π [ metasploit, Metasploit Project ]
A new LDAP Query module! π¦Ύ
https://t.co/payirwnUQf
π https://youtu.be/yYlwZwhycwE
π₯ [ tweet ]
A new LDAP Query module! π¦Ύ
https://t.co/payirwnUQf
π https://youtu.be/yYlwZwhycwE
π₯ [ tweet ]
π [ ReconOne_, ReconOne ]
Have you ever looked for Open Redirects? Try this π π£
#recontips #AttackSurface #bugbountytips #bugbounty #openredirect #recon #httpx
π₯ [ tweet ]
Have you ever looked for Open Redirects? Try this π π£
#recontips #AttackSurface #bugbountytips #bugbounty #openredirect #recon #httpx
π₯ [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
π [ dekel_paz, Dekel Paz ]
Uploaded a new script that adds vulnerabilities to #BloodHound by parsing scanner reports. Now you can search for vulnerable hosts in your network with paths to Domain Admins!
https://t.co/voN11IR3NL
P.S. did you catch the upcoming #BlueHound spoiler at the end?
@ZeroNetworks
π https://github.com/zeronetworks/BloodHound-Tools/tree/main/VulnerabilitiesDataImport
π₯ [ tweet ]
Uploaded a new script that adds vulnerabilities to #BloodHound by parsing scanner reports. Now you can search for vulnerable hosts in your network with paths to Domain Admins!
https://t.co/voN11IR3NL
P.S. did you catch the upcoming #BlueHound spoiler at the end?
@ZeroNetworks
π https://github.com/zeronetworks/BloodHound-Tools/tree/main/VulnerabilitiesDataImport
π₯ [ tweet ]
π [ Six2dez1, Six2dez ]
My mate @cybersecivan has released a small golang utility to grab the latest trending CVE's from @CVEtrends to easily pipe in your workflow π₯
Check it out!
https://t.co/6VlyN8ihxW
π https://github.com/tr3ss/gofetch
π₯ [ tweet ]
My mate @cybersecivan has released a small golang utility to grab the latest trending CVE's from @CVEtrends to easily pipe in your workflow π₯
Check it out!
https://t.co/6VlyN8ihxW
π https://github.com/tr3ss/gofetch
π₯ [ tweet ]
πΉ [ snovvcrash, snπ₯Άvvcrπ₯sh ]
𧡠(1/x) Reanimating ADCSPwn thread (in a simple way) β¬
You all know this great tool by @_batsec_, but unfortunately Microsoft broke it with one of those anti-PetitPotam patches a while ago β¬
https://t.co/LeYa5s5sfv
#lpe #adcs #petitpotam #webdav
π https://github.com/bats3c/ADCSPwn/issues/3#issuecomment-901713533
π₯ [ tweet ]
𧡠(1/x) Reanimating ADCSPwn thread (in a simple way) β¬
You all know this great tool by @_batsec_, but unfortunately Microsoft broke it with one of those anti-PetitPotam patches a while ago β¬
https://t.co/LeYa5s5sfv
#lpe #adcs #petitpotam #webdav
π https://github.com/bats3c/ADCSPwn/issues/3#issuecomment-901713533
π₯ [ tweet ]
πΉ [ snovvcrash, snπ₯Άvvcrπ₯sh ]
𧡠(2/x) So that now the execution hangs like follows β¬
π₯ [ tweet ]
𧡠(2/x) So that now the execution hangs like follows β¬
π₯ [ tweet ]
πΉ [ snovvcrash, snπ₯Άvvcrπ₯sh ]
𧡠(3/x) But guess what, thereβs another super cool tool β Coercer (by @podalirius_) β which can be used to trigger the authentication with a different API that is not affected by the ad-hoc check provided in the patch β¬
π₯ [ tweet ]
𧡠(3/x) But guess what, thereβs another super cool tool β Coercer (by @podalirius_) β which can be used to trigger the authentication with a different API that is not affected by the ad-hoc check provided in the patch β¬
π₯ [ tweet ]
πΉ [ snovvcrash, snπ₯Άvvcrπ₯sh ]
𧡠(4/x) And now *tada* I can get my machine account certificate on a fully patched Windows 10 β¬
π₯ [ tweet ]
𧡠(4/x) And now *tada* I can get my machine account certificate on a fully patched Windows 10 β¬
π₯ [ tweet ]
πΉ [ snovvcrash, snπ₯Άvvcrπ₯sh ]
𧡠(5/x) Check out @Flangvikβs stream to know more about ADCSPwn usage: https://t.co/nG8gRKo3rn
π https://youtu.be/W9pUCVxe59Q
π₯ [ tweet ]
𧡠(5/x) Check out @Flangvikβs stream to know more about ADCSPwn usage: https://t.co/nG8gRKo3rn
π https://youtu.be/W9pUCVxe59Q
π₯ [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
π [ _dirkjan, Dirk-jan ]
Working on some tooling, and managed to get PRT injection during browser sign-in working with Selenium. If you steal a PRT from a hybrid/compliant device, you can use this to "upgrade" the sign-in of other users, to comply with conditional access policies requiring this status.
π₯ [ tweet ]
Working on some tooling, and managed to get PRT injection during browser sign-in working with Selenium. If you steal a PRT from a hybrid/compliant device, you can use this to "upgrade" the sign-in of other users, to comply with conditional access policies requiring this status.
π₯ [ tweet ]
π [ m3g9tr0n, Spiros Fraganastasis ]
Similar to Petitpotam, the netdfs service is enabled in Windows Server and AD environments, and the abused RPC method allows privileged processes to access malicious pipes for exploitation https://t.co/DtcR08PDTN
π https://github.com/crisprss/magicNetdefs
π₯ [ tweet ]
Similar to Petitpotam, the netdfs service is enabled in Windows Server and AD environments, and the abused RPC method allows privileged processes to access malicious pipes for exploitation https://t.co/DtcR08PDTN
π https://github.com/crisprss/magicNetdefs
π₯ [ tweet ]
π [ d4rckh, d4rckh ]
btw, i made a very simple http redirector (also in nim) which can be used with probably any c2 you can imagine
https://t.co/GMfRMpXrSV #redteam
π https://github.com/d4rckh/http-redirector
π₯ [ tweet ]
btw, i made a very simple http redirector (also in nim) which can be used with probably any c2 you can imagine
https://t.co/GMfRMpXrSV #redteam
π https://github.com/d4rckh/http-redirector
π₯ [ tweet ]
π [ tifkin_, Lee Christensen ]
Users password/doc syncing in corporate environments is dangerous. I've seen many corporate users - particularly IT admins - with Chrome Password sync enabled or Last/pass/1pass installed.
The home computer the DA password is synced to that their kids use doesn't have <FancyEDR>
π₯ [ tweet ]
Users password/doc syncing in corporate environments is dangerous. I've seen many corporate users - particularly IT admins - with Chrome Password sync enabled or Last/pass/1pass installed.
The home computer the DA password is synced to that their kids use doesn't have <FancyEDR>
π₯ [ tweet ]
π [ vinopaljiri, JiΕΓ Vinopal ]
Using #Powershell based on .NET >= 5 or .NET Core (so also latest Powershell Linux/Windows) you can easily natively manipulate with PE and do things like in the picture below (ML processing of .data section strings using #StringSifter) πππ
π₯ [ tweet ]
Using #Powershell based on .NET >= 5 or .NET Core (so also latest Powershell Linux/Windows) you can easily natively manipulate with PE and do things like in the picture below (ML processing of .data section strings using #StringSifter) πππ
π₯ [ tweet ]
π [ an0n_r0, an0n ]
had to fix couple of bugs of the sideload cmd in Sliver, but now it loads Mimikatz DLL (using Donut behind the scenes) and even bypasses Defender without much effort. it is still not perfect, output fetching is not working for some reason, but it is almost functional.
π₯ [ tweet ]
had to fix couple of bugs of the sideload cmd in Sliver, but now it loads Mimikatz DLL (using Donut behind the scenes) and even bypasses Defender without much effort. it is still not perfect, output fetching is not working for some reason, but it is almost functional.
π₯ [ tweet ]
π [ NinjaParanoid, Chetan Nayak (Brute Ratel C4) ]
Amongst all EDRs, SentinelOne applies the most userland hooks, not only in DLLs but also a few other places. So, I decided to make a brief video explaining it's hooks & traps in memory, & how #BruteRatel evades it. Video contains light reversing and dev!!
https://t.co/WdS0z4PSyD
π https://www.youtube.com/watch?v=qakZwswi5Jw
π₯ [ tweet ]
Amongst all EDRs, SentinelOne applies the most userland hooks, not only in DLLs but also a few other places. So, I decided to make a brief video explaining it's hooks & traps in memory, & how #BruteRatel evades it. Video contains light reversing and dev!!
https://t.co/WdS0z4PSyD
π https://www.youtube.com/watch?v=qakZwswi5Jw
π₯ [ tweet ]
π [ ORCA10K, ORCA ]
Released a poc on Perun's Fart by #sektor7, that patch ntdll, with a new one read from a suspended process, thus unhooking your syscalls
https://t.co/y3LKQrwOJL
π https://gitlab.com/ORCA000/perunsfart
π₯ [ tweet ]
Released a poc on Perun's Fart by #sektor7, that patch ntdll, with a new one read from a suspended process, thus unhooking your syscalls
https://t.co/y3LKQrwOJL
π https://gitlab.com/ORCA000/perunsfart
π₯ [ tweet ]