π [ 0xdf_, 0xdf ]
Acute from @hackthebox_eu was just a hard pure Windows box. I'll pivot between two hosts largely relying on credentials and enumeration to get domain admin.
https://t.co/p0Fhgak2dI
π https://0xdf.gitlab.io/2022/07/16/htb-acute.html
π₯ [ tweet ]
Acute from @hackthebox_eu was just a hard pure Windows box. I'll pivot between two hosts largely relying on credentials and enumeration to get domain admin.
https://t.co/p0Fhgak2dI
π https://0xdf.gitlab.io/2022/07/16/htb-acute.html
π₯ [ tweet ]
π [ ippsec, ippsec ]
#HackTheBox Acute video is now up! This was a tough Windows box with all the pivots between users. I decided to try out ConPtyShell to get a full PTY on Windows, had to do some light modifications to bypass Defender. https://t.co/hey5QSjGDr
π https://youtu.be/jDYte7xNY1g
π₯ [ tweet ]
#HackTheBox Acute video is now up! This was a tough Windows box with all the pivots between users. I decided to try out ConPtyShell to get a full PTY on Windows, had to do some light modifications to bypass Defender. https://t.co/hey5QSjGDr
π https://youtu.be/jDYte7xNY1g
π₯ [ tweet ]
π [ HuskyHacksMK, Matt | HuskyHacks ]
πNew note is up on https://t.co/DIZF98zvlm
Threat emulation for Windows Installer (MSI) -> DLL malware. Learn how to make a malicious MSI like all the cool kids!
https://t.co/6vWFQckIWE
π http://notes.huskyhacks.dev
π https://notes.huskyhacks.dev/notes/ms-interloper-on-the-subject-of-malicious-msis
π₯ [ tweet ]
πNew note is up on https://t.co/DIZF98zvlm
Threat emulation for Windows Installer (MSI) -> DLL malware. Learn how to make a malicious MSI like all the cool kids!
https://t.co/6vWFQckIWE
π http://notes.huskyhacks.dev
π https://notes.huskyhacks.dev/notes/ms-interloper-on-the-subject-of-malicious-msis
π₯ [ tweet ]
π [ an0n_r0, an0n ]
may be obsolete, because impacket has already included this in its examples, but added Kerberos auth support for writing msDS-AllowedToActOnBehalfOfOtherIdentity property. https://t.co/UGjU3Rt357
π https://github.com/tothi/rbcd-attack
π₯ [ tweet ]
may be obsolete, because impacket has already included this in its examples, but added Kerberos auth support for writing msDS-AllowedToActOnBehalfOfOtherIdentity property. https://t.co/UGjU3Rt357
π https://github.com/tothi/rbcd-attack
π₯ [ tweet ]
π [ campuscodi, Catalin Cimpanu ]
Pretender, a cross-platform tool to obtain a machine-in-the-middle position inside Windows networks
Blog: https://t.co/RS2REMMeA1
GitHub: https://t.co/GCXEgBsOPF
π https://blog.redteam-pentesting.de/2022/introducing-pretender/
π https://github.com/RedTeamPentesting/pretender
π₯ [ tweet ]
Pretender, a cross-platform tool to obtain a machine-in-the-middle position inside Windows networks
Blog: https://t.co/RS2REMMeA1
GitHub: https://t.co/GCXEgBsOPF
π https://blog.redteam-pentesting.de/2022/introducing-pretender/
π https://github.com/RedTeamPentesting/pretender
π₯ [ tweet ]
π [ LittleJoeTables, Moloch ]
For anyone that wants wants to follow along with the Sliver GUI development I've open sourced what I've completed so far. However, it's not a priority and no timeline on feature-complete: https://t.co/YcKmTL0nRi
PRs welcome :)
π https://github.com/BishopFox/sliver-gui
π₯ [ tweet ]
For anyone that wants wants to follow along with the Sliver GUI development I've open sourced what I've completed so far. However, it's not a priority and no timeline on feature-complete: https://t.co/YcKmTL0nRi
PRs welcome :)
π https://github.com/BishopFox/sliver-gui
π₯ [ tweet ]
π [ tiraniddo, James Forshaw ]
I recommended to @_dirkjan to try my NtObjectManager PS module to do an AD access check, but of course I provided no guidance. Therefore, here's a quick blog post with an overview of the checking process and how to use the Get-AccessibleDsObject command. https://t.co/ZOoJe6DHAS
π https://www.tiraniddo.dev/2022/07/access-checking-active-directory.html
π₯ [ tweet ]
I recommended to @_dirkjan to try my NtObjectManager PS module to do an AD access check, but of course I provided no guidance. Therefore, here's a quick blog post with an overview of the checking process and how to use the Get-AccessibleDsObject command. https://t.co/ZOoJe6DHAS
π https://www.tiraniddo.dev/2022/07/access-checking-active-directory.html
π₯ [ tweet ]
π [ 0gtweet, Grzegorz Tworek ]
Didn't described it precisely so far:
If you put 'mpnotify' value into the HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, your exe will be launched by winlogon.exe when user logs on. After 30s the process will be terminated.
https://t.co/36luTJ3vqB
π https://persistence-info.github.io/Data/mpnotify.html
π₯ [ tweet ]
Didn't described it precisely so far:
If you put 'mpnotify' value into the HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, your exe will be launched by winlogon.exe when user logs on. After 30s the process will be terminated.
https://t.co/36luTJ3vqB
π https://persistence-info.github.io/Data/mpnotify.html
π₯ [ tweet ]
π [ m3g9tr0n, Spiros Fraganastasis ]
Malware Mutation Using Reinforcement Learning and Generative Adversarial Networks https://t.co/WxPdaOEkhj
π https://github.com/CyberForce/Pesidious
π₯ [ tweet ]
Malware Mutation Using Reinforcement Learning and Generative Adversarial Networks https://t.co/WxPdaOEkhj
π https://github.com/CyberForce/Pesidious
π₯ [ tweet ]
πΉ [ snovvcrash, snπ₯Άvvcrπ₯sh ]
[#Tooling βοΈ] Inspired by @s4ntiago_p and NanoDump Iβve fully switched to API Hashing for Windows API and syscalls resolution in DInjector. A quick re-hashing can be performed before compilation with a Python script.
π₯ [ tweet ]
[#Tooling βοΈ] Inspired by @s4ntiago_p and NanoDump Iβve fully switched to API Hashing for Windows API and syscalls resolution in DInjector. A quick re-hashing can be performed before compilation with a Python script.
π₯ [ tweet ]
π [ Cx01N_, Cx01N ]
This is great!
https://t.co/xkvlT03Wf1
π https://github.com/NARKOZ/hacker-scripts
π₯ [ tweet ]
This is great!
https://t.co/xkvlT03Wf1
π https://github.com/NARKOZ/hacker-scripts
π₯ [ tweet ]
π [ _nwodtuhs, Charlie Bromberg (Shutdown) ]
After 4 months of testing/peer-review and the PR being in draft, dacledit is now ready for official review and merge in Impacket πͺ This script can be used to read, write, remove, backup, restore ACEs in an object's DACL, see you soon when merged π
https://t.co/nQGZy1dnbR
π https://github.com/SecureAuthCorp/impacket/pull/1291
π₯ [ tweet ]
After 4 months of testing/peer-review and the PR being in draft, dacledit is now ready for official review and merge in Impacket πͺ This script can be used to read, write, remove, backup, restore ACEs in an object's DACL, see you soon when merged π
https://t.co/nQGZy1dnbR
π https://github.com/SecureAuthCorp/impacket/pull/1291
π₯ [ tweet ]
π [ lpha3ch0, Steve Campbell ]
My latest blog post, Pivoting for Pentesters https://t.co/9N1gxtdJXn #infosec #pentest #redteam
π https://www.stevencampbell.info/Pivoting-for-pentesters/
π₯ [ tweet ]
My latest blog post, Pivoting for Pentesters https://t.co/9N1gxtdJXn #infosec #pentest #redteam
π https://www.stevencampbell.info/Pivoting-for-pentesters/
π₯ [ tweet ]
π [ ReconOne_, ReconOne ]
Shodan Dork in Manual mode - Part 1
Now that you all have Shodan membership it's time to try Shodan Dorks ππ
Credits: @securitytrails
#recon #Shodan #attacksurface #bugbountytips #BugBounty #cybersecurity
π₯ [ tweet ]
Shodan Dork in Manual mode - Part 1
Now that you all have Shodan membership it's time to try Shodan Dorks ππ
Credits: @securitytrails
#recon #Shodan #attacksurface #bugbountytips #BugBounty #cybersecurity
π₯ [ tweet ]
π [ C5pider, 5pider ]
CoffeeLdr
A Beacon Object File Loader
https://t.co/vD2QlGhLov
π https://github.com/Cracked5pider/CoffeeLdr
π₯ [ tweet ]
CoffeeLdr
A Beacon Object File Loader
https://t.co/vD2QlGhLov
π https://github.com/Cracked5pider/CoffeeLdr
π₯ [ tweet ]
π [ i_bo0om, Bo0oM ]
20 years of payment processing problems
Ru: https://t.co/Xp81RFL9hQ
En: https://t.co/aDep1kdgyu
π https://bo0om.ru/20-years-of-payment-processing-problems
π https://bo0om.ru/20-years-of-payment-processing-problems-en
π₯ [ tweet ]
20 years of payment processing problems
Ru: https://t.co/Xp81RFL9hQ
En: https://t.co/aDep1kdgyu
π https://bo0om.ru/20-years-of-payment-processing-problems
π https://bo0om.ru/20-years-of-payment-processing-problems-en
π₯ [ tweet ]
π [ mpgn_x64, mpgn ]
I just merged one of the most craziest module in CrackMapExec called "hash_spider" from @hackerm00n π
With an initial admin access, it will dump lsass recursively using BloodHound to find local admins path (adminTo) to harvest more users and find new paths until DA π₯
πͺ
π₯ [ tweet ]
I just merged one of the most craziest module in CrackMapExec called "hash_spider" from @hackerm00n π
With an initial admin access, it will dump lsass recursively using BloodHound to find local admins path (adminTo) to harvest more users and find new paths until DA π₯
πͺ
π₯ [ tweet ]
π [ an0n_r0, an0n ]
elevated CVE-2022-30166 EoP to SYSTEM. the work was done by @tiraniddo, here I just modified their PoC for getting TGT dump, did some custom ticket conversion stuff then RBCD attack with the machine Kerberos TGT. works only if AllowTgtSessionKey (non-default) is enabled.
π₯ [ tweet ][ quote ]
elevated CVE-2022-30166 EoP to SYSTEM. the work was done by @tiraniddo, here I just modified their PoC for getting TGT dump, did some custom ticket conversion stuff then RBCD attack with the machine Kerberos TGT. works only if AllowTgtSessionKey (non-default) is enabled.
π₯ [ tweet ][ quote ]