😈 [ ShitSecure, S3cur3Th1sSh1t ]
Proof of Concept for userland hook evasion - Ruy Lopez is released. The talk at @x33fcon was awesome :-)
https://t.co/3ETaYY7nKp
🔗 https://github.com/S3cur3Th1sSh1t/Ruy-Lopez
🐥 [ tweet ]
Proof of Concept for userland hook evasion - Ruy Lopez is released. The talk at @x33fcon was awesome :-)
https://t.co/3ETaYY7nKp
🔗 https://github.com/S3cur3Th1sSh1t/Ruy-Lopez
🐥 [ tweet ]
🔥3🥱1
😈 [ JusticeRage, Ivan Kwiatkowski ]
Kaspersky released a new blogpost today, documenting an iOS 0day + zero-click exploit used to target cybersecurity researchers. The scope and full victimology are still unknown.
https://t.co/yXC1aDwLCv
🔗 (en) https://securelist.com/operation-triangulation/109842/
🔗 (ru) https://securelist.ru/operation-triangulation/107470/
🔗 https://github.com/KasperskyLab/triangle_check
🐥 [ tweet ]
Kaspersky released a new blogpost today, documenting an iOS 0day + zero-click exploit used to target cybersecurity researchers. The scope and full victimology are still unknown.
https://t.co/yXC1aDwLCv
🔗 (en) https://securelist.com/operation-triangulation/109842/
🔗 (ru) https://securelist.ru/operation-triangulation/107470/
🔗 https://github.com/KasperskyLab/triangle_check
🐥 [ tweet ]
🤔4
😈 [ jaredcatkinson, Jared Atkinson ]
I've finally added the next article in my On Detection series. I discussed Tool Graphs which are new way that we've created to represent a malware sample's functionality. The post demonstrates some of the use cases and explains how the graph is formed.
https://t.co/MLBT1Vkj2A
🔗 https://posts.specterops.io/on-detection-from-tactical-to-functional-1349e51e1a03
🐥 [ tweet ]
I've finally added the next article in my On Detection series. I discussed Tool Graphs which are new way that we've created to represent a malware sample's functionality. The post demonstrates some of the use cases and explains how the graph is formed.
https://t.co/MLBT1Vkj2A
🔗 https://posts.specterops.io/on-detection-from-tactical-to-functional-1349e51e1a03
🐥 [ tweet ]
🤯1
😈 [ icyguider, icyguider ]
I made a tool that will generate an obfuscated DLL to bypass AMSI & ETW without getting blocked by AV. Patch and patchless (hwbp) options available. Could be useful for pentests. Was also good to practice my C. 😬 Enjoy! https://t.co/76L1sZuaPz
🔗 https://github.com/icyguider/LightsOut
🐥 [ tweet ]
I made a tool that will generate an obfuscated DLL to bypass AMSI & ETW without getting blocked by AV. Patch and patchless (hwbp) options available. Could be useful for pentests. Was also good to practice my C. 😬 Enjoy! https://t.co/76L1sZuaPz
🔗 https://github.com/icyguider/LightsOut
🐥 [ tweet ]
🔥4🤔1😢1
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ pfiatde, pfiatde ]
Did you know explorer.exe can directly use WebDAV.
Building an attack chain involving a .zip TLD, Windows Explorer, WebDAV and a jar file.
https://t.co/MnZtTD2ZMd
🔗 https://badoption.eu/blog/2023/06/01/zipjar.html
🐥 [ tweet ]
Did you know explorer.exe can directly use WebDAV.
Building an attack chain involving a .zip TLD, Windows Explorer, WebDAV and a jar file.
https://t.co/MnZtTD2ZMd
🔗 https://badoption.eu/blog/2023/06/01/zipjar.html
🐥 [ tweet ]
🔥7
Когда-то давно я прошел машину Fuse на HackTheBox и решил переписать базовую логику smbpasswd на Python, используя Impacket, а потом создал PR с предложением нового скрипта для examples. На удивление эта идея зашла сообществу, т. к. оказывается, многие страдали от нехватки способов удаленной смены протухших паролей в AD, оперируя с Linux.
Приятно видеть, что твой крошечный вклад в сообщество нашел свою нишу и продолжает развиваться уже без твоей помощи: недавно для
🔗 https://github.com/fortra/impacket/pull/1559
Приятно видеть, что твой крошечный вклад в сообщество нашел свою нишу и продолжает развиваться уже без твоей помощи: недавно для
smbpasswd.py завезли поддержку новых транспортов и методов аутентификации, объединив таким образом несколько других пулл-реквестов в один скрипт changepasswd.py, который теперь реализует 4 из 6 известных протоколов смены пароля в Windows. Грац!🔗 https://github.com/fortra/impacket/pull/1559
🔥18
😈 [ dec0ne, Mor Davidovich ]
Introducing DavRelayUp - A port of #KrbRelayUp with modifications to allow for NTLM relay from WebDAV to LDAP and abuse #RBCD in order achieve #LPE in domain-joined windows workstations where LDAP signing is not enforced.
Demo in second tweet.
https://t.co/mUYoUJin2l
🔗 https://github.com/Dec0ne/DavRelayUp
🐥 [ tweet ]
Introducing DavRelayUp - A port of #KrbRelayUp with modifications to allow for NTLM relay from WebDAV to LDAP and abuse #RBCD in order achieve #LPE in domain-joined windows workstations where LDAP signing is not enforced.
Demo in second tweet.
https://t.co/mUYoUJin2l
🔗 https://github.com/Dec0ne/DavRelayUp
🐥 [ tweet ]
🔥5
Offensive Xwitter
😈 [ dec0ne, Mor Davidovich ] Introducing DavRelayUp - A port of #KrbRelayUp with modifications to allow for NTLM relay from WebDAV to LDAP and abuse #RBCD in order achieve #LPE in domain-joined windows workstations where LDAP signing is not enforced. Demo…
Справедливости ради - мой коллега перешаманил KrbRelayUp в DavRelayUp, когда это еще не было мейнстримом 😐
🔗 https://github.com/BronzeBee/DavRelayUp
🔗 https://github.com/BronzeBee/DavRelayUp
🔥8
😈 [ ZeroMemoryEx, V2 ]
Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes
https://t.co/UGt7cd1DYu
🔗 https://github.com/ZeroMemoryEx/Terminator
🐥 [ tweet ]
Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes
https://t.co/UGt7cd1DYu
🔗 https://github.com/ZeroMemoryEx/Terminator
🐥 [ tweet ]
🔥3
😈 [ SEKTOR7net, SEKTOR7 Institute ]
Sliver comms from a threat hunter's perspective, by Kevin Breen of @immersivelabs
#redteam
https://t.co/apzLfFtYjX
🔗 https://www.immersivelabs.com/blog/detecting-and-decrypting-sliver-c2-a-threat-hunters-guide/
🐥 [ tweet ]
Sliver comms from a threat hunter's perspective, by Kevin Breen of @immersivelabs
#redteam
https://t.co/apzLfFtYjX
🔗 https://www.immersivelabs.com/blog/detecting-and-decrypting-sliver-c2-a-threat-hunters-guide/
🐥 [ tweet ]
😈 [ eversinc33, eversinc33 ]
Dumbest AMSI bypass I know so far, but it works: sideloading a fake amsi.dll to a copied version of powershell which simply return S_OK / AMSI_RESULT_CLEAN for every command. I would have thought that there was some kind of signature check upon loading amsi.dll but apparently not
🐥 [ tweet ]
Dumbest AMSI bypass I know so far, but it works: sideloading a fake amsi.dll to a copied version of powershell which simply return S_OK / AMSI_RESULT_CLEAN for every command. I would have thought that there was some kind of signature check upon loading amsi.dll but apparently not
🐥 [ tweet ]
😁4
😈 [ Octoberfest73, Octoberfest7 ]
Here is my latest, DropSpawn. This is a CS BOF used to spawn additional beacons via a little-known DLL hijacking method that I posted about ~2 months ago. Use as an alternative to process injection and force most any System32 exe to load an arbitrary DLL https://t.co/50GSW4vEJm
🔗 https://github.com/Octoberfest7/DropSpawn_BOF
🐥 [ tweet ]
Here is my latest, DropSpawn. This is a CS BOF used to spawn additional beacons via a little-known DLL hijacking method that I posted about ~2 months ago. Use as an alternative to process injection and force most any System32 exe to load an arbitrary DLL https://t.co/50GSW4vEJm
🔗 https://github.com/Octoberfest7/DropSpawn_BOF
🐥 [ tweet ]
😈 [ ShitSecure, S3cur3Th1sSh1t ]
Last year we did analyse malware from a group targeting malware devs and or offensive security people. Here’s the story, which is also our first technical blog post - more to follow 🙌:
https://t.co/YGMDfP3hLQ
🔗 https://www.r-tec.net/r-tec-blog-when-hackers-hack-the-hackers.html
🐥 [ tweet ]
Last year we did analyse malware from a group targeting malware devs and or offensive security people. Here’s the story, which is also our first technical blog post - more to follow 🙌:
https://t.co/YGMDfP3hLQ
🔗 https://www.r-tec.net/r-tec-blog-when-hackers-hack-the-hackers.html
🐥 [ tweet ]
😈 [ _RastaMouse, Rasta Mouse ]
[BLOG]
Bypassing Defender with ThreatCheck & Ghidra
https://t.co/6pgw8NGzq1
🔗 https://offensivedefence.co.uk/posts/threatcheck-ghidra/
🐥 [ tweet ]
[BLOG]
Bypassing Defender with ThreatCheck & Ghidra
https://t.co/6pgw8NGzq1
🔗 https://offensivedefence.co.uk/posts/threatcheck-ghidra/
🐥 [ tweet ]
🔥4
😈 [ zyn3rgy, Nick Powers ]
Need something to spice up your initial access payloads? ClickOnce may not be a new choice for attackers, but follow along with @0xthirteen and I as we break down our research on using this vector to achieve more trustworthy initial code execution.
https://t.co/rOHo9gjk9X
🔗 https://posts.specterops.io/less-smartscreen-more-caffeine-ab-using-clickonce-for-trusted-code-execution-1446ea8051c5
☢️ "ClickOnce + AppDomain Manager Injection (aka signed EXE + DLL sideloading) is the new Initial Access Hotness" (c) @mariuszbit
🐥 [ tweet ]
Need something to spice up your initial access payloads? ClickOnce may not be a new choice for attackers, but follow along with @0xthirteen and I as we break down our research on using this vector to achieve more trustworthy initial code execution.
https://t.co/rOHo9gjk9X
🔗 https://posts.specterops.io/less-smartscreen-more-caffeine-ab-using-clickonce-for-trusted-code-execution-1446ea8051c5
☢️ "ClickOnce + AppDomain Manager Injection (aka signed EXE + DLL sideloading) is the new Initial Access Hotness" (c) @mariuszbit
🐥 [ tweet ]
🔥1
😈 [ d3lb3_, Julien Bedel ]
After January's patch of KeePass trigger abuse technique, I decided to take a deep dive into the software features, ending up with new ways to extract passwords through the the configuration file!
Details and mitigations below, enjoy the read ✌️
https://t.co/nhaad3p6dw
🔗 https://d3lb3.github.io/keepass_triggers_arent_dead
🐥 [ tweet ]
After January's patch of KeePass trigger abuse technique, I decided to take a deep dive into the software features, ending up with new ways to extract passwords through the the configuration file!
Details and mitigations below, enjoy the read ✌️
https://t.co/nhaad3p6dw
🔗 https://d3lb3.github.io/keepass_triggers_arent_dead
🐥 [ tweet ]
🤯4🔥2
😈 [ bohops, bohops ]
[Blog] No Alloc, No Problem: Leveraging Program Entry Points for Process Injection
An analysis of AddressOfEntryPoint and the 'new' ThreadQuerySetWin32StartAddress (ThreadQuery) process injection techniques
https://t.co/K9DuL5he0h
🔗 https://bohops.com/2023/06/09/no-alloc-no-problem-leveraging-program-entry-points-for-process-injection/
🐥 [ tweet ]
[Blog] No Alloc, No Problem: Leveraging Program Entry Points for Process Injection
An analysis of AddressOfEntryPoint and the 'new' ThreadQuerySetWin32StartAddress (ThreadQuery) process injection techniques
https://t.co/K9DuL5he0h
🔗 https://bohops.com/2023/06/09/no-alloc-no-problem-leveraging-program-entry-points-for-process-injection/
🐥 [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ t3l3machus, Panagiotis Chartas ]
A browser Man-In-The-Middle attack in 58 seconds, using #toxssin.
⚙ GitHub -> https://t.co/1IVyfjakJ5
🎥 Full video -> https://t.co/v1Oapbw8uU
Please subscribe -> https://t.co/Gcekp1Gagb
#hacking #hackingtools #xss #pentesting #redteam #t3l3machus https://t.co/zJ2Fv99iOR
🔗 https://github.com/t3l3machus/toxssin
🔗 https://youtu.be/Z9I4UJUBrrY
🔗 https://www.youtube.com/@HaxorTechTones
🐥 [ tweet ]
A browser Man-In-The-Middle attack in 58 seconds, using #toxssin.
⚙ GitHub -> https://t.co/1IVyfjakJ5
🎥 Full video -> https://t.co/v1Oapbw8uU
Please subscribe -> https://t.co/Gcekp1Gagb
#hacking #hackingtools #xss #pentesting #redteam #t3l3machus https://t.co/zJ2Fv99iOR
🔗 https://github.com/t3l3machus/toxssin
🔗 https://youtu.be/Z9I4UJUBrrY
🔗 https://www.youtube.com/@HaxorTechTones
🐥 [ tweet ]
🔥7