๐ [ SemperisTech, Semperis ]
You're familiar with the Golden Ticket attack, but what about the Diamond Ticket? Semperis Security Researcher Charlie Clark reveals the result of research into this potential #securityvulnerability. https://t.co/p7alMaSr4t
๐ https://lnkd.in/gNYf2Gxz
๐ฅ [ tweet ]
You're familiar with the Golden Ticket attack, but what about the Diamond Ticket? Semperis Security Researcher Charlie Clark reveals the result of research into this potential #securityvulnerability. https://t.co/p7alMaSr4t
๐ https://lnkd.in/gNYf2Gxz
๐ฅ [ tweet ]
๐ [ ippsec, ippsec ]
Really enjoyed reading the APT-29 Article from Unit 42. Decided to do a video talking about it and some light reversing at the malware. Its pretty sad that APT-29 has been doing the LNK in a ZIP TTP for 5+ years and remained succesful by swapping payloads https://t.co/D15cwzATDn
๐ https://www.youtube.com/watch?v=a7W6rhkpVSM
๐ฅ [ tweet ]
Really enjoyed reading the APT-29 Article from Unit 42. Decided to do a video talking about it and some light reversing at the malware. Its pretty sad that APT-29 has been doing the LNK in a ZIP TTP for 5+ years and remained succesful by swapping payloads https://t.co/D15cwzATDn
๐ https://www.youtube.com/watch?v=a7W6rhkpVSM
๐ฅ [ tweet ]
๐ [ ShitSecure, S3cur3Th1sSh1t ]
The original work author @maorkor also released an 64 bit implementation for Powershell now, worth checking out! The Providers and number of Providers are enumerated automatically here. ๐ฅ
https://t.co/13mU1Zv6iA
๐ https://github.com/deepinstinct/AMSI-Unchained/blob/main/ScanInterception_x64.ps1
๐ฅ [ tweet ][ quote ]
The original work author @maorkor also released an 64 bit implementation for Powershell now, worth checking out! The Providers and number of Providers are enumerated automatically here. ๐ฅ
https://t.co/13mU1Zv6iA
๐ https://github.com/deepinstinct/AMSI-Unchained/blob/main/ScanInterception_x64.ps1
๐ฅ [ tweet ][ quote ]
This media is not supported in your browser
VIEW IN TELEGRAM
๐ [ dani_ruiz24, daniruiz ]
๐ฅ Huge improvements to my custom BASH/ZSH reverse shell function.
If you have not seen it
๐ Wrapper for nc (same syntax)
๐ Arrows, Ctrl+C...
๐ Loads the default bashrc config
๐ Color works
๐ sets terminal size
๐ No need to `stty -echo raw; fg`
https://t.co/jkPGFMjpjJ
๐ https://gist.github.com/daniruiz/c073f631d514bf38e516b62c48366efb#file-kali-shell-aliases-and-functions-sh-L59-L85
๐ฅ [ tweet ]
๐ฅ Huge improvements to my custom BASH/ZSH reverse shell function.
If you have not seen it
๐ Wrapper for nc (same syntax)
๐ Arrows, Ctrl+C...
๐ Loads the default bashrc config
๐ Color works
๐ sets terminal size
๐ No need to `stty -echo raw; fg`
https://t.co/jkPGFMjpjJ
๐ https://gist.github.com/daniruiz/c073f631d514bf38e516b62c48366efb#file-kali-shell-aliases-and-functions-sh-L59-L85
๐ฅ [ tweet ]
๐1
๐ [ _mohemiv, Arseniy Sharoglazov ]
โก๏ธ Cool PR to Impacket by @synacktiv: displaying timestamps for DCC/DCC2 hashes in secretsdump
New format: CORP.LOCAL/user:$DCC2$10240#user#0123456789abcdef0123456789abcdef: (2022-07-05 20:09:09)
Should be helpful, DCC2 hashes are so slow!
https://t.co/EPBQAkyrBd
๐ https://github.com/SecureAuthCorp/impacket/pull/1367
๐ฅ [ tweet ]
โก๏ธ Cool PR to Impacket by @synacktiv: displaying timestamps for DCC/DCC2 hashes in secretsdump
New format: CORP.LOCAL/user:$DCC2$10240#user#0123456789abcdef0123456789abcdef: (2022-07-05 20:09:09)
Should be helpful, DCC2 hashes are so slow!
https://t.co/EPBQAkyrBd
๐ https://github.com/SecureAuthCorp/impacket/pull/1367
๐ฅ [ tweet ]
๐ [ dottor_morte, Riccardo ]
For those who care, I uploaded the slides of my talk on lateral movement that I gave at TROOPERS this year:
https://t.co/wAoGPUv1Zj
๐ https://github.com/RiccardoAncarani/talks/blob/master/F-Secure/unorthodox-lateral-movement.pdf
๐ฅ [ tweet ]
For those who care, I uploaded the slides of my talk on lateral movement that I gave at TROOPERS this year:
https://t.co/wAoGPUv1Zj
๐ https://github.com/RiccardoAncarani/talks/blob/master/F-Secure/unorthodox-lateral-movement.pdf
๐ฅ [ tweet ]
๐1
๐ [ cnotin, Clรฉment Notin ]
I did not expect a non-domain joined Windows machine, using an identity provided with "runas /netonly", to silently manage to obtain a Kerberos TGT then use it to access a service! ๐ฎ
I thought it would fallback to NTLM immediately...
That's nice though ๐
๐ฅ [ tweet ]
I did not expect a non-domain joined Windows machine, using an identity provided with "runas /netonly", to silently manage to obtain a Kerberos TGT then use it to access a service! ๐ฎ
I thought it would fallback to NTLM immediately...
That's nice though ๐
๐ฅ [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
๐ [ podalirius_, Podalirius ]
Today in #AwesomeRCEs, I present a technique to achieve remote code execution on Apache #Tomcat by uploading an #app as admin.
In order to do this, I wrote a WAR application exposing a JSON API to execute code on the server and download files:
https://t.co/OJIr4V4R8D
๐ https://github.com/p0dalirius/Tomcat-webshell-application
๐ฅ [ tweet ]
Today in #AwesomeRCEs, I present a technique to achieve remote code execution on Apache #Tomcat by uploading an #app as admin.
In order to do this, I wrote a WAR application exposing a JSON API to execute code on the server and download files:
https://t.co/OJIr4V4R8D
๐ https://github.com/p0dalirius/Tomcat-webshell-application
๐ฅ [ tweet ]
๐ [ ORCA10K, ORCA ]
i released i tiny poc on getting the syscalls from ntdll of a new suspended process :
https://t.co/wtCeeEpaJI
๐ https://gitlab.com/ORCA000/suspendedntdllunhook
๐ฅ [ tweet ]
i released i tiny poc on getting the syscalls from ntdll of a new suspended process :
https://t.co/wtCeeEpaJI
๐ https://gitlab.com/ORCA000/suspendedntdllunhook
๐ฅ [ tweet ]
๐ [ 0xBoku, Bobby Cooke ]
BokuLoader features update! Added Find-Beacon EggHunter, Stomp MZ Magic Bytes, PE Header Obfuscation, PE String Replacement, and Prepend ASM Instructions! Shoutouts to @passthehashbrwn & @anthemtotheego ;)
https://t.co/WnolPDNPuo
๐ https://github.com/xforcered/BokuLoader
๐ฅ [ tweet ]
BokuLoader features update! Added Find-Beacon EggHunter, Stomp MZ Magic Bytes, PE Header Obfuscation, PE String Replacement, and Prepend ASM Instructions! Shoutouts to @passthehashbrwn & @anthemtotheego ;)
https://t.co/WnolPDNPuo
๐ https://github.com/xforcered/BokuLoader
๐ฅ [ tweet ]
๐ [ tiraniddo, James Forshaw ]
Another of my recent Kerberos bugs has been opened, this time _another_ way of bypassing AppContainer enterprise authentication capability this time by using LsaCallAuthenticationPackage https://t.co/axda3g2XDm
๐ https://bugs.chromium.org/p/project-zero/issues/detail?id=2273
๐ฅ [ tweet ]
Another of my recent Kerberos bugs has been opened, this time _another_ way of bypassing AppContainer enterprise authentication capability this time by using LsaCallAuthenticationPackage https://t.co/axda3g2XDm
๐ https://bugs.chromium.org/p/project-zero/issues/detail?id=2273
๐ฅ [ tweet ]
๐ [ harmj0y, Will Schroeder ]
Very cool Kerberoasting implementation using LsaCallAuthenticationPackage, all through a macro https://t.co/BswTJvqzHg
๐ https://github.com/Adepts-Of-0xCC/VBA-macro-experiments/blob/main/kerberoast.vba
๐ฅ [ tweet ]
Very cool Kerberoasting implementation using LsaCallAuthenticationPackage, all through a macro https://t.co/BswTJvqzHg
๐ https://github.com/Adepts-Of-0xCC/VBA-macro-experiments/blob/main/kerberoast.vba
๐ฅ [ tweet ]
๐ [ 0xdf_, 0xdf ]
What Happens In a "Shell Upgrade" video released:
https://t.co/ql6kIj6RK5
I love this one because I learned so much making it. Hopefully that knowledge transfers to you as well.
๐ https://youtu.be/DqE6DxqJg8Q
๐ฅ [ tweet ][ quote ]
What Happens In a "Shell Upgrade" video released:
https://t.co/ql6kIj6RK5
I love this one because I learned so much making it. Hopefully that knowledge transfers to you as well.
๐ https://youtu.be/DqE6DxqJg8Q
๐ฅ [ tweet ][ quote ]
๐ [ 0xBoku, Bobby Cooke ]
Dannnggggg.. @CaptMeelo has some great blog posts ๐ฅ Thanks @FuzzySec for directing me back there :)
https://t.co/0gbd1VHqRl
๐ https://captmeelo.com/category/maldev
๐ฅ [ tweet ]
Dannnggggg.. @CaptMeelo has some great blog posts ๐ฅ Thanks @FuzzySec for directing me back there :)
https://t.co/0gbd1VHqRl
๐ https://captmeelo.com/category/maldev
๐ฅ [ tweet ]
๐ [ podalirius_, Podalirius ]
Heard of #Printerbug, #PetitPotam, #ShadowCoerce and #DFSCoerce ? These are only the tip of the Iceberg and there is probably many more to find. ๐
Want to find a new call ? Here is 242 probable #RPC calls with python poc ready to be triaged! ๐
https://t.co/WjmEzuSOcz
๐ https://github.com/p0dalirius/windows-coerced-authentication-methods
๐ฅ [ tweet ]
Heard of #Printerbug, #PetitPotam, #ShadowCoerce and #DFSCoerce ? These are only the tip of the Iceberg and there is probably many more to find. ๐
Want to find a new call ? Here is 242 probable #RPC calls with python poc ready to be triaged! ๐
https://t.co/WjmEzuSOcz
๐ https://github.com/p0dalirius/windows-coerced-authentication-methods
๐ฅ [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
๐ [ podalirius_, Podalirius ]
Ever wanted to trigger a #NTLM authentication to a machine using every possible RPC call ? You can do this using #Coercer ๐ฅณ๐
This tool automatically detects available pipes and protocols and call every possible functions to trigger an #authentication.
https://t.co/6aVELSP4NC
๐ https://github.com/p0dalirius/Coercer
๐ฅ [ tweet ]
Ever wanted to trigger a #NTLM authentication to a machine using every possible RPC call ? You can do this using #Coercer ๐ฅณ๐
This tool automatically detects available pipes and protocols and call every possible functions to trigger an #authentication.
https://t.co/6aVELSP4NC
๐ https://github.com/p0dalirius/Coercer
๐ฅ [ tweet ]
๐ฅ2
๐ [ harmj0y, Will Schroeder ]
Hey, do you like tokens? Have you always wanted to "harvest" tokens for offensive purposes? If so check out my new post https://t.co/5Tr9UxYuh1 where I show I can (finally) write a technical post without memes, and then check out the Koh toolset at https://t.co/l77vlPDQrj
๐ https://posts.specterops.io/koh-the-token-stealer-41ca07a40ed6
๐ https://github.com/GhostPack/Koh
๐ฅ [ tweet ]
Hey, do you like tokens? Have you always wanted to "harvest" tokens for offensive purposes? If so check out my new post https://t.co/5Tr9UxYuh1 where I show I can (finally) write a technical post without memes, and then check out the Koh toolset at https://t.co/l77vlPDQrj
๐ https://posts.specterops.io/koh-the-token-stealer-41ca07a40ed6
๐ https://github.com/GhostPack/Koh
๐ฅ [ tweet ]
๐ [ theluemmel, S4U2LuemmelSec ]
Created a pull request (https://t.co/P40XZVrCrC) for @porchetta_ind 's CrackMapExec to query for LDAP Signing and Channel Binding. Big thanks to @zyn3rgy for his awesome work: https://t.co/8bfwJiSl4E which I just ported.
Thx @byt3bl33d3r and @mpgn_x64 for this awesome tool.
๐ https://github.com/Porchetta-Industries/CrackMapExec/pull/606
๐ https://github.com/zyn3rgy/LdapRelayScan
๐ฅ [ tweet ]
Created a pull request (https://t.co/P40XZVrCrC) for @porchetta_ind 's CrackMapExec to query for LDAP Signing and Channel Binding. Big thanks to @zyn3rgy for his awesome work: https://t.co/8bfwJiSl4E which I just ported.
Thx @byt3bl33d3r and @mpgn_x64 for this awesome tool.
๐ https://github.com/Porchetta-Industries/CrackMapExec/pull/606
๐ https://github.com/zyn3rgy/LdapRelayScan
๐ฅ [ tweet ]
๐ [ an0n_r0, an0n ]
if anyone runs into "unsupported hash type MD4" (on fully updated Kali) like me (for example by using BloodHound Python ingestor), it is because openssl legacy algorithms are being dropped from config. here is the fix from FluffMe: https://t.co/E89SOZSlOu
๐ https://gitlab.com/kalilinux/packages/kali-tweaks/-/issues/27
๐ฅ [ tweet ]
if anyone runs into "unsupported hash type MD4" (on fully updated Kali) like me (for example by using BloodHound Python ingestor), it is because openssl legacy algorithms are being dropped from config. here is the fix from FluffMe: https://t.co/E89SOZSlOu
๐ https://gitlab.com/kalilinux/packages/kali-tweaks/-/issues/27
๐ฅ [ tweet ]
๐น [ snovvcrash, sn๐ฅถvvcr๐ฅsh ]
@XakepRU, ัะฟะฐัะธะฑะพ ะทะฐ ะฟะพะดะณะพะฝ ๐ค๐
๐ฅ [ tweet ]
@XakepRU, ัะฟะฐัะธะฑะพ ะทะฐ ะฟะพะดะณะพะฝ ๐ค๐
๐ฅ [ tweet ]