π [ podalirius_, Podalirius ]
Heard of #Printerbug, #PetitPotam, #ShadowCoerce and #DFSCoerce ? These are only the tip of the Iceberg and there is probably many more to find. π
Want to find a new call ? Here is 242 probable #RPC calls with python poc ready to be triaged! π
https://t.co/WjmEzuSOcz
π https://github.com/p0dalirius/windows-coerced-authentication-methods
π₯ [ tweet ]
Heard of #Printerbug, #PetitPotam, #ShadowCoerce and #DFSCoerce ? These are only the tip of the Iceberg and there is probably many more to find. π
Want to find a new call ? Here is 242 probable #RPC calls with python poc ready to be triaged! π
https://t.co/WjmEzuSOcz
π https://github.com/p0dalirius/windows-coerced-authentication-methods
π₯ [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
π [ podalirius_, Podalirius ]
Ever wanted to trigger a #NTLM authentication to a machine using every possible RPC call ? You can do this using #Coercer π₯³π
This tool automatically detects available pipes and protocols and call every possible functions to trigger an #authentication.
https://t.co/6aVELSP4NC
π https://github.com/p0dalirius/Coercer
π₯ [ tweet ]
Ever wanted to trigger a #NTLM authentication to a machine using every possible RPC call ? You can do this using #Coercer π₯³π
This tool automatically detects available pipes and protocols and call every possible functions to trigger an #authentication.
https://t.co/6aVELSP4NC
π https://github.com/p0dalirius/Coercer
π₯ [ tweet ]
π₯2
π [ harmj0y, Will Schroeder ]
Hey, do you like tokens? Have you always wanted to "harvest" tokens for offensive purposes? If so check out my new post https://t.co/5Tr9UxYuh1 where I show I can (finally) write a technical post without memes, and then check out the Koh toolset at https://t.co/l77vlPDQrj
π https://posts.specterops.io/koh-the-token-stealer-41ca07a40ed6
π https://github.com/GhostPack/Koh
π₯ [ tweet ]
Hey, do you like tokens? Have you always wanted to "harvest" tokens for offensive purposes? If so check out my new post https://t.co/5Tr9UxYuh1 where I show I can (finally) write a technical post without memes, and then check out the Koh toolset at https://t.co/l77vlPDQrj
π https://posts.specterops.io/koh-the-token-stealer-41ca07a40ed6
π https://github.com/GhostPack/Koh
π₯ [ tweet ]
π [ theluemmel, S4U2LuemmelSec ]
Created a pull request (https://t.co/P40XZVrCrC) for @porchetta_ind 's CrackMapExec to query for LDAP Signing and Channel Binding. Big thanks to @zyn3rgy for his awesome work: https://t.co/8bfwJiSl4E which I just ported.
Thx @byt3bl33d3r and @mpgn_x64 for this awesome tool.
π https://github.com/Porchetta-Industries/CrackMapExec/pull/606
π https://github.com/zyn3rgy/LdapRelayScan
π₯ [ tweet ]
Created a pull request (https://t.co/P40XZVrCrC) for @porchetta_ind 's CrackMapExec to query for LDAP Signing and Channel Binding. Big thanks to @zyn3rgy for his awesome work: https://t.co/8bfwJiSl4E which I just ported.
Thx @byt3bl33d3r and @mpgn_x64 for this awesome tool.
π https://github.com/Porchetta-Industries/CrackMapExec/pull/606
π https://github.com/zyn3rgy/LdapRelayScan
π₯ [ tweet ]
π [ an0n_r0, an0n ]
if anyone runs into "unsupported hash type MD4" (on fully updated Kali) like me (for example by using BloodHound Python ingestor), it is because openssl legacy algorithms are being dropped from config. here is the fix from FluffMe: https://t.co/E89SOZSlOu
π https://gitlab.com/kalilinux/packages/kali-tweaks/-/issues/27
π₯ [ tweet ]
if anyone runs into "unsupported hash type MD4" (on fully updated Kali) like me (for example by using BloodHound Python ingestor), it is because openssl legacy algorithms are being dropped from config. here is the fix from FluffMe: https://t.co/E89SOZSlOu
π https://gitlab.com/kalilinux/packages/kali-tweaks/-/issues/27
π₯ [ tweet ]
πΉ [ snovvcrash, snπ₯Άvvcrπ₯sh ]
@XakepRU, ΡΠΏΠ°ΡΠΈΠ±ΠΎ Π·Π° ΠΏΠΎΠ΄Π³ΠΎΠ½ π€π
π₯ [ tweet ]
@XakepRU, ΡΠΏΠ°ΡΠΈΠ±ΠΎ Π·Π° ΠΏΠΎΠ΄Π³ΠΎΠ½ π€π
π₯ [ tweet ]
π [ TrustedSec, TrustedSec ]
Continuing with some cross-site scripting (XSS) fun, @hoodoer demonstrates how to capture credentials from a login form using an IFrame trap.
https://t.co/q1MzMA9A9w
π https://hubs.la/Q01gmrKB0
π₯ [ tweet ]
Continuing with some cross-site scripting (XSS) fun, @hoodoer demonstrates how to capture credentials from a login form using an IFrame trap.
https://t.co/q1MzMA9A9w
π https://hubs.la/Q01gmrKB0
π₯ [ tweet ]
π₯1
πΉ [ snovvcrash, snπ₯Άvvcrπ₯sh ]
To summarize @NotMedicβs idea of an alternative approach for running NanoDump from memory (as a BOF) Iβve added a note on using RunOF (by @Nettitude_Labs) filelessly ππ» https://t.co/SpuXr1PXQQ
#bof #nanodump #lsass
π https://ppn.snovvcrash.rocks/red-team/maldev/bof-coff#runof
π₯ [ tweet ]
To summarize @NotMedicβs idea of an alternative approach for running NanoDump from memory (as a BOF) Iβve added a note on using RunOF (by @Nettitude_Labs) filelessly ππ» https://t.co/SpuXr1PXQQ
#bof #nanodump #lsass
π https://ppn.snovvcrash.rocks/red-team/maldev/bof-coff#runof
π₯ [ tweet ]
π [ M4yFly, Mayfly ]
Let's play with the ad lab, goadv2:
https://t.co/zvysxTYQlq
https://t.co/xdd4UD44TN
https://t.co/NTvxzojcAv
π https://mayfly277.github.io/posts/GOADv2-pwning_part1/
π https://mayfly277.github.io/posts/GOADv2-pwning-part2/
π https://mayfly277.github.io/posts/GOADv2-pwning-part3/
π₯ [ tweet ]
Let's play with the ad lab, goadv2:
https://t.co/zvysxTYQlq
https://t.co/xdd4UD44TN
https://t.co/NTvxzojcAv
π https://mayfly277.github.io/posts/GOADv2-pwning_part1/
π https://mayfly277.github.io/posts/GOADv2-pwning-part2/
π https://mayfly277.github.io/posts/GOADv2-pwning-part3/
π₯ [ tweet ]
π [ mpgn_x64, mpgn ]
Dumping SAM from a live Kali Linux in 2022 π½
1β£ cd Windows/System32/config
2β£ pypykatz registry --sam SAM SYSTEM
Tools like chntpw, bkhive, pwdump, samdump2 are not working on latest Windows 10 π
https://t.co/LyHlBnvcCX
π https://security.stackexchange.com/a/158174/41351
π₯ [ tweet ]
Dumping SAM from a live Kali Linux in 2022 π½
1β£ cd Windows/System32/config
2β£ pypykatz registry --sam SAM SYSTEM
Tools like chntpw, bkhive, pwdump, samdump2 are not working on latest Windows 10 π
https://t.co/LyHlBnvcCX
π https://security.stackexchange.com/a/158174/41351
π₯ [ tweet ]
π1
π [ _mohemiv, Arseniy Sharoglazov ]
𧨠Be aware, dnSpy .NET Debugger / Assembly Editor has been trojaned again!
In Google's TOP 2, there was a malicious site maintained by threat actors, who also distributed infected CPU-Z, Notepad++, MinGW, and many more.
π― Thanks to NameSilo, the domain has been deactivated!
π₯ [ tweet ]
𧨠Be aware, dnSpy .NET Debugger / Assembly Editor has been trojaned again!
In Google's TOP 2, there was a malicious site maintained by threat actors, who also distributed infected CPU-Z, Notepad++, MinGW, and many more.
π― Thanks to NameSilo, the domain has been deactivated!
π₯ [ tweet ]
π [ 0xdeaddood, leandro ]
Just merged to Impacket the [MS-TSTS] Terminal Services Terminal Server Runtime Interface Protocol implementation ππ₯
The PR also includes a new tool that allows you to run qwinsta, tasklist, taskkill, and more commands remotely!
Thanks @nopernikπ
https://t.co/uZgHTChSPe
π https://github.com/SecureAuthCorp/impacket/pull/1327
π₯ [ tweet ]
Just merged to Impacket the [MS-TSTS] Terminal Services Terminal Server Runtime Interface Protocol implementation ππ₯
The PR also includes a new tool that allows you to run qwinsta, tasklist, taskkill, and more commands remotely!
Thanks @nopernikπ
https://t.co/uZgHTChSPe
π https://github.com/SecureAuthCorp/impacket/pull/1327
π₯ [ tweet ]
π [ ippsec, ippsec ]
HackTheBox RouterSpace video is now up, the tough thing with this box was getting an Android VM up and running to test the APK File. I'm always amazed at how much trouble I have with the normal Android SDK Manager, thankful for Genymotion here. https://t.co/LQ1UP6k9F3
π https://youtu.be/bilgniEPOfs
π₯ [ tweet ]
HackTheBox RouterSpace video is now up, the tough thing with this box was getting an Android VM up and running to test the APK File. I'm always amazed at how much trouble I have with the normal Android SDK Manager, thankful for Genymotion here. https://t.co/LQ1UP6k9F3
π https://youtu.be/bilgniEPOfs
π₯ [ tweet ]
π₯1
π [ DirectoryRanger, DirectoryRanger ]
Implementing Global Injection and Hooking in Windows, by @m417z
https://t.co/ayx9cFZPdp
π https://m417z.com/Implementing-Global-Injection-and-Hooking-in-Windows/
π₯ [ tweet ]
Implementing Global Injection and Hooking in Windows, by @m417z
https://t.co/ayx9cFZPdp
π https://m417z.com/Implementing-Global-Injection-and-Hooking-in-Windows/
π₯ [ tweet ]
π [ DirectoryRanger, DirectoryRanger ]
Good series on AD sec by @Bhaskarpal__
(1) https://t.co/LT3oD9bqDU
(2) https://t.co/CCkeWe3Nuy
(3) https://t.co/B4egj79cUg
(4) https://t.co/zN0GkXlZfS
(5) https://t.co/kgKlIxla0I
π https://0xstarlight.github.io/posts/Active-Directory-Introduction/
π https://0xstarlight.github.io/posts/Offensive-PowerShell/
π https://0xstarlight.github.io/posts/Active-Directory-Local-Privilege-Escalation/
π https://0xstarlight.github.io/posts/Active-Directory-Lateral-Movement/
π https://0xstarlight.github.io/posts/Active-Directory-Domain-Persistence/
π₯ [ tweet ]
Good series on AD sec by @Bhaskarpal__
(1) https://t.co/LT3oD9bqDU
(2) https://t.co/CCkeWe3Nuy
(3) https://t.co/B4egj79cUg
(4) https://t.co/zN0GkXlZfS
(5) https://t.co/kgKlIxla0I
π https://0xstarlight.github.io/posts/Active-Directory-Introduction/
π https://0xstarlight.github.io/posts/Offensive-PowerShell/
π https://0xstarlight.github.io/posts/Active-Directory-Local-Privilege-Escalation/
π https://0xstarlight.github.io/posts/Active-Directory-Lateral-Movement/
π https://0xstarlight.github.io/posts/Active-Directory-Domain-Persistence/
π₯ [ tweet ]
π [ ghostlulz1337, ghostlulz ]
Cool blog on abusing callback functions to execute shellcode. There are so many windows APIs that can be leveraged to execute your shellcode. Really cool stuff!
https://t.co/D1WJT80ehW
#redteam #infosec
π http://ropgadget.com/posts/abusing_win_functions.html
π₯ [ tweet ]
Cool blog on abusing callback functions to execute shellcode. There are so many windows APIs that can be leveraged to execute your shellcode. Really cool stuff!
https://t.co/D1WJT80ehW
#redteam #infosec
π http://ropgadget.com/posts/abusing_win_functions.html
π₯ [ tweet ]
π [ al3x_m3rcer, m3rcer ]
Here's the official release of Chisel-Strike: A .NET XOR encrypted Cobalt Strike Aggressor implementation for chisel to utilize faster proxy and advanced socks5 capabilities.
https://t.co/1wlwABP71E
#RedTeaming #CobaltStrike #Pentesting
π https://github.com/m3rcer/Chisel-Strike
π₯ [ tweet ]
Here's the official release of Chisel-Strike: A .NET XOR encrypted Cobalt Strike Aggressor implementation for chisel to utilize faster proxy and advanced socks5 capabilities.
https://t.co/1wlwABP71E
#RedTeaming #CobaltStrike #Pentesting
π https://github.com/m3rcer/Chisel-Strike
π₯ [ tweet ]
π [ C5pider, 5pider ]
Perform HTTP/s requests using WinHTTP and optional get response.
https://t.co/HAwhep2Pyv
π https://gist.github.com/Cracked5pider/4f784ad7405eeda45a13a2b2638b85ec
π₯ [ tweet ]
Perform HTTP/s requests using WinHTTP and optional get response.
https://t.co/HAwhep2Pyv
π https://gist.github.com/Cracked5pider/4f784ad7405eeda45a13a2b2638b85ec
π₯ [ tweet ]
π [ _dirkjan, Dirk-jan ]
New blog: "Abusing forgotten permissions on computer objects in Active Directory".
The post is a dive into permissions that are set when you pre-create computer accounts the wrong way, why BloodHound missed those and how to abuse, fix, or monitor for this. https://t.co/T8WmiIoL53
π https://dirkjanm.io/abusing-forgotten-permissions-on-precreated-computer-objects-in-active-directory/
π₯ [ tweet ]
New blog: "Abusing forgotten permissions on computer objects in Active Directory".
The post is a dive into permissions that are set when you pre-create computer accounts the wrong way, why BloodHound missed those and how to abuse, fix, or monitor for this. https://t.co/T8WmiIoL53
π https://dirkjanm.io/abusing-forgotten-permissions-on-precreated-computer-objects-in-active-directory/
π₯ [ tweet ]