π [ BoreanJordan, Jordan Borean ]
Just merged in some RPC/DCE changes to pyspnego https://t.co/lDdBqUetLa. I also created a new blob post around some of the details of RPC encryption used by Microsoft that will hopefully be useful for other people implementing their own client https://t.co/clj7oi6eAL
π https://github.com/jborean93/pyspnego/pull/63
π https://wp.me/p9gmIx-ax
π₯ [ tweet ]
Just merged in some RPC/DCE changes to pyspnego https://t.co/lDdBqUetLa. I also created a new blob post around some of the details of RPC encryption used by Microsoft that will hopefully be useful for other people implementing their own client https://t.co/clj7oi6eAL
π https://github.com/jborean93/pyspnego/pull/63
π https://wp.me/p9gmIx-ax
π₯ [ tweet ]
π [ 0gtweet, Grzegorz Tworek ]
A keylogger/sniffer for the on-screen-keyboard? Sure, ETW is happy to help here with {4F768BE8-9C69-4BBC-87FC-95291D3F9D0C}π
Enjoy the C source code, and the compiled exe, as usual - https://t.co/FT73HaxM1c
π https://github.com/gtworek/PSBits/tree/master/ETW
π₯ [ tweet ]
A keylogger/sniffer for the on-screen-keyboard? Sure, ETW is happy to help here with {4F768BE8-9C69-4BBC-87FC-95291D3F9D0C}π
Enjoy the C source code, and the compiled exe, as usual - https://t.co/FT73HaxM1c
π https://github.com/gtworek/PSBits/tree/master/ETW
π₯ [ tweet ]
π₯1
Forwarded from PT SWARM
Microsoft Exchange Powershell Remoting Deserialization leading to RCE (CVE-2023-21707)
π€ by testanull
While analyzing CVE-2022-41082, also known as Proxy Not Shell, researcher discovered CVE-2023-21707 vulnerability which he has detailed in this blog.
The vulnerability allows a privileged user to trigger RCE during a deserialization of untrusted data.
π Contents:
β Introduction
β The new variant
β Payload delivery
β Demo
β References
https://starlabs.sg/blog/2023/04-microsoft-exchange-powershell-remoting-deserialization-leading-to-rce-cve-2023-21707/
π€ by testanull
While analyzing CVE-2022-41082, also known as Proxy Not Shell, researcher discovered CVE-2023-21707 vulnerability which he has detailed in this blog.
The vulnerability allows a privileged user to trigger RCE during a deserialization of untrusted data.
π Contents:
β Introduction
β The new variant
β Payload delivery
β Demo
β References
https://starlabs.sg/blog/2023/04-microsoft-exchange-powershell-remoting-deserialization-leading-to-rce-cve-2023-21707/
π [ s4ntiago_p, S4ntiagoP ]
π₯ Big update!
Nanodump now supports the PPLMedic exploit!
meaning you can dump LSASS on an up-to-date system with PPL enabled π
https://t.co/Ki22xU5P4a
π https://github.com/fortra/nanodump
π₯ [ tweet ]
π₯ Big update!
Nanodump now supports the PPLMedic exploit!
meaning you can dump LSASS on an up-to-date system with PPL enabled π
https://t.co/Ki22xU5P4a
π https://github.com/fortra/nanodump
π₯ [ tweet ]
π [ rootsecdev, rootsecdev ]
Enjoyed this medium post. It has some excellent recommendations for studying Active Directory. Chisel stuff is spot on. π
βAD FOR OSCP (Active Directory Guide)β by Abhishekgk
https://t.co/QSWTosQvlI
π https://link.medium.com/SSaz6xsdqzb
π₯ [ tweet ]
Enjoyed this medium post. It has some excellent recommendations for studying Active Directory. Chisel stuff is spot on. π
βAD FOR OSCP (Active Directory Guide)β by Abhishekgk
https://t.co/QSWTosQvlI
π https://link.medium.com/SSaz6xsdqzb
π₯ [ tweet ]
π₯2
π [ mpgn_x64, mpgn ]
The sponsor version of CrackMapExec just receive an update from @MJHallenbeck π
βΆοΈ cme is now using rich logging from @willmcgugan
βΆοΈ a progress bar has been added πππ
βΆοΈ protocol ssh is now working with a key
βΆοΈ cmedb now store creds found with ssh
@porchetta_ind πͺ
π₯ [ tweet ]
The sponsor version of CrackMapExec just receive an update from @MJHallenbeck π
βΆοΈ cme is now using rich logging from @willmcgugan
βΆοΈ a progress bar has been added πππ
βΆοΈ protocol ssh is now working with a key
βΆοΈ cmedb now store creds found with ssh
@porchetta_ind πͺ
π₯ [ tweet ]
π₯5
π [ kleiton0x7e, Kleiton Kurti ]
Created a blogpost & a PoC for a custom Sleep Mask Kit that obfuscates data within a beacon's stack, prior to custom sleeping, by leveraging CPU cycles.
A great approach against memory investigation.
ποΈBlog: https://t.co/sop7XnF5tc
#cybersecurity #redteam #infosec
π https://whiteknightlabs.com/2023/05/02/masking-the-implant-with-stack-encryption/
π₯ [ tweet ]
Created a blogpost & a PoC for a custom Sleep Mask Kit that obfuscates data within a beacon's stack, prior to custom sleeping, by leveraging CPU cycles.
A great approach against memory investigation.
ποΈBlog: https://t.co/sop7XnF5tc
#cybersecurity #redteam #infosec
π https://whiteknightlabs.com/2023/05/02/masking-the-implant-with-stack-encryption/
π₯ [ tweet ]
π€―3
π [ Nettitude_Labs, Nettitude Labs ]
Introducing ETWHash!
ETWHash is a new method and tool by @lefterispan for consuming SMB events from Event Tracing for Windows (ETW) and extracting NetNTLMv2 hashes for cracking offline.
https://t.co/wLmsQf71J8
π https://labs.nettitude.com/blog/etwhash-he-who-listens-shall-receive/
π https://github.com/nettitude/ETWHash
π₯ [ tweet ]
Introducing ETWHash!
ETWHash is a new method and tool by @lefterispan for consuming SMB events from Event Tracing for Windows (ETW) and extracting NetNTLMv2 hashes for cracking offline.
https://t.co/wLmsQf71J8
π https://labs.nettitude.com/blog/etwhash-he-who-listens-shall-receive/
π https://github.com/nettitude/ETWHash
π₯ [ tweet ]
π₯1π€―1
π [ vxunderground, vx-underground ]
Amazon recommended Russian ransomware operator essentials
π₯ [ tweet ]
Amazon recommended Russian ransomware operator essentials
π₯ [ tweet ]
π11π₯1
π [ garrfoster, Garrett ]
Sharing a tool I wrote to streamline attacking SCCM. Some features include profiling target servers for admin smb relay attacks, site server takeover, http enrollment, and leveraging the adminservice api.
https://t.co/aiJzWIJNDR
π https://github.com/garrettfoster13/sccmhunter
π₯ [ tweet ]
Sharing a tool I wrote to streamline attacking SCCM. Some features include profiling target servers for admin smb relay attacks, site server takeover, http enrollment, and leveraging the adminservice api.
https://t.co/aiJzWIJNDR
π https://github.com/garrettfoster13/sccmhunter
π₯ [ tweet ]
π₯3
π [ PenTestPartners, Pen Test Partners ]
Our @_EthicalChaos_ found a vuln in Kape's CyberGhost VPN affecting ~3m users & reported it to them. It didn't go well. VDPs cannot be exclusively outsourced to bug bounty platforms. Bullied by Bugcrowd: https://t.co/xT4wJXMqMh
π https://www.pentestpartners.com/security-blog/bullied-by-bugcrowd-over-kape-cyberghost-disclosure/
π₯ [ tweet ]
Our @_EthicalChaos_ found a vuln in Kape's CyberGhost VPN affecting ~3m users & reported it to them. It didn't go well. VDPs cannot be exclusively outsourced to bug bounty platforms. Bullied by Bugcrowd: https://t.co/xT4wJXMqMh
π https://www.pentestpartners.com/security-blog/bullied-by-bugcrowd-over-kape-cyberghost-disclosure/
π₯ [ tweet ]
π€1
π [ deadvolvo, I am d3d (dead, ΠΌΡΡΡΠ², ζ»δΊ) ]
@NinjaParanoid They can literally change out Cobalt Strike for BRc4 in my paper, which should add a few more layers of obfuscation from direct detection methods.
https://t.co/8eilbLSKfO
π https://blog.malicious.group/automating-c2-infrastructure-with-terraform-nebula-caddy-and-cobalt-strike/
π₯ [ tweet ]
@NinjaParanoid They can literally change out Cobalt Strike for BRc4 in my paper, which should add a few more layers of obfuscation from direct detection methods.
https://t.co/8eilbLSKfO
π https://blog.malicious.group/automating-c2-infrastructure-with-terraform-nebula-caddy-and-cobalt-strike/
π₯ [ tweet ]
π€―4
π [ r_redteamsec, /r/redteamsec ]
Building a Red Team Infrastructure in 2023 https://t.co/NiysJBE3EC #redteamsec
π https://www.reddit.com/r/redteamsec/comments/13bkzrh/building_a_red_team_infrastructure_in_2023/
π₯ [ tweet ]
Building a Red Team Infrastructure in 2023 https://t.co/NiysJBE3EC #redteamsec
π https://www.reddit.com/r/redteamsec/comments/13bkzrh/building_a_red_team_infrastructure_in_2023/
π₯ [ tweet ]
π€1
This media is not supported in your browser
VIEW IN TELEGRAM
π [ its_a_feature_, Cody Thomas ]
It's official! Mythic 3.0 is LIVE! Check out the blog post about it here: https://t.co/LJb77jLqQZ. Highlights include: rpfwds, graph groupings, jupyter notebook, custom webhooks, tags, docker updates, and an entirely new back end!
π https://posts.specterops.io/c2-and-the-docker-dance-mythic-3-0s-marvelous-microservice-moves-f6e6e91356e2
π₯ [ tweet ]
It's official! Mythic 3.0 is LIVE! Check out the blog post about it here: https://t.co/LJb77jLqQZ. Highlights include: rpfwds, graph groupings, jupyter notebook, custom webhooks, tags, docker updates, and an entirely new back end!
π https://posts.specterops.io/c2-and-the-docker-dance-mythic-3-0s-marvelous-microservice-moves-f6e6e91356e2
π₯ [ tweet ]
π€―1
π [ _RastaMouse, Rasta Mouse ]
I wrote a little BOF that enumerates the protection level of a PP/PPL process.
https://t.co/98PxBX56OF
π https://github.com/rasta-mouse/PPEnum
π₯ [ tweet ]
I wrote a little BOF that enumerates the protection level of a PP/PPL process.
https://t.co/98PxBX56OF
π https://github.com/rasta-mouse/PPEnum
π₯ [ tweet ]
π€―2
π [ rootsecdev, rootsecdev ]
βWriting a Sliver C2 Powershell Stager with Shellcode Compression and AES Encryptionβ by Ycf-Kel
https://t.co/pFI88KOvIX
π https://link.medium.com/MluhuP9NKzb
π₯ [ tweet ]
βWriting a Sliver C2 Powershell Stager with Shellcode Compression and AES Encryptionβ by Ycf-Kel
https://t.co/pFI88KOvIX
π https://link.medium.com/MluhuP9NKzb
π₯ [ tweet ]
π₯4
π [ freefirex2, freefirex ]
Converting PPLFault (original: https://t.co/SjSmi2MYJa) has been one of the more difficult BOF converts, but was still pretty fun to tackle :)
π https://github.com/gabriellandau/PPLFault
π₯ [ tweet ]
ΠΊ ΡΠ΅ΠΌΠ΅ ΠΏΡΠΎ https://xn--r1a.website/RalfHackerChannel/1330
Converting PPLFault (original: https://t.co/SjSmi2MYJa) has been one of the more difficult BOF converts, but was still pretty fun to tackle :)
π https://github.com/gabriellandau/PPLFault
π₯ [ tweet ]
ΠΊ ΡΠ΅ΠΌΠ΅ ΠΏΡΠΎ https://xn--r1a.website/RalfHackerChannel/1330
π₯3
π [ Flangvik, Melvin langvik ]
In yesterday's stream, I began integrating @0xcc00 excellent project yetAnotherObfuscator with the SharpCollection Pipeline. Resulting in a new repo, https://t.co/RmVum0w6yt Usefull for CTF's or basic evasion!
π https://github.com/Flangvik/ObfuscatedSharpCollection
π₯ [ tweet ]
In yesterday's stream, I began integrating @0xcc00 excellent project yetAnotherObfuscator with the SharpCollection Pipeline. Resulting in a new repo, https://t.co/RmVum0w6yt Usefull for CTF's or basic evasion!
π https://github.com/Flangvik/ObfuscatedSharpCollection
π₯ [ tweet ]
π [ gregdarwin, Greg Darwin ]
New post on the Cobalt Strike blog by @joehowwolf:
https://t.co/GB13YgAlpP
π https://www.cobaltstrike.com/blog/cobalt-strike-and-yara-can-i-have-your-signature/
π₯ [ tweet ]
New post on the Cobalt Strike blog by @joehowwolf:
https://t.co/GB13YgAlpP
π https://www.cobaltstrike.com/blog/cobalt-strike-and-yara-can-i-have-your-signature/
π₯ [ tweet ]
π₯1