😈 [ filip_dragovic, Filip Dragovic ]

Spooler service disabled, RPC filters installed to prevent PetitPotam and File Server VSS Agent Service not installed but you still want to relay DC authentication to ADCS?
Don't worry MS-DFSNM have your back ;)

https://t.co/idwMnM8nIV

🔗 https://github.com/Wh04m1001/DFSCoerce

🐥 [ tweet ]

😈 [ hasherezade, hasherezade ]

Now you can use #mal_unpack via dedicated Python wrappers: https://t.co/9wy3DVR2Ez

🔗 https://github.com/hasherezade/mal_unpack_py

🐥 [ tweet ][ quote ]

😈 [ 0xdf_, 0xdf ]

Paper from @hackthebox_eu is themed on The Office, and is a lot of fun. There's a WordPress vuln, a https://t.co/YmCr3bYY7J bot, and a Polkit CVE. In Beyond root I'll show why it is not vulnerable to PwnKit, and then make it vulnerable and exploit it.

https://t.co/noix1pLv5O

🔗 http://Rocket.Chat
🔗 https://0xdf.gitlab.io/2022/06/18/htb-paper.html

🐥 [ tweet ]

😈 [ DirectoryRanger, DirectoryRanger ]

Windows Credential Dumping, by @jangeisbauer
https://t.co/5eNERw95K5

🔗 https://emptydc.com/2022/06/08/windows-credential-dumping/

🐥 [ tweet ]

😈 [ SkelSec, SkelSec ]

Pentest framework running entirely* in the browser via @pyodide
OctoPwnWeb has been presented @a41con. This project was in the making for years Support us @porchetta_ind
Talk
https://t.co/l2z0x63cIk
Slides
https://t.co/Nx3Egczptq
Tool
https://t.co/FgZbJHOrsi
*deets in the talk

🔗 https://youtu.be/jStdrDHTmD4
🔗 https://docs.google.com/presentation/d/1XQFYr_OBI1lrpybsLrHWTWcYNZcF_zOmGDHiIBwSMng
🔗 http://octopwn.porchetta.industries/

🐥 [ tweet ]

👹 [ snovvcrash, sn🥶vvcr💥sh ]

[#Tooling ⚔️] Added @jor6PS’s DrawNmap project for visualizing Nmap reports to #DivideAndScan. Dunno whether it’s really needed there, but I was just bored I guess. DrawNmap is cool anyway, take a look: https://t.co/6jW8grFb9F

#nmap #portscan

🔗 https://github.com/jor6PS/DrawNmap

🐥 [ tweet ]

😈 [ NinjaParanoid, Paranoid Ninja (Brute Ratel C4) ]

A brief explanation on open source Sleep Obfuscation Techniques v/s Brute Ratel C4. Video includes x64dbg and Process Hacker to provide POC!!! Because POC > Shitposting!! Cheers!
https://t.co/1Xizj5CjHJ

🔗 https://youtu.be/nB5QHVtN9_g

🐥 [ tweet ]

😈 [ an0n_r0, an0n ]

just wanted to see how difficult it is to run CS BOF inside Sliver (tested NoteThief BOF by @trainr3kt). it is super easy! the coff-loader extension in the Sliver armory provides the compatibility layer (code is unchanged), only had to add an ext json: https://t.co/I8dPsvoV3M.

🔗 https://github.com/tothi/NoteThief/blob/main/extension.json

🐥 [ tweet ]

😈 [ _Kudaes_, Kurosh Dabbagh ]

I've just pushed an small update on Dumpy with some new features:
- x86 support.
- New flag "upload" that allows to send the xored dump through HTTP directly from memory, avoiding to store it on disk.
- New help menu.

https://t.co/dvope0TAD9

🔗 https://github.com/Kudaes/Dumpy

🐥 [ tweet ]

😈 [ BCSecurity1, BC Security ]

Empire 5.0-alpha is entering closed testing starting this week. Community Contributors and Sponsors can access the 5.0-dev branch and test the last builds! Here is a preview of the new integrated Starkiller GUI hosted through the web.
https://t.co/ZvNDIVrb1Z

🔗 https://github.com/sponsors/BC-SECURITY

🐥 [ tweet ]

👹 [ snovvcrash, sn🥶vvcr💥sh ]

[#HackTip 🛠] Some tips and links on how NTDS reversible encryption usage (means you can DCSync cleartext passwords) can be enumerated during an AD security assessment:

🔗 https://t.co/pjUzcqzxYK
🔗 https://t.co/km8ZhkrJrt

#ntds #ad #adsecurity

🔗 https://adsecurity.org/?p=2053
🔗 https://www.blackhillsinfosec.com/how-i-cracked-a-128-bit-password/

🐥 [ tweet ]

😈 [ DebugPrivilege, - ]

#HuntingTipOfTheDay - 'I bypassed Windows Defender' - Uh not really? I highly recommend Red Teamers that claim this kind of stuff to take a close look to the MpLogs and MpDetection files.

🐥 [ tweet ]

😈 [ ReconOne_, ReconOne ]

This is my quick nmap setup, to scan critical ports at fast rate 💪🏻🔥

#portscan #attacksurface #recontips #bugbountytips #recon #nmap

🐥 [ tweet ]

😈 [ tiraniddo, James Forshaw ]

Didn't realize .NET 5 introduced an ASN.1 reader/writer. Also available for Framework from nuget. Pretty convenient if you need a quick ASN.1 parser :-) https://t.co/H7a1YlMyNK

🔗 https://docs.microsoft.com/en-us/dotnet/api/system.formats.asn1

🐥 [ tweet ]

😈 [ ShitSecure, S3cur3Th1sSh1t ]

Cortex XDR. Try to execute:

"C:\windows\system32\calc.exe kerberoast /format:hashcat /outfile:C:\temp\kerb.txt"

Dynamic analysis shows -> Dangerous Hacktool. Calculator is very evil. 🤓

*hust* modifying parameter names for Rubeus 😅

🐥 [ tweet ]

😈 [ _wald0, Andy Robbins ]

This is a fantastic article on attack path analysis by Marius Elmiger (@m8r1us). Available in both English and German:

🇬🇧 - https://t.co/DrNRhHzdWz
🇩🇪 - https://t.co/JW2g2JwPOZ

🔗 https://www.scip.ch/en/?labs.20220616
🔗 https://www.scip.ch/?labs.20220616

🐥 [ tweet ][ quote ]

😈 [ Jean_Maes_1994, Jean ]

Spoof that stack boyz!
Stack spoofing now in arsenal kit

https://t.co/wTjcxvOBNI

🔗 https://www.cobaltstrike.com/blog/arsenal-kit-update-thread-stack-spoofing/

🐥 [ tweet ]

😈 [ Haus3c, Ryan Hausknecht ]

I merged a PR from @ZephrFish to include support for CloudShell in PowerZure. https://t.co/M39udc9JR1

There's some very cool projects I have planned to release in the next coming months, some of which will affect PowerZure.

🔗 https://github.com/hausec/PowerZure/tree/cloudshell

🐥 [ tweet ]

😈 [ DirectoryRanger, DirectoryRanger ]

An Introduction to Manual Active Directory Querying with Dsquery and Ldapsearch, by @Icemoonhsv
https://t.co/5BkxKQ1Ru1

🔗 https://posts.specterops.io/an-introduction-to-manual-active-directory-querying-with-dsquery-and-ldapsearch-84943c13d7eb

🐥 [ tweet ]

😈 [ DirectoryRanger, DirectoryRanger ]

Combining techniques to defeat Windows Defender and default Applocker rules
https://t.co/FGcEKnqMCw

🔗 https://kymb0.github.io/malwaredev-bypass-av-xml/

🐥 [ tweet ]