π [ hackinarticles, Hacking Articles ]
Powercat for Pentester
https://t.co/irffdvbILa
#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #cyberattacks #security #vulnerabilities
π https://www.hackingarticles.in/powercat-for-pentester/
π₯ [ tweet ]
Powercat for Pentester
https://t.co/irffdvbILa
#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #cyberattacks #security #vulnerabilities
π https://www.hackingarticles.in/powercat-for-pentester/
π₯ [ tweet ]
π [ m3g9tr0n, Spiros Fraganastasis ]
Administrative tools and logon types
https://t.co/jGi99iBpvO
π https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/reference-tools-logon-types
π₯ [ tweet ]
Administrative tools and logon types
https://t.co/jGi99iBpvO
π https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/reference-tools-logon-types
π₯ [ tweet ]
π₯1
π [ c3rb3ru5d3d53c, ΟΞ΅ΡΞ²Ξ΅ΡΞΌs - ΠΌΞ±βΟΞ±ΡΞ΅ ΡΞ΅sΡαΡΟΠ½Ξ΅Ρ ]
#Suricata #Signature for Confluence CVE-2022-26134 #exploit #poc
ATTACK Potential URI Template Injection
https://t.co/8mVZhciNqF
π https://github.com/c3rb3ru5d3d53c/signatures/blob/master/signatures/attack/injection/template/template.suricata-6.0.5.rules
π₯ [ tweet ]
#Suricata #Signature for Confluence CVE-2022-26134 #exploit #poc
ATTACK Potential URI Template Injection
https://t.co/8mVZhciNqF
π https://github.com/c3rb3ru5d3d53c/signatures/blob/master/signatures/attack/injection/template/template.suricata-6.0.5.rules
π₯ [ tweet ]
π [ an0n_r0, an0n ]
storing creds for a runas-like utility in a saved config file is a security mistake, even if the tool offers "seriously obfuscated encrypted" files. all we need is just hooking CreateProcessWithLogonW (hello to @fridadotre) and no worries about reversing proprietary encryptions.
π https://gist.github.com/tothi/dd3bdd5d9f88ffcd32be15b2ce480aa6
π₯ [ tweet ]
storing creds for a runas-like utility in a saved config file is a security mistake, even if the tool offers "seriously obfuscated encrypted" files. all we need is just hooking CreateProcessWithLogonW (hello to @fridadotre) and no worries about reversing proprietary encryptions.
π https://gist.github.com/tothi/dd3bdd5d9f88ffcd32be15b2ce480aa6
π₯ [ tweet ]
π [ m3g9tr0n, Spiros Fraganastasis ]
Exploring data saved by Chrome/Edge/Any Chromium
https://t.co/5zAXvnmsa9 #dpapi
π https://gist.github.com/jhoneill/e585bae781f3efa7ac1992b79e037713
π₯ [ tweet ]
Exploring data saved by Chrome/Edge/Any Chromium
https://t.co/5zAXvnmsa9 #dpapi
π https://gist.github.com/jhoneill/e585bae781f3efa7ac1992b79e037713
π₯ [ tweet ]
π2
π [ NinjaParanoid, Paranoid Ninja (Brute Ratel C4) ]
Hunting alertable threads for QAPC on existing processes, rop-gadgets, Stagers and start address spoofing for the upcoming BRc4 v1.1 release...
https://t.co/5GH2Nwnp74
π https://www.youtube.com/watch?v=w8ictUBcCrM
π₯ [ tweet ]
Hunting alertable threads for QAPC on existing processes, rop-gadgets, Stagers and start address spoofing for the upcoming BRc4 v1.1 release...
https://t.co/5GH2Nwnp74
π https://www.youtube.com/watch?v=w8ictUBcCrM
π₯ [ tweet ]
π [ DirectoryRanger, DirectoryRanger ]
O365-Doppelganger. script to harvest credentials off of a user during a Red Team and get execution of a file from the user
https://t.co/0CpScve1sn
π https://github.com/paranoidninja/O365-Doppelganger
π₯ [ tweet ]
O365-Doppelganger. script to harvest credentials off of a user during a Red Team and get execution of a file from the user
https://t.co/0CpScve1sn
π https://github.com/paranoidninja/O365-Doppelganger
π₯ [ tweet ]
π1
π [ m3g9tr0n, Spiros Fraganastasis ]
Active Directory delegations inventory in Rust
https://t.co/qOoTA6X4yi
π https://github.com/mtth-bfft/adeleg
π₯ [ tweet ]
Active Directory delegations inventory in Rust
https://t.co/qOoTA6X4yi
π https://github.com/mtth-bfft/adeleg
π₯ [ tweet ]
π [ hackinarticles, Hacking Articles ]
MITRE ATT&CK: Initial Access
Credit https://t.co/wtfCJx9CMi
#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #cyberattacks #security #vulnerabilities
π https://github.com/JPMinty/MindMaps/tree/master/MITRE%20ATT%26CK/PNG
π₯ [ tweet ]
MITRE ATT&CK: Initial Access
Credit https://t.co/wtfCJx9CMi
#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #cyberattacks #security #vulnerabilities
π https://github.com/JPMinty/MindMaps/tree/master/MITRE%20ATT%26CK/PNG
π₯ [ tweet ]
π [ Tarlogic, Tarlogic ]
Vulnerability CVE-2022-26134 has compromised Atlassian @Confluence servers and data centers and, along the way, the security of a multitude of companies. Our colleague @TuLkHaXs analyzes the scale of the incident and how to neutralize it π
https://t.co/6k6ILkif0i
π https://www.tarlogic.com/blog/cve-2022-26134-zero-day-vulnerability-affecting-atlassian-confluence/
π₯ [ tweet ]
Vulnerability CVE-2022-26134 has compromised Atlassian @Confluence servers and data centers and, along the way, the security of a multitude of companies. Our colleague @TuLkHaXs analyzes the scale of the incident and how to neutralize it π
https://t.co/6k6ILkif0i
π https://www.tarlogic.com/blog/cve-2022-26134-zero-day-vulnerability-affecting-atlassian-confluence/
π₯ [ tweet ]
π [ ReconOne_, ReconOne ]
GitHub Recon in Manual mode - Part 3 - Database
credits: techgaun/github-dorks
#recon #recontips #github #AttackSurface #bugbountytips #reconone #Database #gitrecon
π₯ [ tweet ]
GitHub Recon in Manual mode - Part 3 - Database
credits: techgaun/github-dorks
#recon #recontips #github #AttackSurface #bugbountytips #reconone #Database #gitrecon
π₯ [ tweet ]
π [ ptswarm, PT SWARM ]
π¦₯ Everyone learned to run pip install colorama to exploit Atlassian Confluence RCE (CVE-2022-26134), so letβs see how the vulnerability works under the hood.
Here we show our simplified payload which demonstrates a workflow inside the vulnerable code ‡οΈ
π₯ [ tweet ]
π¦₯ Everyone learned to run pip install colorama to exploit Atlassian Confluence RCE (CVE-2022-26134), so letβs see how the vulnerability works under the hood.
Here we show our simplified payload which demonstrates a workflow inside the vulnerable code ‡οΈ
π₯ [ tweet ]
π [ _wald0, Andy Robbins ]
This week I'm publishing a 3 post series on #Azure Managed Identity attack paths. Here's part 1, where we are looking at Automation Accounts:
https://t.co/gZ6QjGw6CE
Prior work by @kfosaaen, @inversecos, https://t.co/Eb8grvTeOm, and @cibrax
π https://posts.specterops.io/82667d17187a
π http://azsec.azurewebsites.net
π₯ [ tweet ]
This week I'm publishing a 3 post series on #Azure Managed Identity attack paths. Here's part 1, where we are looking at Automation Accounts:
https://t.co/gZ6QjGw6CE
Prior work by @kfosaaen, @inversecos, https://t.co/Eb8grvTeOm, and @cibrax
π https://posts.specterops.io/82667d17187a
π http://azsec.azurewebsites.net
π₯ [ tweet ]
π [ _JohnHammond, John Hammond is @ RSAC ]
Active Directory content will slowly trickle out on my YouTube channel over the next many days. We will build a local VM environment, stage out our domain at will with PowerShell, and bounce back and forth between "building" and "breaking" AD concepts
https://t.co/jHw7lS1St6
π https://youtu.be/pKtDQtsubio
π₯ [ tweet ]
Active Directory content will slowly trickle out on my YouTube channel over the next many days. We will build a local VM environment, stage out our domain at will with PowerShell, and bounce back and forth between "building" and "breaking" AD concepts
https://t.co/jHw7lS1St6
π https://youtu.be/pKtDQtsubio
π₯ [ tweet ]
π [ DebugPrivilege, β’ ]
I can see that most people are familiar with AD and understand the enumeration piece of it through tools like PowerView, etc. However, how does this look from a code-level and network-level? My go-to tools are IDA and Wireshark to answer these types of questions.
π₯ [ tweet ]
I can see that most people are familiar with AD and understand the enumeration piece of it through tools like PowerView, etc. However, how does this look from a code-level and network-level? My go-to tools are IDA and Wireshark to answer these types of questions.
π₯ [ tweet ]
π [ ReconOne_, ReconOne ]
Want to scan for the TOP Exploited Vulnerabilities according to CISA? Try this π
Credits: @pdiscoveryio
#nuclei #CISA #attacksurface #recon #reconone #bugbountytips #recontips
π₯ [ tweet ]
Want to scan for the TOP Exploited Vulnerabilities according to CISA? Try this π
Credits: @pdiscoveryio
#nuclei #CISA #attacksurface #recon #reconone #bugbountytips #recontips
π₯ [ tweet ]
π [ SagieSec, Sagie Dulce ]
#RPCFirewall version 2.0 is out!
Watch this tutorial that shows how to set it up, and start protecting against various RPC attacks : #petitpotam, #psexec, #dcsync, #wmic and more...
New features:
βοΈ Support RPC Filters.
βοΈ RPC Firewall as a service
βοΈ Monitor & protect new processes
βοΈ "Status" command for detailed deployment info
βοΈ Better resolution of source host and port
π https://youtu.be/BNzfmYwkioY
π https://github.com/zeronetworks/rpcfirewall
π₯ [ tweet ]
#RPCFirewall version 2.0 is out!
Watch this tutorial that shows how to set it up, and start protecting against various RPC attacks : #petitpotam, #psexec, #dcsync, #wmic and more...
New features:
βοΈ Support RPC Filters.
βοΈ RPC Firewall as a service
βοΈ Monitor & protect new processes
βοΈ "Status" command for detailed deployment info
βοΈ Better resolution of source host and port
π https://youtu.be/BNzfmYwkioY
π https://github.com/zeronetworks/rpcfirewall
π₯ [ tweet ]
π [ DebugPrivilege, β’ ]
Alert when a group is added to a sensitive Active Directory group https://t.co/2oJmjthu8G
π https://techcommunity.microsoft.com/t5/security-compliance-and-identity/alert-when-a-group-is-added-to-a-sensitive-active-directory/ba-p/3436868
π₯ [ tweet ]
Alert when a group is added to a sensitive Active Directory group https://t.co/2oJmjthu8G
π https://techcommunity.microsoft.com/t5/security-compliance-and-identity/alert-when-a-group-is-added-to-a-sensitive-active-directory/ba-p/3436868
π₯ [ tweet ]
π₯1
π [ hackinarticles, Hacking Articles ]
IPV4 vs IPV6
#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #cyberattacks #security #vulnerabilities
π₯ [ tweet ]
IPV4 vs IPV6
#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #cyberattacks #security #vulnerabilities
π₯ [ tweet ]
π [ ShitSecure, S3cur3Th1sSh1t ]
The last two weekends plus some evenings I spend my time writing a Nim Packer/Loader, which will be provided to Sponsors only via private repo. It's capable of packing C# Assemblies, Shellcode or PE-Files.
It's using my GetSyscallStub function to retrieve unhooked Syscalls from ntdll.dll to patch AMSI and/or ETW. The shellcode execution is also done via Syscalls from GetSyscallStub. This function will become public in Q1 2022.
The detection rate is at this time pretty good. One more reason for this repo to stay private. And theese binaries had no sandbox evasion checks, no sleep time and were not obfuscated via LLVM. I'll add sandbox evasion methods later on.
π https://www.patreon.com/S3cur3Th1sSh1t
π https://github.com/sponsors/S3cur3Th1sSh1t
π₯ [ tweet ]
The last two weekends plus some evenings I spend my time writing a Nim Packer/Loader, which will be provided to Sponsors only via private repo. It's capable of packing C# Assemblies, Shellcode or PE-Files.
It's using my GetSyscallStub function to retrieve unhooked Syscalls from ntdll.dll to patch AMSI and/or ETW. The shellcode execution is also done via Syscalls from GetSyscallStub. This function will become public in Q1 2022.
The detection rate is at this time pretty good. One more reason for this repo to stay private. And theese binaries had no sandbox evasion checks, no sleep time and were not obfuscated via LLVM. I'll add sandbox evasion methods later on.
π https://www.patreon.com/S3cur3Th1sSh1t
π https://github.com/sponsors/S3cur3Th1sSh1t
π₯ [ tweet ]
π1