π [ _ZakSec, Zak ]
If you're interested by an alternative way to dump domain users' NT hashes and TGT without touching LSASS, take a look at the new Masky tool :)
Everything is explained in this article: https://t.co/jbcgupxvGi
Thanks @harmj0y, @tifkin_ and @ly4k_ for their amazing work on ADCS!
π https://z4ksec.github.io/posts/masky-release-v0.0.3/
π₯ [ tweet ]
If you're interested by an alternative way to dump domain users' NT hashes and TGT without touching LSASS, take a look at the new Masky tool :)
Everything is explained in this article: https://t.co/jbcgupxvGi
Thanks @harmj0y, @tifkin_ and @ly4k_ for their amazing work on ADCS!
π https://z4ksec.github.io/posts/masky-release-v0.0.3/
π₯ [ tweet ]
π [ albertzsigovits, Albert Zsigovits ]
"Don't write malware in Nim please."
17dcfd678baabb152dad73f8d2af3a6fe3504d98667f92795897c164a5983a39
C:\Users\abc\Desktop\NimShellCodeLoader_Winx64\NimShellCodeLoader\bin\OEP_Hiijack_Inject_Load.exe
@malwrhunterteam @vxunderground @HuskyHacksMK @Hexacorn @0verfl0w_
π₯ [ tweet ]
"Don't write malware in Nim please."
17dcfd678baabb152dad73f8d2af3a6fe3504d98667f92795897c164a5983a39
C:\Users\abc\Desktop\NimShellCodeLoader_Winx64\NimShellCodeLoader\bin\OEP_Hiijack_Inject_Load.exe
@malwrhunterteam @vxunderground @HuskyHacksMK @Hexacorn @0verfl0w_
π₯ [ tweet ]
π [ s4ntiago_p, S4ntiagoP ]
Just finished implementing the new Shtinkering technique on nanodump, credits to @asaf_gilboa!
https://t.co/yEutAPBnS8
π https://github.com/helpsystems/nanodump/pull/25
π₯ [ tweet ]
Just finished implementing the new Shtinkering technique on nanodump, credits to @asaf_gilboa!
https://t.co/yEutAPBnS8
π https://github.com/helpsystems/nanodump/pull/25
π₯ [ tweet ]
π [ bohops, bohops ]
[Blog] Investigating .NET CLR Usage Log Tampering Techniques For EDR Evasion (Part 2)
https://t.co/02HD37quHe
I finally had the time to finish this post! Included are two 'new' Usage Log tampering techniques and additional defensive recommendations.
π https://bohops.com/2022/08/22/investigating-net-clr-usage-log-tampering-techniques-for-edr-evasion-part-2/
π₯ [ tweet ]
[Blog] Investigating .NET CLR Usage Log Tampering Techniques For EDR Evasion (Part 2)
https://t.co/02HD37quHe
I finally had the time to finish this post! Included are two 'new' Usage Log tampering techniques and additional defensive recommendations.
π https://bohops.com/2022/08/22/investigating-net-clr-usage-log-tampering-techniques-for-edr-evasion-part-2/
π₯ [ tweet ]
π [ ORCx41, ORCA ]
released a poc on etw session hijacking, blocking network events monitoring on procmon
https://t.co/E2BPjdVIBj
π https://github.com/ORCx41/EtwSessionHijacking
π₯ [ tweet ]
released a poc on etw session hijacking, blocking network events monitoring on procmon
https://t.co/E2BPjdVIBj
π https://github.com/ORCx41/EtwSessionHijacking
π₯ [ tweet ]
π [ m3g9tr0n, Spiros Fraganastasis ]
Creating Shellcode from any Code Using Visual Studio and C++
https://t.co/p10vUufQEH
π https://www.codeproject.com/Articles/5304605/Creating-Shellcode-from-any-Code-Using-Visual-Stud
π₯ [ tweet ]
Creating Shellcode from any Code Using Visual Studio and C++
https://t.co/p10vUufQEH
π https://www.codeproject.com/Articles/5304605/Creating-Shellcode-from-any-Code-Using-Visual-Stud
π₯ [ tweet ]
πΉ [ snovvcrash, snπ₯Άvvcrπ₯sh ]
I donβt think itβs suitable for the upstream (just too lazy to clean up the code for a proper PR) but hereβs a dirty PoC of semi-execute-assembly with #CrackMapExec. Enjoy π
https://t.co/1nfUudCpZI
π https://github.com/snovvcrash/CrackMapExec/tree/dotnetassembly
π₯ [ tweet ][ quote ]
I donβt think itβs suitable for the upstream (just too lazy to clean up the code for a proper PR) but hereβs a dirty PoC of semi-execute-assembly with #CrackMapExec. Enjoy π
https://t.co/1nfUudCpZI
π https://github.com/snovvcrash/CrackMapExec/tree/dotnetassembly
π₯ [ tweet ][ quote ]
π [ mansk1es, MANSK1ES ]
An article of mine called "Attacking on Behalf on Defense" which talks about abusing EDRs/XDRs to dump lsass (and much beyond), plus a bonus collab with @dec0ne.
https://t.co/9JxS9tjXxH
π https://mansk1es.gitbook.io/edr-binary-abuse/
π₯ [ tweet ]
An article of mine called "Attacking on Behalf on Defense" which talks about abusing EDRs/XDRs to dump lsass (and much beyond), plus a bonus collab with @dec0ne.
https://t.co/9JxS9tjXxH
π https://mansk1es.gitbook.io/edr-binary-abuse/
π₯ [ tweet ]
π [ MsftSecIntel, Microsoft Security Intelligence ]
Microsoft has observed various threat actors adopting and integrating the Sliver C2 framework in intrusion campaigns withβor as a replacement forβCobalt Strike. Get technical info and hunting queries from this blog by Microsoft Security Experts: https://t.co/FBXYRsif0K
π https://msft.it/6010jdC1q
π₯ [ tweet ]
Microsoft has observed various threat actors adopting and integrating the Sliver C2 framework in intrusion campaigns withβor as a replacement forβCobalt Strike. Get technical info and hunting queries from this blog by Microsoft Security Experts: https://t.co/FBXYRsif0K
π https://msft.it/6010jdC1q
π₯ [ tweet ]
Π»ΠΎΠ»π₯1
π [ m8sec, Mike Brown ]
Just released a new blog post on "Exploiting PrintNightmare (CVE-2021-34527)" - which includes my version of the exploit that uses a built-in SMB server for payload delivery (no more open file shares!)
https://t.co/61dPOeD6ok
https://t.co/a9KXbbghe3
π https://github.com/m8sec/CVE-2021-34527
π https://infosecwriteups.com/exploiting-printnightmare-cve-2021-34527-10c6e0f5b83f?source=social.tw
π₯ [ tweet ]
Just released a new blog post on "Exploiting PrintNightmare (CVE-2021-34527)" - which includes my version of the exploit that uses a built-in SMB server for payload delivery (no more open file shares!)
https://t.co/61dPOeD6ok
https://t.co/a9KXbbghe3
π https://github.com/m8sec/CVE-2021-34527
π https://infosecwriteups.com/exploiting-printnightmare-cve-2021-34527-10c6e0f5b83f?source=social.tw
π₯ [ tweet ]
π [ PenTestPartners, Pen Test Partners ]
Last week our @_EthicalChaos_ promised something tasty: "Want to authenticate to RDP/Citrix using your abused ADCS certificate and live off the land? PIVert has got your back. Will be releasing soon!"
Well, here it is - Living off the land, AD CS style
https://t.co/SO1QK6fQ7y
π https://www.pentestpartners.com/security-blog/living-off-the-land-ad-cs-style/
π₯ [ tweet ]
Last week our @_EthicalChaos_ promised something tasty: "Want to authenticate to RDP/Citrix using your abused ADCS certificate and live off the land? PIVert has got your back. Will be releasing soon!"
Well, here it is - Living off the land, AD CS style
https://t.co/SO1QK6fQ7y
π https://www.pentestpartners.com/security-blog/living-off-the-land-ad-cs-style/
π₯ [ tweet ]
π [ _mohemiv, Arseniy Sharoglazov ]
π₯ I've created a new Twitter account: @OffensiveTg
This account will try to share useful posts from Telegram or other non-Twitter sources.
π May be run by the community later, and/or automation might be added.
π https://twitter.com/offensivetg
π₯ [ tweet ]
π₯ I've created a new Twitter account: @OffensiveTg
This account will try to share useful posts from Telegram or other non-Twitter sources.
π May be run by the community later, and/or automation might be added.
π https://twitter.com/offensivetg
π₯ [ tweet ]
ΠΎΠΏΠ°ΡΠ½ΠΎΡΡΡ ΡΠ΅ΠΊΡΡΡΠΈΠΈ!π1
π [ akaclandestine, Clandestine ]
GitHub - khast3x/Redcloud: Automated Red Team Infrastructure deployement using Docker https://t.co/FPivhR11Fo
π https://github.com/khast3x/Redcloud
π₯ [ tweet ]
GitHub - khast3x/Redcloud: Automated Red Team Infrastructure deployement using Docker https://t.co/FPivhR11Fo
π https://github.com/khast3x/Redcloud
π₯ [ tweet ]
π [ _Kudaes_, Kurosh Dabbagh ]
Elevator (UAC bypass) is finally released: https://t.co/nuVm6aAFus. One of the most curious UAC bypasses that I've ever seen, and also it works like a charm. Give it a try and send me your feedback!
π https://github.com/Kudaes/Elevator
π₯ [ tweet ]
Elevator (UAC bypass) is finally released: https://t.co/nuVm6aAFus. One of the most curious UAC bypasses that I've ever seen, and also it works like a charm. Give it a try and send me your feedback!
π https://github.com/Kudaes/Elevator
π₯ [ tweet ]
π [ m3g9tr0n, Spiros Fraganastasis ]
Harvesting Active Directory Credentials via HTTP Request Smuggling https://t.co/SYQVpKJ5WO
π https://northwave-security.com/harvesting-active-directory-credentials-via-http-request-smuggling/
π₯ [ tweet ]
Harvesting Active Directory Credentials via HTTP Request Smuggling https://t.co/SYQVpKJ5WO
π https://northwave-security.com/harvesting-active-directory-credentials-via-http-request-smuggling/
π₯ [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
π [ zux0x3a, Lawrence εε«ζ― ]
the beta version of https://t.co/X6JcXARx0u is live; what inside
β online wiki in terminal style made for red teamers
β can search for a specific topic (.e.g search "pass the hash")
β you can look up specific modules for specific command line (e.g lookup mimikatz "golden")
π http://terminal.ired.dev
π₯ [ tweet ]
the beta version of https://t.co/X6JcXARx0u is live; what inside
β online wiki in terminal style made for red teamers
β can search for a specific topic (.e.g search "pass the hash")
β you can look up specific modules for specific command line (e.g lookup mimikatz "golden")
π http://terminal.ired.dev
π₯ [ tweet ]
π [ embee_research, Matthew ]
In depth analysis of a 6-stage #asyncrat #malware loader using #cyberchef + #dnspyπ
Persistent .lnk -> .py script -> 2nd .py script -> .NET DLL (reflection) -> .NET DLL (injected into msbuild.exe) -> .NET dll (custom obfuscation) -> .NET .exe (asyncrat)
https://t.co/e2Y5jHOOYy
π https://www.huntress.com/blog/snakes-on-a-domain-an-analysis-of-a-python-malware-loader
π₯ [ tweet ]
In depth analysis of a 6-stage #asyncrat #malware loader using #cyberchef + #dnspyπ
Persistent .lnk -> .py script -> 2nd .py script -> .NET DLL (reflection) -> .NET DLL (injected into msbuild.exe) -> .NET dll (custom obfuscation) -> .NET .exe (asyncrat)
https://t.co/e2Y5jHOOYy
π https://www.huntress.com/blog/snakes-on-a-domain-an-analysis-of-a-python-malware-loader
π₯ [ tweet ]