting them directly on the internet...Keep this in mind for future egress detections. https://t.co/mvgebEssdW

🔗 https://www.trustedsec.com/blog/azure-application-proxy-c2/

🐥 [ tweet ]

😈 [ hackinarticles, Hacking Articles ]

Incident Response Cheat Sheet

#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #dfir #incidentresponse

🐥 [ tweet ]

😈 [ hackinarticles, Hacking Articles ]

Information Security Concept

Credit https://t.co/5uvxJfGqhx

#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #bugbountytips

🔗 https://www.xmind.net/embed/enin/

🐥 [ tweet ]

😈 [ hackinarticles, Hacking Articles ]

DNS Cheat Sheet

Credit @Nominet

#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #DNS

🐥 [ tweet ]

😈 [ DirectoryRanger, DirectoryRanger ]

SharpRDPHijack, by @bohops
https://t.co/LNA6bv9TIq

🔗 https://github.com/bohops/SharpRDPHijack

🐥 [ tweet ]

😈 [ FSDominguez, Francisco Dominguez ]

Not only inject&forget, but you can use quantum insert/spoofed packets for bidirectional communication as well to bypass very strict firewalls.

https://t.co/D4dzlAfHrM

🔗 https://diablohorn.com/2017/05/21/quantum-insert-bypassing-ip-restrictions/

🐥 [ tweet ][ quote ]

😈 [ am0nsec, Paul L. ]

I published my little experiment with the Windows Memory Manager in order to get Virtual Address Descriptors (VADs) from an arbitrary process. This is a proof of concept - use caution. Will use this repository to add more stuff over time.

https://t.co/hFqH4duKLX

🔗 https://github.com/am0nsec/wkpe

🐥 [ tweet ]

😈 [ _wald0, Andy Robbins ]

Today is Friday, which means it's #BloodHoundBasics day.

Here is the recording of my @BlackHatEvents Asia presentation covering the origins of BloodHound. In particular: what problem BloodHound set out to solve in the first place: https://t.co/px9EZysXc7

🔗 https://www.youtube.com/watch?v=Yl7gwdTFK18

🐥 [ tweet ]

😈 [ HackingLZ, Justin ]

So they updated the advisory with a patch/replacement for a single file which is great...However I would suspect it won't take a lot of work to diff old vs new? Incoming PoC?

https://t.co/4lbxkVc1Ja

🔗 https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html

🐥 [ tweet ]

😈 [ hackinarticles, Hacking Articles ]

Active Directory Penetration Testing

https://t.co/D4pKsnC9Yk

#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #cyberattacks #security #vulnerabilities #bugbounty

🔗 https://www.hackingarticles.in/red-teaming/

🐥 [ tweet ]