Offensive Xwitter
@OffensiveTwitter
19.4K subscribers
908 photos
48 videos
21 files
2.09K links
~$ socat TWITTER-LISTEN:443,fork,reuseaddr TELEGRAM:1.3.3.7:31337

Disclaimer: https://xn--r1a.website/OffensiveTwitter/546
Download Telegram
About
Blog
Apps
Platform
Join
Offensive Xwitter
19.4K subscribers
Offensive Xwitter
Иногда бывает, что веб-версия 1С не принимает креды в basic-аутх, вследствие чего нельзя в автоматическом режиме (как, например, в 1C-Web-bruter) пробежать всех пользователей на предмет возможности логина с пустым паролем.

Вместо этого на стороне клиента генерится бинарный блоб cred, который JSON-ом шлется на сервер.

Копаться во всяких mod_main_loader.js на 140к+ JS-кода, чтобы понять, как он формируется, я ротебал, поэтому вот вам простой чекер на селениуме ⬇️

🔗 https://gist.github.com/snovvcrash/632ac474abf90216aecf01c212251cca
🔥9
938 viewsedited  
Offensive Xwitter
😈 [ s4ntiago_p, S4ntiagoP ]

I just published my implementation of call stack spoofing using hardware breakpoints 😁
Works for syscalls and APIs, supports x64, x86 and WoW64.
https://t.co/SwEl9cu1nh

🔗 https://www.coresecurity.com/blog/hardware-call-stack

🐥 [ tweet ]
🔥1
788 views
Offensive Xwitter
Offensive Xwitter
😈 [ pdiscoveryio, ProjectDiscovery.io ] Installing all of our open source tools couldn't be easier than with 'pdtm' 🧰 1️⃣ Install pdtm here 👉 https://t.co/p52D5Af83i 2️⃣ Run pdtm 3️⃣ Sit back and watch all of our tools install. 4️⃣ Don't get comfy because…
Мамкиного автоматизатора пост

Теперь можно ставить все тулзы от ProjectDiscovery одним щелчком легко и элегантно!

Я делаю это примерно так в WeaponizeKali.sh ⬇️

mkdir pd && cd pd
eget -qs linux/amd64 "projectdiscovery/pdtm" --to pdtm
./pdtm -ia -ip -bp `pwd`
./nuclei
curl -sSL "https://github.com/DingyShark/nuclei-scan-sort/raw/main/nuclei_sort.py" -o nuclei_sort.py
sed -i '1 i #!/usr/bin/env python3' nuclei_sort.py
chmod +x nuclei_sort.py

Если вдруг кто-то еще не пользует eget, советую срочно начать – эта шутка позволяет забрать нужную версию релиза с GH без необходимости копипастить прямые ссылки на загрузку, самостоятельно распаковывать архивы, навешивать +x, и т. д.

Поставить его можно так ⬇️

curl "https://zyedidia.github.io/eget.sh" | sh
🔥9
863 viewsedited  
Offensive Xwitter
😈 [ an0n_r0, an0n ]

Meterpreter + Metasploit is absolutely awesome. And anyway, it is not even certain that Defender will catch it: add the stageless payload using basic encoding into a template exe (thread exec), disable autoload of stdapi (you can load it later after callback), and that's all. 💥

🐥 [ tweet ][ quote ]
1K views
Offensive Xwitter
Знаю, что даже есть люди, которые пользуются моей поделкой DivideAndScan для организации сканирования портов, поэтому запилю инфу по небольшому апдейту.

Наконец дошли руки завезти флаг -dns для отображения хостнеймов рядом с соответствующими IP-адресами в информационном выводе. Теперь, если предварительно скормить инструменту список исследуемых доменов, БД будет обновлена полями domains, которые можно будет запросить при опросе поверхности сканирования.
🔥10
777 views
Offensive Xwitter
😈 [ boymoderRE, Boymoder RE ]

My analysis of Brute Ratel is now up on my blog.
https://t.co/qxziV96JpO

🔗 https://protectedmo.de/brute.html

🐥 [ tweet ]
🔥1
757 views
Offensive Xwitter
😈 [ albinowax, James Kettle ]

Love this auth bypass via JSON Injection found by
@GHSecurityLab, it's such an underrated attack class. Backslash Powered Scanner can detect JSON Injection but it takes dedication to build a real exploit black-box.
https://t.co/52Folk1Cbe

🔗 https://github.blog/2023-03-03-github-security-lab-audited-datahub-heres-what-they-found/#json-injection-ghsl-2022-080

🐥 [ tweet ]
779 views
Offensive Xwitter
😈 [ aetsu, 𝕬𝖊𝖙𝖘𝖚 ]

Donut v1.0 "Cruller" - ETW Bypasses, Module Overloading, and Much More https://t.co/wlF0jCZnF0

🔗 https://thewover.github.io/Cruller/

🐥 [ tweet ]
🔥1
970 views
Offensive Xwitter
CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks

🔗 https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-059a
772 views
Offensive Xwitter
😈 [ gregdarwin, Greg Darwin ]

Cobalt Strike 4.8 is now live. This release includes support for direct and indirect system calls, payload guardrails, a token store and more. Check out the blog post for details: https://t.co/7ZVfVMVSaD

🔗 https://www.cobaltstrike.com/blog/cobalt-strike-4-8-system-call-me-maybe/

🐥 [ tweet ]
788 views
Offensive Xwitter
😈 [ k1nd0ne, k1nd0ne ]

I am happy to release a new malware analysis tool.
VISION-Process.

A fast and cross platform Procmon visualization application written in Rust & TS.

https://t.co/M3GBy3Udb7

An demo with QBOT :
https://t.co/MruSaVYG2H

Happy Hunting !
@pr0xylife #DFIR

🔗 https://github.com/forensicxlab/VISION-ProcMon
🔗 https://www.forensicxlab.com/posts/vision-procmon/

🐥 [ tweet ]
1.01K views
Offensive Xwitter
Offensive Xwitter
😈 [ k1nd0ne, k1nd0ne ] I am happy to release a new malware analysis tool. VISION-Process. A fast and cross platform Procmon visualization application written in Rust & TS. https://t.co/M3GBy3Udb7 An demo with QBOT : https://t.co/MruSaVYG2H Happy Hunting…
🔥1
920 views
Offensive Xwitter
Forwarded from 1N73LL1G3NC3
This media is not supported in your browser
VIEW IN TELEGRAM
LPE exploit for CVE-2023-21768
(Windows Ancillary Function Driver for WinSock Elevation of Privilege)

Complete exploit works on vulnerable Windows 11 22H2 systems. Write primitive works on all vulnerable systems.
590 views
Offensive Xwitter
😈 [ an0n_r0, an0n ]

GadgetToJScript JS payload (last commit in 2021) bypassing Windows Defender AMSI with this super minimal common dumb JS obfuscation in 2023.

Anyhow, long live GadgetToJScript by @med0x2e!

https://t.co/N7YhFf14ex

🔗 https://github.com/med0x2e/GadgetToJScript

🐥 [ tweet ]
1.04K views
Offensive Xwitter
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ 0gtweet, Grzegorz Tworek ]

Windows 10 offline admin creation? 😈
Why not?!
Everything happens through built-in offlinelsa and offlinesam DLLs. Official, but not very documented.
Enjoy the source code and the compiled exe, as usual: https://t.co/BNp9kaLnkr

🔗 https://github.com/gtworek/PSBits/tree/master/OfflineSAM/OfflineAddAdmin2

🐥 [ tweet ]
1.08K views
Offensive Xwitter
😈 [ 0xdf_, 0xdf ]

A lnk file that downloads JavaScript from @abuse_ch. This one uses lolbins like certutil for base64 decode, bitsadmin for download, and colorcpl for file copy. Also lots of JavaScript charcode obfuscation.

https://t.co/QP2dbBwiYG

🔗 https://www.youtube.com/watch?v=i-jeW6Ah8qI

🐥 [ tweet ]
928 views
Offensive Xwitter
👹 [ snovvcrash, sn🥶vvcr💥sh ]

Current mood: trying to find a vulnerability description in my old pentest reports… SauronEye rocks @_vivami

🐥 [ tweet ]
😁3
956 views