😈 [ VirtualAllocEx, Daniel Feichter ]
Sliver is a nice C2, but I personally can't understand why many people do compare or mess it with Cobalt Strike. Besides Brutel Ratel (BRc4), Cobalt Strike is in my opionion still the C2 leader with the strongest community in the background.
#redteam #itsecurity #pentest
🐥 [ tweet ][ quote ]
Sliver is a nice C2, but I personally can't understand why many people do compare or mess it with Cobalt Strike. Besides Brutel Ratel (BRc4), Cobalt Strike is in my opionion still the C2 leader with the strongest community in the background.
#redteam #itsecurity #pentest
🐥 [ tweet ][ quote ]
😈 [ podalirius_, Podalirius ]
I published a tool to #bruteforce the key of @CodeIgniter's session #cookies, in order to sign arbitrary attacker-controlled cookies🍪
I wrote this tool for a use case encountered in #bugbounty recently, but we can find this in #pentest too.
https://t.co/7JIiYQskoG
🔗 https://github.com/p0dalirius/CodeIgniter-session-unsign
🐥 [ tweet ]
I published a tool to #bruteforce the key of @CodeIgniter's session #cookies, in order to sign arbitrary attacker-controlled cookies🍪
I wrote this tool for a use case encountered in #bugbounty recently, but we can find this in #pentest too.
https://t.co/7JIiYQskoG
🔗 https://github.com/p0dalirius/CodeIgniter-session-unsign
🐥 [ tweet ]
👹 [ snovvcrash, sn🥶vvcr💥sh ]
[#HackStory 🧵] (1/4) Here’s a generic case of reaching a locked-down PC from a firewalled segment in AD. The background is: 172.16.66.6 (the target) can talk to 192.168.1.11 (a PWNed server) but not vice versa and to no one else in the foreseeable network 👀
#ad #pentest
🐥 [ tweet ]
[#HackStory 🧵] (1/4) Here’s a generic case of reaching a locked-down PC from a firewalled segment in AD. The background is: 172.16.66.6 (the target) can talk to 192.168.1.11 (a PWNed server) but not vice versa and to no one else in the foreseeable network 👀
#ad #pentest
🐥 [ tweet ]
🔥1
😈 [ lpha3ch0, Steve Campbell ]
My latest blog post, Pivoting for Pentesters https://t.co/9N1gxtdJXn #infosec #pentest #redteam
🔗 https://www.stevencampbell.info/Pivoting-for-pentesters/
🐥 [ tweet ]
My latest blog post, Pivoting for Pentesters https://t.co/9N1gxtdJXn #infosec #pentest #redteam
🔗 https://www.stevencampbell.info/Pivoting-for-pentesters/
🐥 [ tweet ]
Forwarded from Ralf Hacker Channel (Ralf Hacker)
Спасибо @snovvcrash, снова запостил годный материал
https://habr.com/ru/company/angarasecurity/blog/680138/
#pentest #redteam #ad
https://habr.com/ru/company/angarasecurity/blog/680138/
#pentest #redteam #ad
Хабр
Делегируй меня полностью, или Новый взгляд на RBCD-атаки в AD
«Злоупотребление ограниченным делегированием Kerberos на основе ресурсов» — как много в этом звуке! Точнее уже не просто звуке и даже не словосочетании, а целом классе наступательных техник в доменной...
👹 [ snovvcrash, sn🥶vvcr💥sh ]
[#HackTip ⚒] A cool technique for initial AD access during a pentest. Got a Cisco IP Phone nearby? Congrats, you’re (almost) a domain user!
#pentest #ad #cisco
🔗 https://www.trustedsec.com/blog/seeyoucm-thief-exploiting-common-misconfigurations-in-cisco-phone-systems/
🔗 https://www.n00py.io/2022/01/unauthenticated-dumping-of-usernames-via-cisco-unified-call-manager-cucm/
🔗 https://github.com/llt4l/iCULeak.py
🐥 [ tweet ]
[#HackTip ⚒] A cool technique for initial AD access during a pentest. Got a Cisco IP Phone nearby? Congrats, you’re (almost) a domain user!
#pentest #ad #cisco
🔗 https://www.trustedsec.com/blog/seeyoucm-thief-exploiting-common-misconfigurations-in-cisco-phone-systems/
🔗 https://www.n00py.io/2022/01/unauthenticated-dumping-of-usernames-via-cisco-unified-call-manager-cucm/
🔗 https://github.com/llt4l/iCULeak.py
🐥 [ tweet ]
👹 [ snovvcrash, sn🥶vvcr💥sh ]
🧶 (1/3) PCredz in Docker Thread
I’m a big fan of the #Impacket multi-relay feature that not only allows an attacker to keep multiple relay targets alive, but can also be used for performing both #NTLM relay AND #hashes dump at the same time ⏬
https://t.co/EZtH02ynTN
#pentest
🔗 https://www.secureauth.com/blog/we-love-relaying-credentials-a-technical-guide-to-relaying-credentials-everywhere/
🐥 [ tweet ]
🧶 (1/3) PCredz in Docker Thread
I’m a big fan of the #Impacket multi-relay feature that not only allows an attacker to keep multiple relay targets alive, but can also be used for performing both #NTLM relay AND #hashes dump at the same time ⏬
https://t.co/EZtH02ynTN
#pentest
🔗 https://www.secureauth.com/blog/we-love-relaying-credentials-a-technical-guide-to-relaying-credentials-everywhere/
🐥 [ tweet ]
🔥1
Forwarded from Ralf Hacker Channel (Ralf Hacker)
Довольно интересная статья, как обходить EDR с помощью python)))
https://www.naksyn.com/edr%20evasion/2022/09/01/operating-into-EDRs-blindspot.html
#redteam #pentest #bypass
https://www.naksyn.com/edr%20evasion/2022/09/01/operating-into-EDRs-blindspot.html
#redteam #pentest #bypass
😈 [ CaptMeelo, Meelo ]
Got some time over the weekend to make a new post. Here you go.
#redteam #maldev #pentest
https://t.co/Qlyc6A7YEf
🔗 https://captmeelo.com/redteam/maldev/2022/10/17/independent-malware.html
🐥 [ tweet ]
Got some time over the weekend to make a new post. Here you go.
#redteam #maldev #pentest
https://t.co/Qlyc6A7YEf
🔗 https://captmeelo.com/redteam/maldev/2022/10/17/independent-malware.html
🐥 [ tweet ]
Forwarded from Ralf Hacker Channel (Ralf Hacker)
Новые сюрпризы в AD CS... Добавим технику ESC11🙈
https://blog.compass-security.com/2022/11/relaying-to-ad-certificate-services-over-rpc/
#ad #pentest #redteam
https://blog.compass-security.com/2022/11/relaying-to-ad-certificate-services-over-rpc/
#ad #pentest #redteam