๐ [ BlWasp_, BlackWasp ]
I've added the last *Potato exploits to my article which follows the various developments regarding these EoP techiques. Normally up-to-date with the recents JuicyPotatoNG, CertPotato and LocalPotato : https://t.co/xRR41cr3Cm
๐ https://hideandsec.sh/books/windows-sNL/page/in-the-potato-family-i-want-them-all
๐ฅ [ tweet ]
I've added the last *Potato exploits to my article which follows the various developments regarding these EoP techiques. Normally up-to-date with the recents JuicyPotatoNG, CertPotato and LocalPotato : https://t.co/xRR41cr3Cm
๐ https://hideandsec.sh/books/windows-sNL/page/in-the-potato-family-i-want-them-all
๐ฅ [ tweet ]
๐ [ ShitSecure, S3cur3Th1sSh1t ]
This inspired me to make it Powershell Add-Type compatible:
https://t.co/RBPe0kXXhj
Easy Hardware Breakpoint AMSI bypass for everyone ๐ค
๐ https://gist.github.com/susMdT/360c64c842583f8732cc1c98a60bfd9e
๐ https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell#Using-Hardware-Breakpoints
๐ฅ [ tweet ][ quote ]
This inspired me to make it Powershell Add-Type compatible:
https://t.co/RBPe0kXXhj
Easy Hardware Breakpoint AMSI bypass for everyone ๐ค
๐ https://gist.github.com/susMdT/360c64c842583f8732cc1c98a60bfd9e
๐ https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell#Using-Hardware-Breakpoints
๐ฅ [ tweet ][ quote ]
๐ [ BHinfoSecurity, Black Hills Information Security ]
BHIS | Tester's Blog
Have you ever encountered a situation where port forwarding limited your pivot attempts? How did you manage to overcome this limitation?
Forwarding Traffic Through SSH
by: @nand0ps
Published: 2/23/2023
Learn more: https://t.co/mvjIz6kR5y
๐ https://www.blackhillsinfosec.com/forwarding-traffic-through-ssh/
๐ฅ [ tweet ]
BHIS | Tester's Blog
Have you ever encountered a situation where port forwarding limited your pivot attempts? How did you manage to overcome this limitation?
Forwarding Traffic Through SSH
by: @nand0ps
Published: 2/23/2023
Learn more: https://t.co/mvjIz6kR5y
๐ https://www.blackhillsinfosec.com/forwarding-traffic-through-ssh/
๐ฅ [ tweet ]
๐ [ Tract0r_, Tract0r ]
I've written a new blog post about Sacrificial Sessions.
If you would like to know more about how to not mess up with Kerberos tickets on your next engagement, check it out.
https://t.co/au3au48ljh
๐ https://unshade.tech/sacrificial-session
๐ฅ [ tweet ]
I've written a new blog post about Sacrificial Sessions.
If you would like to know more about how to not mess up with Kerberos tickets on your next engagement, check it out.
https://t.co/au3au48ljh
๐ https://unshade.tech/sacrificial-session
๐ฅ [ tweet ]
๐ [ VakninHai, Hai vaknin ]
me and @cybergentix just published Lateral movement using Internet Explorer DCOM object and StdRegProv
#redteam
#Security
https://t.co/pm5AAHUX9N
๐ https://link.medium.com/1vF0htMuExb
๐ฅ [ tweet ]
me and @cybergentix just published Lateral movement using Internet Explorer DCOM object and StdRegProv
#redteam
#Security
https://t.co/pm5AAHUX9N
๐ https://link.medium.com/1vF0htMuExb
๐ฅ [ tweet ]
๐ [ 0xdf_, 0xdf ]
Awkward is all about web exploitation, with auth bypass, jwt forging into awk injection, and command injection. In Beyond Root, I'll show two unintended paths (one patched, one not) that are fun learning opportunities as well.
https://t.co/rEqywcTkoV
๐ https://0xdf.gitlab.io/2023/02/25/htb-awkward.html
๐ฅ [ tweet ]
Awkward is all about web exploitation, with auth bypass, jwt forging into awk injection, and command injection. In Beyond Root, I'll show two unintended paths (one patched, one not) that are fun learning opportunities as well.
https://t.co/rEqywcTkoV
๐ https://0xdf.gitlab.io/2023/02/25/htb-awkward.html
๐ฅ [ tweet ]
๐ [ secu_x11, Secu ]
The Kraken has been released! A modular multi-language webshell (PHP, JSP, ASPX) focused on web post-exploitation and defense evasion.
https://t.co/AcN0hNdPre
๐ https://github.com/kraken-ng/Kraken
๐ฅ [ tweet ]
The Kraken has been released! A modular multi-language webshell (PHP, JSP, ASPX) focused on web post-exploitation and defense evasion.
https://t.co/AcN0hNdPre
๐ https://github.com/kraken-ng/Kraken
๐ฅ [ tweet ]
๐ฅ2
๐ [ David3141593, David Buchanan ]
python memfd_create() oneliner:
This prints the path of a memfd, which you can use to do whatever you want (like fileless ELF execution!)
๐ฅ [ tweet ]
python memfd_create() oneliner:
python3 -c "import os;os.fork()or(os.setsid(),print(f'/proc/{os.getpid()}/fd/{os.memfd_create(str())}'),os.kill(os.getpid(),19))"This prints the path of a memfd, which you can use to do whatever you want (like fileless ELF execution!)
๐ฅ [ tweet ]
๐คฏ2
Offensive Xwitter
๐ [ Tyl0us, Matt Eidelberg ] I've had so much fun learning rust. This is an excellent example of the power of rust, no EDR unhooking, patching of ETW, syscalls, or LITCRYPT and it calls home against EDRs. More to come soon #redteam ๐ฅ [ tweet ] ะดะฐะฒะฝะพ ะฟะพัะฐโฆ
ะงะต, ะฟะฐัะฐะฝั, ะฐะฝะธะผะต?
ะะพะบะฐ ะตัะต ะฑะตัะฟะปะฐัะฝัะน ะบััั ะฟะพ ัะฐััั ะพั ะ ะฐััั, ัะตะบะพะผะตะฝะดัั โฌ๏ธ
๐ https://training.zeropointsecurity.co.uk/courses/take/rust-for-n00bs
UPD. ะ ะฒ ะดะพะณะพะฝะบั ะตัะต ะฟะปะตะนะปะธัั ะพั 0xdf ะฟะพ AOC2015 ะฝะฐ ัะฐััะต โฌ๏ธ
๐ https://www.youtube.com/playlist?list=PLJt6nPUdQbiSLYLKKRfydWeMOBwOjzM2y
#rust #courses
ะะพะบะฐ ะตัะต ะฑะตัะฟะปะฐัะฝัะน ะบััั ะฟะพ ัะฐััั ะพั ะ ะฐััั, ัะตะบะพะผะตะฝะดัั โฌ๏ธ
๐ https://training.zeropointsecurity.co.uk/courses/take/rust-for-n00bs
UPD. ะ ะฒ ะดะพะณะพะฝะบั ะตัะต ะฟะปะตะนะปะธัั ะพั 0xdf ะฟะพ AOC2015 ะฝะฐ ัะฐััะต โฌ๏ธ
๐ https://www.youtube.com/playlist?list=PLJt6nPUdQbiSLYLKKRfydWeMOBwOjzM2y
#rust #courses
๐ฅ1๐คฏ1
Offensive Xwitter
๐ [ 0gtweet, Grzegorz Tworek ] Need an almost invisible, post-exploitation, persistent, fileless, LPE backdoor? There are many, but this one looks really beautiful for me: type "sc.exe sdset scmanager D:(A;;KA;;;WD)" from an elevated command prompt. ๐ฅ [โฆ
๐น [ snovvcrash, sn๐ฅถvvcr๐ฅsh ]
Now something more useful (I guess) โฌ๏ธ
https://t.co/IRqg93jbA3
Once again, inspired by another recent example from @0gtweet (#persistence by backdooring SCManager SDDL) ๐๐ป
๐ https://github.com/snovvcrash/BOFs/blob/main/BackdoorSCManager/entry.c
๐ฅ [ tweet ][ quote ]
Now something more useful (I guess) โฌ๏ธ
https://t.co/IRqg93jbA3
Once again, inspired by another recent example from @0gtweet (#persistence by backdooring SCManager SDDL) ๐๐ป
๐ https://github.com/snovvcrash/BOFs/blob/main/BackdoorSCManager/entry.c
๐ฅ [ tweet ][ quote ]
๐ฅ4
APT
๐ฅ NimPlant ะก2 This is a new light-weight, first-stage C2 implant written in Nim, with a supporting Python server and Next.JS web GUI. https://github.com/chvancooten/NimPlant #c2 #nim #python #redteam
๐ [ thehackerish, thehackerish ]
Nimplant can be customized. But be CAREFUL, @chvancooten has a good sense of humor that will get you flagged๐
Here is a full tutorial
https://t.co/Np8GJK5ugT
๐ https://www.youtube.com/watch?v=c2_g8--GvA0&ab_channel=thehackerish
๐ฅ [ tweet ]
Nimplant can be customized. But be CAREFUL, @chvancooten has a good sense of humor that will get you flagged๐
Here is a full tutorial
https://t.co/Np8GJK5ugT
๐ https://www.youtube.com/watch?v=c2_g8--GvA0&ab_channel=thehackerish
๐ฅ [ tweet ]
๐ฅ1
๐ [ hetmehtaa, Het Mehta ]
Firefox Add-ons For Penetration Testers ๐ฆ
#Infosec #Firefox #Bugbounty #TheSecureEdge
๐ฅ [ tweet ]
Firefox Add-ons For Penetration Testers ๐ฆ
#Infosec #Firefox #Bugbounty #TheSecureEdge
๐ฅ [ tweet ]
๐ฅ1
Offensive Xwitter
๐ [ David3141593, David Buchanan ] python memfd_create() oneliner: python3 -c "import os;os.fork()or(os.setsid(),print(f'/proc/{os.getpid()}/fd/{os.memfd_create(str())}'),os.kill(os.getpid(),19))" This prints the path of a memfd, which you can use to doโฆ
๐ [ CraigHRowland, Craig Rowland - Agentless Linux Security ]
Nice variant of memfd_create fileless attack on Linux.
Here are some things to try to find this on a box:
Nice variant of memfd_create fileless attack on Linux.
Here are some things to try to find this on a box:
ls -alR /proc/*/fd 2> /dev/null | grep "memfd: (deleted)"
grep "memfd_create" /proc/*/cmdline
strings /proc/PID/cmdline
๐ฅ [ tweet ][ quote ]๐ [ ZeroMemoryEx, V2 ]
New AMSI lifetime bypass, it works by searching for the first byte of each instruction to prevent updates from affecting it, Check it out.
#amsi #redteam #cybersecurity
https://t.co/J6lBOXWFyx
๐ https://github.com/ZeroMemoryEx/Amsi-Killer
๐ฅ [ tweet ]
New AMSI lifetime bypass, it works by searching for the first byte of each instruction to prevent updates from affecting it, Check it out.
#amsi #redteam #cybersecurity
https://t.co/J6lBOXWFyx
๐ https://github.com/ZeroMemoryEx/Amsi-Killer
๐ฅ [ tweet ]
Offensive Xwitter
๐ [ 0gtweet, Grzegorz Tworek ] Need an almost invisible, post-exploitation, persistent, fileless, LPE backdoor? There are many, but this one looks really beautiful for me: type "sc.exe sdset scmanager D:(A;;KA;;;WD)" from an elevated command prompt. ๐ฅ [โฆ
๐ [ 0gtweet, Grzegorz Tworek ]
Great writeup by @0xv1n explaining how it works, and how to use it. https://t.co/B1bhaisd3m
๐ https://0xv1n.github.io/posts/scmanager/
๐ฅ [ tweet ][ quote ]
Great writeup by @0xv1n explaining how it works, and how to use it. https://t.co/B1bhaisd3m
๐ https://0xv1n.github.io/posts/scmanager/
๐ฅ [ tweet ][ quote ]
๐ [ 0xdeaddood, leandro ]
๐ New blog post! Let's talk about NTLM authentication coercion methods using Impacket.
Somedays ago, we updated mssqlclient[.]py with many new commands. Among them, the xp_dirtree option was added. MSSQL and xp_dirtree, you know the rest ๐.
https://t.co/hbfSi3YTRC
๐ https://0xdeaddood.rocks/2023/02/28/relaying-everything-coercing-authentications-episode-1-mssql/
๐ฅ [ tweet ]
๐ New blog post! Let's talk about NTLM authentication coercion methods using Impacket.
Somedays ago, we updated mssqlclient[.]py with many new commands. Among them, the xp_dirtree option was added. MSSQL and xp_dirtree, you know the rest ๐.
https://t.co/hbfSi3YTRC
๐ https://0xdeaddood.rocks/2023/02/28/relaying-everything-coercing-authentications-episode-1-mssql/
๐ฅ [ tweet ]
๐ [ pdiscoveryio, ProjectDiscovery.io ]
An in-depth guide to subfinder: Beginner to advanced ๐
What's all this about?
โ Installation
โ Navigating subfinder
โ Output options
โ Advanced options
Let us know in the comments if we missed anything ๐
https://t.co/ZKZd33KRfH
๐ https://blog.projectdiscovery.io/do-you-really-know-subfinder-an-in-depth-guide-to-all-features-of-subfinder-beginner-to-advanced/
๐ฅ [ tweet ]
An in-depth guide to subfinder: Beginner to advanced ๐
What's all this about?
โ Installation
โ Navigating subfinder
โ Output options
โ Advanced options
Let us know in the comments if we missed anything ๐
https://t.co/ZKZd33KRfH
๐ https://blog.projectdiscovery.io/do-you-really-know-subfinder-an-in-depth-guide-to-all-features-of-subfinder-beginner-to-advanced/
๐ฅ [ tweet ]
๐ [ CrowdStrike, CrowdStrike ]
๐จ The 2023 Global Threat Report is now live.
Discover the latest activities of the worldโs most dangerous adversaries and CrowdStrikeโs recommendations for protecting your business against modern attacks.
Access the report: https://t.co/Wa7tkn56NZ
๐ https://crwdstr.ke/60123vKer
๐ฅ [ tweet ]
๐จ The 2023 Global Threat Report is now live.
Discover the latest activities of the worldโs most dangerous adversaries and CrowdStrikeโs recommendations for protecting your business against modern attacks.
Access the report: https://t.co/Wa7tkn56NZ
๐ https://crwdstr.ke/60123vKer
๐ฅ [ tweet ]
Offensive Xwitter
๐ [ CrowdStrike, CrowdStrike ] ๐จ The 2023 Global Threat Report is now live. Discover the latest activities of the worldโs most dangerous adversaries and CrowdStrikeโs recommendations for protecting your business against modern attacks. Access the report:โฆ
CrowdStrike Global Threat Report 2023.pdf
11.8 MB
๐ฅ2
๐ [ ShitSecure, S3cur3Th1sSh1t ]
Just added an Offensive Hooking example to the OffensiveNim repo:
https://t.co/5i294uVf1b
๐ https://github.com/byt3bl33d3r/OffensiveNim/pull/57
๐ฅ [ tweet ]
Just added an Offensive Hooking example to the OffensiveNim repo:
https://t.co/5i294uVf1b
๐ https://github.com/byt3bl33d3r/OffensiveNim/pull/57
๐ฅ [ tweet ]