π [ FuzzySec, b33f | πΊπ¦β ]
This is great stuff! https://t.co/9hWHgRDu65
π https://zeronetworks.com/blog/stopping_lateral_movement_via_the_rpc_firewall/
π₯ [ tweet ][ quote ]
This is great stuff! https://t.co/9hWHgRDu65
π https://zeronetworks.com/blog/stopping_lateral_movement_via_the_rpc_firewall/
π₯ [ tweet ][ quote ]
π [ Tyl0us, Matt Eidelberg ]
Seeing the crazy stuff people on my team do always inspires me. In this case, I am talking about @garrfoster for coming up with this amazing DACL parser for Active Directory. This is π₯! Check it out: https://t.co/SkkWfrVIYl #netsec #redteam
π https://github.com/garrettfoster13/aced
π₯ [ tweet ]
Seeing the crazy stuff people on my team do always inspires me. In this case, I am talking about @garrfoster for coming up with this amazing DACL parser for Active Directory. This is π₯! Check it out: https://t.co/SkkWfrVIYl #netsec #redteam
π https://github.com/garrettfoster13/aced
π₯ [ tweet ]
π1
π [ Six2dez1, Six2dez ]
OneListForAll repo has reached 1K stars π₯³ and I updated it just now with a few more wordlists repos, even the manually crafted for low-hanging fruits "onelistforallmicro.txt"
Also for the cryptobros I've added BTC address in the GH sponsors button π
https://t.co/20iNJ1vtyS
π https://github.com/six2dez/OneListForAll
π₯ [ tweet ]
OneListForAll repo has reached 1K stars π₯³ and I updated it just now with a few more wordlists repos, even the manually crafted for low-hanging fruits "onelistforallmicro.txt"
Also for the cryptobros I've added BTC address in the GH sponsors button π
https://t.co/20iNJ1vtyS
π https://github.com/six2dez/OneListForAll
π₯ [ tweet ]
π1
π [ GeKarantzas, NtSetInformationProcess() ]
https://t.co/w8mz6nft5M
Our latest research covered in a colaboratibe blog post. Views expressed belong to the researchers only amd do not represent the EU or present and future employers of people involved.
@C5pider @MDSecLabs @redcode_labs @SentinelOne
π https://www.sentinelone.com/blog/research-paper-emulating-phineas-phisher-attacks-in-modern-edr-environments/
π₯ [ tweet ]
https://t.co/w8mz6nft5M
Our latest research covered in a colaboratibe blog post. Views expressed belong to the researchers only amd do not represent the EU or present and future employers of people involved.
@C5pider @MDSecLabs @redcode_labs @SentinelOne
π https://www.sentinelone.com/blog/research-paper-emulating-phineas-phisher-attacks-in-modern-edr-environments/
π₯ [ tweet ]
π1
π [ an0n_r0, an0n ]
Sliver setup is effortless. Just tried it, currently the default config (without customization) works well against simple Defender. I think it's worth further playing. I don't think we should say goodbye to CS, but as an alternative, (not just because of this) it is promising.
π₯ [ tweet ][ quote ]
Sliver setup is effortless. Just tried it, currently the default config (without customization) works well against simple Defender. I think it's worth further playing. I don't think we should say goodbye to CS, but as an alternative, (not just because of this) it is promising.
π₯ [ tweet ][ quote ]
π2
π [ BCSecurity1, BC Security ]
A wave of Malicious Doc exploits
has been released over the last year.
Our newest blog from @_Hubbl3
discusses one of the most recent attacks,#Follina, which was only just patched by @Microsoft this week.
https://t.co/HX3TxFZhJ6
π https://www.bc-security.org/post/maldocs-are-evolving/
π₯ [ tweet ]
A wave of Malicious Doc exploits
has been released over the last year.
Our newest blog from @_Hubbl3
discusses one of the most recent attacks,#Follina, which was only just patched by @Microsoft this week.
https://t.co/HX3TxFZhJ6
π https://www.bc-security.org/post/maldocs-are-evolving/
π₯ [ tweet ]
π1
π [ ReconOne_, ReconOne ]
Do you want to focus on "Interesting" subdomains only? Try this π
#recontips #bugbountytips #recon #AttackSurface #subdomains #reconone
π₯ [ tweet ]
Do you want to focus on "Interesting" subdomains only? Try this π
#recontips #bugbountytips #recon #AttackSurface #subdomains #reconone
π₯ [ tweet ]
π [ praetorianlabs, Praetorian ]
Check out our latest blog post where we discuss how we discovered a novel privilege escalation attack path and worked with AWS to clarify inaccuracies regarding IAM permissions
https://t.co/de5gIMPgfK
π https://www.praetorian.com/blog/stsgetsessiontoken-role-chaining-in-aws/
π₯ [ tweet ]
Check out our latest blog post where we discuss how we discovered a novel privilege escalation attack path and worked with AWS to clarify inaccuracies regarding IAM permissions
https://t.co/de5gIMPgfK
π https://www.praetorian.com/blog/stsgetsessiontoken-role-chaining-in-aws/
π₯ [ tweet ]
π2
π [ N4k3dTurtl3, NA ]
"Don't try to prevent the breach, that is impossible. Instead, only try to realize the truth. There is no breach" -- Every bloody CISO
π₯ [ tweet ]
"Don't try to prevent the breach, that is impossible. Instead, only try to realize the truth. There is no breach" -- Every bloody CISO
π₯ [ tweet ]
π1π₯1
π [ NinjaParanoid, Paranoid Ninja (Brute Ratel C4) ]
Apparently these dumbfucks @GeKarantzas @kpatsak joined my BRc4 channel and started falsifying bug-reports/detections after impersonating one of my clients under the handle redteamdaddy. I feel seriously sorry for anyone who hires this guy. What kind of Uni-Professor does that?
π₯ [ tweet ]
Apparently these dumbfucks @GeKarantzas @kpatsak joined my BRc4 channel and started falsifying bug-reports/detections after impersonating one of my clients under the handle redteamdaddy. I feel seriously sorry for anyone who hires this guy. What kind of Uni-Professor does that?
π₯ [ tweet ]
π [ VirtualAllocEx, Daniel Feichter ]
Sliver is a nice C2, but I personally can't understand why many people do compare or mess it with Cobalt Strike. Besides Brutel Ratel (BRc4), Cobalt Strike is in my opionion still the C2 leader with the strongest community in the background.
#redteam #itsecurity #pentest
π₯ [ tweet ][ quote ]
Sliver is a nice C2, but I personally can't understand why many people do compare or mess it with Cobalt Strike. Besides Brutel Ratel (BRc4), Cobalt Strike is in my opionion still the C2 leader with the strongest community in the background.
#redteam #itsecurity #pentest
π₯ [ tweet ][ quote ]
π [ an0n_r0, an0n ]
some kind of staging: easily injecting a Sliver beacon shellcode (pulled from an http url) into a running process using the ProcessInjection tool by @chiragsavla94 :) https://t.co/L29GbRHkdJ
π https://github.com/3xpl01tc0d3r/ProcessInjection
π₯ [ tweet ][ quote ]
some kind of staging: easily injecting a Sliver beacon shellcode (pulled from an http url) into a running process using the ProcessInjection tool by @chiragsavla94 :) https://t.co/L29GbRHkdJ
π https://github.com/3xpl01tc0d3r/ProcessInjection
π₯ [ tweet ][ quote ]
π₯1
π [ _RastaMouse, Rasta Mouse ]
[BLOG]
Short post on how to use Firefox to access internal web apps over SOCKS using NTLM authentication.
https://t.co/8jpKGfWiZW
π https://offensivedefence.co.uk/posts/ntlm-auth-firefox/
π₯ [ tweet ]
[BLOG]
Short post on how to use Firefox to access internal web apps over SOCKS using NTLM authentication.
https://t.co/8jpKGfWiZW
π https://offensivedefence.co.uk/posts/ntlm-auth-firefox/
π₯ [ tweet ]
π1π₯1
π [ ippsec, ippsec ]
I really hated Linux auditing until I found this. Couple it with Laurel and it becomes really easy to ingest these types of logs. Best of all, logging on linux is so rare most adversaries won't see it coming and get caught instantly. Demo here: https://t.co/G29XsbulRm
π https://www.youtube.com/watch?v=lc1i9h1GyMA
π₯ [ tweet ][ quote ]
I really hated Linux auditing until I found this. Couple it with Laurel and it becomes really easy to ingest these types of logs. Best of all, logging on linux is so rare most adversaries won't see it coming and get caught instantly. Demo here: https://t.co/G29XsbulRm
π https://www.youtube.com/watch?v=lc1i9h1GyMA
π₯ [ tweet ][ quote ]
π2
π [ N4k3dTurtl3, NA ]
The possibility of prison time for illegal hacking seems less serious when faced with writing a report for a 9 week assessment.
π₯ [ tweet ]
The possibility of prison time for illegal hacking seems less serious when faced with writing a report for a 9 week assessment.
π₯ [ tweet ]
π [ m3g9tr0n, Spiros Fraganastasis ]
I really can't understand why there is so much ego in infosec. Relax, life is short to be pissed off all the time. If you think you are too special just consider there are people out there researching on nuclear physics, applied mathematics, beating diseases without bragging.
π₯ [ tweet ]
I really can't understand why there is so much ego in infosec. Relax, life is short to be pissed off all the time. If you think you are too special just consider there are people out there researching on nuclear physics, applied mathematics, beating diseases without bragging.
π₯ [ tweet ]
π1