π [ eloypgz, Eloy ]
I've playing with AWS security, and found the resources/perms enumeration tools quite limited, so developed https://t.co/D0QLCgTsvu with service filtering and recursion (e.g, automatically check S3 buckets you have access). It is still incomplete, but hope you find it useful.
π https://github.com/zer1t0/awsenum
π₯ [ tweet ]
I've playing with AWS security, and found the resources/perms enumeration tools quite limited, so developed https://t.co/D0QLCgTsvu with service filtering and recursion (e.g, automatically check S3 buckets you have access). It is still incomplete, but hope you find it useful.
π https://github.com/zer1t0/awsenum
π₯ [ tweet ]
π₯1
π [ 0xdf_, 0xdf ]
Phoenix from @hackthebox_eu involved working around a really slow SQL injection. I'll do some reverse engineering of a WordPress plugin to figure out just the data I need. There's also compiled shell scripts, pam modules config, and wildcard injection.
https://t.co/oAU8XOof2I
π https://0xdf.gitlab.io/2022/06/25/htb-phoenix.html
π₯ [ tweet ]
Phoenix from @hackthebox_eu involved working around a really slow SQL injection. I'll do some reverse engineering of a WordPress plugin to figure out just the data I need. There's also compiled shell scripts, pam modules config, and wildcard injection.
https://t.co/oAU8XOof2I
π https://0xdf.gitlab.io/2022/06/25/htb-phoenix.html
π₯ [ tweet ]
π [ mariuszbit, Mariusz Banach ]
β’οΈ I'm so excited - just issued my first blog postβ’οΈ
As promised - sharing my @WarConPL slides deck on:
https://t.co/mynQW0aXsF
Power of positive feedback made me publish them during my first day of holidays (β'β‘'β)
Let me know if you like it π₯
π https://mgeeky.tech/warcon-2022-modern-initial-access-and-evasion-tactics/
π₯ [ tweet ]
β’οΈ I'm so excited - just issued my first blog postβ’οΈ
As promised - sharing my @WarConPL slides deck on:
https://t.co/mynQW0aXsF
Power of positive feedback made me publish them during my first day of holidays (β'β‘'β)
Let me know if you like it π₯
π https://mgeeky.tech/warcon-2022-modern-initial-access-and-evasion-tactics/
π₯ [ tweet ]
π1
π [ NorthwaveLabs, Northwave Labs. ]
Cobalt Strike BOF foundation for kernel exploitation using CVE-2021-21551. In its current state, as a PoC, it overwrites the beacon token with the system token (privesc).
https://t.co/JR1Vao7t9c
π https://github.com/NorthwaveSecurity/kernel-mii
π₯ [ tweet ]
Cobalt Strike BOF foundation for kernel exploitation using CVE-2021-21551. In its current state, as a PoC, it overwrites the beacon token with the system token (privesc).
https://t.co/JR1Vao7t9c
π https://github.com/NorthwaveSecurity/kernel-mii
π₯ [ tweet ]
π [ theluemmel, S4U2LuemmelSec ]
Oh holy NimikΓ€tz / custom invoke-mimikatz
If you want the l33t shit for your next engagement you should:
Read -> https://t.co/ZCP5OP1M9e
Read -> https://t.co/8ulbUEyZJY
Use -> https://t.co/WNRJrDGGIz from @danielhbohannon
Use -> private tools from @ShitSecure by sponsoring him
π https://s3cur3th1ssh1t.github.io/Bypass-AMSI-by-manual-modification-part-II/
π https://s3cur3th1ssh1t.github.io/Building-a-custom-Mimikatz-binary/
π https://github.com/danielbohannon/Invoke-Obfuscation
π₯ [ tweet ]
Oh holy NimikΓ€tz / custom invoke-mimikatz
If you want the l33t shit for your next engagement you should:
Read -> https://t.co/ZCP5OP1M9e
Read -> https://t.co/8ulbUEyZJY
Use -> https://t.co/WNRJrDGGIz from @danielhbohannon
Use -> private tools from @ShitSecure by sponsoring him
π https://s3cur3th1ssh1t.github.io/Bypass-AMSI-by-manual-modification-part-II/
π https://s3cur3th1ssh1t.github.io/Building-a-custom-Mimikatz-binary/
π https://github.com/danielbohannon/Invoke-Obfuscation
π₯ [ tweet ]
π [ mcohmi, Ohm-I (Oh My) ]
New tool drop. Introducing Dumpscan, a wrapper around volatility3 and some other stuff to make dumping certificates way easier. You can read about it here.
https://t.co/CAK4Y2QSJm
π https://daddycocoaman.dev/posts/introducing-dumpscan/
π https://github.com/daddycocoaman/dumpscan
π₯ [ tweet ]
New tool drop. Introducing Dumpscan, a wrapper around volatility3 and some other stuff to make dumping certificates way easier. You can read about it here.
https://t.co/CAK4Y2QSJm
π https://daddycocoaman.dev/posts/introducing-dumpscan/
π https://github.com/daddycocoaman/dumpscan
π₯ [ tweet ]
π [ bmcder02, Blake ]
Recently I got asked to do an overview on ETW. I tried to cover everything useful for #DFIR, including multiple ways to capture ETW, useful providers and finding existing trace sessions.
#cybersecurity
https://t.co/3IWn9w6JuQ
π http://bmcder.com/blog/a-begginers-all-inclusive-guide-to-etw
π₯ [ tweet ]
Recently I got asked to do an overview on ETW. I tried to cover everything useful for #DFIR, including multiple ways to capture ETW, useful providers and finding existing trace sessions.
#cybersecurity
https://t.co/3IWn9w6JuQ
π http://bmcder.com/blog/a-begginers-all-inclusive-guide-to-etw
π₯ [ tweet ]
π [ DirectoryRanger, DirectoryRanger ]
Detect and block Credential Dumps with Defender for Endpoint & Attack Surface Reduction #DFIR
https://t.co/8BZPvX83Ij
π https://jeffreyappel.nl/detect-and-block-credential-dumps-with-defender-for-endpoint-attack-surface-reduction/
π₯ [ tweet ]
Detect and block Credential Dumps with Defender for Endpoint & Attack Surface Reduction #DFIR
https://t.co/8BZPvX83Ij
π https://jeffreyappel.nl/detect-and-block-credential-dumps-with-defender-for-endpoint-attack-surface-reduction/
π₯ [ tweet ]
π [ DirectoryRanger, DirectoryRanger ]
Scheduled Task Tampering
https://t.co/eJvDt166kV
π https://labs.f-secure.com/blog/scheduled-task-tampering/
π₯ [ tweet ]
Scheduled Task Tampering
https://t.co/eJvDt166kV
π https://labs.f-secure.com/blog/scheduled-task-tampering/
π₯ [ tweet ]
π [ daem0nc0re, daem0nc0re ]
Added a small PoC to PrivilegedOperations project.
This PoC is to test SeShutdownPrivilege and tries to cause BSOD.
https://t.co/TYcXE9wUte
π https://github.com/daem0nc0re/PrivFu/blob/main/PrivilegedOperations/SeShutdownPrivilegePoC/SeShutdownPrivilegePoC.cs
π₯ [ tweet ]
Added a small PoC to PrivilegedOperations project.
This PoC is to test SeShutdownPrivilege and tries to cause BSOD.
https://t.co/TYcXE9wUte
π https://github.com/daem0nc0re/PrivFu/blob/main/PrivilegedOperations/SeShutdownPrivilegePoC/SeShutdownPrivilegePoC.cs
π₯ [ tweet ]
π [ ntlmrelay, Ring3API ]
πDismember tool by @liam_galvin - scan memory for secrets and more.
βοΈhttps://t.co/3anDqypiVb
#redteam #BlueTeam #threathunting #DFIR
π https://github.com/liamg/dismember
π₯ [ tweet ]
πDismember tool by @liam_galvin - scan memory for secrets and more.
βοΈhttps://t.co/3anDqypiVb
#redteam #BlueTeam #threathunting #DFIR
π https://github.com/liamg/dismember
π₯ [ tweet ]
π [ DirectoryRanger, DirectoryRanger ]
A Syscall Journey in the Windows Kernel, by @AliceCliment
https://t.co/xlGizX3pEm
π https://alice.climent-pommeret.red/posts/a-syscall-journey-in-the-windows-kernel/
π₯ [ tweet ]
A Syscall Journey in the Windows Kernel, by @AliceCliment
https://t.co/xlGizX3pEm
π https://alice.climent-pommeret.red/posts/a-syscall-journey-in-the-windows-kernel/
π₯ [ tweet ]
π [ tiraniddo, James Forshaw ]
After @clearbluejar's post of using NtObjectManager for RPC I thought I should finish a post about how a few approaches to narrow down the enumeration to individual running processes rather than having to parse all executables on disk. https://t.co/xh22G6Ek80
π https://www.tiraniddo.dev/2022/06/finding-running-rpc-server-information.html
π₯ [ tweet ]
After @clearbluejar's post of using NtObjectManager for RPC I thought I should finish a post about how a few approaches to narrow down the enumeration to individual running processes rather than having to parse all executables on disk. https://t.co/xh22G6Ek80
π https://www.tiraniddo.dev/2022/06/finding-running-rpc-server-information.html
π₯ [ tweet ]
π [ ORCA10K, ORCA ]
after hiding the payload in the thread description, i decided to search for new places for the same purpose, so im releasing a new poc, that hide your payload in nvidia's gpu memory.
https://t.co/06mPPffWIt
π https://gitlab.com/ORCA000/gp
π₯ [ tweet ]
after hiding the payload in the thread description, i decided to search for new places for the same purpose, so im releasing a new poc, that hide your payload in nvidia's gpu memory.
https://t.co/06mPPffWIt
π https://gitlab.com/ORCA000/gp
π₯ [ tweet ]
π [ n00py1, n00py ]
Do you use AADInternals Invoke-AADIntReconAsOutsider by @DrAzureAD? Surer useful when finding related domains when doing an External Penetration Test.
https://t.co/mWGz0YqhDK
π https://o365blog.com/aadinternals/#invoke-aadintreconasoutsider
π₯ [ tweet ]
Do you use AADInternals Invoke-AADIntReconAsOutsider by @DrAzureAD? Surer useful when finding related domains when doing an External Penetration Test.
https://t.co/mWGz0YqhDK
π https://o365blog.com/aadinternals/#invoke-aadintreconasoutsider
π₯ [ tweet ]
π [ S0ufi4n3, Soufiane Tahiri ]
Here is the code of my #Ransomware simulator: https://t.co/iOlPkPL0xx
I ended up replacing AES with simple XOR.
- Exfiltrating Documents (SMTP and/or FTP)
- Creating/Deleting Volume Shadow Copies
- Encrypting documents
- Dropping a ransomware note to the user's desktop
π https://github.com/soufianetahiri/RansomwareSimulator.public
π₯ [ tweet ]
Here is the code of my #Ransomware simulator: https://t.co/iOlPkPL0xx
I ended up replacing AES with simple XOR.
- Exfiltrating Documents (SMTP and/or FTP)
- Creating/Deleting Volume Shadow Copies
- Encrypting documents
- Dropping a ransomware note to the user's desktop
π https://github.com/soufianetahiri/RansomwareSimulator.public
π₯ [ tweet ]