π [ FuzzySec, b33f ]
Write your Own Virtual Machine - https://t.co/uxU72UacRN
π https://www.jmeiners.com/lc3-vm/
π₯ [ tweet ]
Write your Own Virtual Machine - https://t.co/uxU72UacRN
π https://www.jmeiners.com/lc3-vm/
π₯ [ tweet ]
πΉ [ snovvcrash, snπ₯Άvvcrπ₯sh ]
π§΅(1/3) I get so excited every time I contribute to #impacket π€ Anyways, hereβs an upcoming update to secretsdump[.]py βͺοΈ Thereβs now this -ldapfilter option that allows an attacker to #DCSync a bunch of user with a single shot π§¨
https://t.co/4ASCbqysj8
π https://github.com/SecureAuthCorp/impacket/pull/1329
π₯ [ tweet ]
π§΅(1/3) I get so excited every time I contribute to #impacket π€ Anyways, hereβs an upcoming update to secretsdump[.]py βͺοΈ Thereβs now this -ldapfilter option that allows an attacker to #DCSync a bunch of user with a single shot π§¨
https://t.co/4ASCbqysj8
π https://github.com/SecureAuthCorp/impacket/pull/1329
π₯ [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
π [ x86matthew, x86matthew ]
EmbedExeReg - Embedding an EXE inside a .REG file with automatic execution
Create a .reg file containing a hidden payload
https://t.co/4hPKoFWCk0
π https://www.x86matthew.com/view_post?id=embed_exe_reg
π₯ [ tweet ]
EmbedExeReg - Embedding an EXE inside a .REG file with automatic execution
Create a .reg file containing a hidden payload
https://t.co/4hPKoFWCk0
π https://www.x86matthew.com/view_post?id=embed_exe_reg
π₯ [ tweet ]
π [ metasploit, Metasploit Project ]
A new LDAP Query module! π¦Ύ
https://t.co/payirwnUQf
π https://youtu.be/yYlwZwhycwE
π₯ [ tweet ]
A new LDAP Query module! π¦Ύ
https://t.co/payirwnUQf
π https://youtu.be/yYlwZwhycwE
π₯ [ tweet ]
π [ ReconOne_, ReconOne ]
Have you ever looked for Open Redirects? Try this π π£
#recontips #AttackSurface #bugbountytips #bugbounty #openredirect #recon #httpx
π₯ [ tweet ]
Have you ever looked for Open Redirects? Try this π π£
#recontips #AttackSurface #bugbountytips #bugbounty #openredirect #recon #httpx
π₯ [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
π [ dekel_paz, Dekel Paz ]
Uploaded a new script that adds vulnerabilities to #BloodHound by parsing scanner reports. Now you can search for vulnerable hosts in your network with paths to Domain Admins!
https://t.co/voN11IR3NL
P.S. did you catch the upcoming #BlueHound spoiler at the end?
@ZeroNetworks
π https://github.com/zeronetworks/BloodHound-Tools/tree/main/VulnerabilitiesDataImport
π₯ [ tweet ]
Uploaded a new script that adds vulnerabilities to #BloodHound by parsing scanner reports. Now you can search for vulnerable hosts in your network with paths to Domain Admins!
https://t.co/voN11IR3NL
P.S. did you catch the upcoming #BlueHound spoiler at the end?
@ZeroNetworks
π https://github.com/zeronetworks/BloodHound-Tools/tree/main/VulnerabilitiesDataImport
π₯ [ tweet ]
π [ Six2dez1, Six2dez ]
My mate @cybersecivan has released a small golang utility to grab the latest trending CVE's from @CVEtrends to easily pipe in your workflow π₯
Check it out!
https://t.co/6VlyN8ihxW
π https://github.com/tr3ss/gofetch
π₯ [ tweet ]
My mate @cybersecivan has released a small golang utility to grab the latest trending CVE's from @CVEtrends to easily pipe in your workflow π₯
Check it out!
https://t.co/6VlyN8ihxW
π https://github.com/tr3ss/gofetch
π₯ [ tweet ]
πΉ [ snovvcrash, snπ₯Άvvcrπ₯sh ]
𧡠(1/x) Reanimating ADCSPwn thread (in a simple way) β¬
You all know this great tool by @_batsec_, but unfortunately Microsoft broke it with one of those anti-PetitPotam patches a while ago β¬
https://t.co/LeYa5s5sfv
#lpe #adcs #petitpotam #webdav
π https://github.com/bats3c/ADCSPwn/issues/3#issuecomment-901713533
π₯ [ tweet ]
𧡠(1/x) Reanimating ADCSPwn thread (in a simple way) β¬
You all know this great tool by @_batsec_, but unfortunately Microsoft broke it with one of those anti-PetitPotam patches a while ago β¬
https://t.co/LeYa5s5sfv
#lpe #adcs #petitpotam #webdav
π https://github.com/bats3c/ADCSPwn/issues/3#issuecomment-901713533
π₯ [ tweet ]
πΉ [ snovvcrash, snπ₯Άvvcrπ₯sh ]
𧡠(2/x) So that now the execution hangs like follows β¬
π₯ [ tweet ]
𧡠(2/x) So that now the execution hangs like follows β¬
π₯ [ tweet ]
πΉ [ snovvcrash, snπ₯Άvvcrπ₯sh ]
𧡠(3/x) But guess what, thereβs another super cool tool β Coercer (by @podalirius_) β which can be used to trigger the authentication with a different API that is not affected by the ad-hoc check provided in the patch β¬
π₯ [ tweet ]
𧡠(3/x) But guess what, thereβs another super cool tool β Coercer (by @podalirius_) β which can be used to trigger the authentication with a different API that is not affected by the ad-hoc check provided in the patch β¬
π₯ [ tweet ]
πΉ [ snovvcrash, snπ₯Άvvcrπ₯sh ]
𧡠(4/x) And now *tada* I can get my machine account certificate on a fully patched Windows 10 β¬
π₯ [ tweet ]
𧡠(4/x) And now *tada* I can get my machine account certificate on a fully patched Windows 10 β¬
π₯ [ tweet ]
πΉ [ snovvcrash, snπ₯Άvvcrπ₯sh ]
𧡠(5/x) Check out @Flangvikβs stream to know more about ADCSPwn usage: https://t.co/nG8gRKo3rn
π https://youtu.be/W9pUCVxe59Q
π₯ [ tweet ]
𧡠(5/x) Check out @Flangvikβs stream to know more about ADCSPwn usage: https://t.co/nG8gRKo3rn
π https://youtu.be/W9pUCVxe59Q
π₯ [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
π [ _dirkjan, Dirk-jan ]
Working on some tooling, and managed to get PRT injection during browser sign-in working with Selenium. If you steal a PRT from a hybrid/compliant device, you can use this to "upgrade" the sign-in of other users, to comply with conditional access policies requiring this status.
π₯ [ tweet ]
Working on some tooling, and managed to get PRT injection during browser sign-in working with Selenium. If you steal a PRT from a hybrid/compliant device, you can use this to "upgrade" the sign-in of other users, to comply with conditional access policies requiring this status.
π₯ [ tweet ]
π [ m3g9tr0n, Spiros Fraganastasis ]
Similar to Petitpotam, the netdfs service is enabled in Windows Server and AD environments, and the abused RPC method allows privileged processes to access malicious pipes for exploitation https://t.co/DtcR08PDTN
π https://github.com/crisprss/magicNetdefs
π₯ [ tweet ]
Similar to Petitpotam, the netdfs service is enabled in Windows Server and AD environments, and the abused RPC method allows privileged processes to access malicious pipes for exploitation https://t.co/DtcR08PDTN
π https://github.com/crisprss/magicNetdefs
π₯ [ tweet ]
π [ d4rckh, d4rckh ]
btw, i made a very simple http redirector (also in nim) which can be used with probably any c2 you can imagine
https://t.co/GMfRMpXrSV #redteam
π https://github.com/d4rckh/http-redirector
π₯ [ tweet ]
btw, i made a very simple http redirector (also in nim) which can be used with probably any c2 you can imagine
https://t.co/GMfRMpXrSV #redteam
π https://github.com/d4rckh/http-redirector
π₯ [ tweet ]
π [ tifkin_, Lee Christensen ]
Users password/doc syncing in corporate environments is dangerous. I've seen many corporate users - particularly IT admins - with Chrome Password sync enabled or Last/pass/1pass installed.
The home computer the DA password is synced to that their kids use doesn't have <FancyEDR>
π₯ [ tweet ]
Users password/doc syncing in corporate environments is dangerous. I've seen many corporate users - particularly IT admins - with Chrome Password sync enabled or Last/pass/1pass installed.
The home computer the DA password is synced to that their kids use doesn't have <FancyEDR>
π₯ [ tweet ]
π [ vinopaljiri, JiΕΓ Vinopal ]
Using #Powershell based on .NET >= 5 or .NET Core (so also latest Powershell Linux/Windows) you can easily natively manipulate with PE and do things like in the picture below (ML processing of .data section strings using #StringSifter) πππ
π₯ [ tweet ]
Using #Powershell based on .NET >= 5 or .NET Core (so also latest Powershell Linux/Windows) you can easily natively manipulate with PE and do things like in the picture below (ML processing of .data section strings using #StringSifter) πππ
π₯ [ tweet ]