π [ clintgibler, Clint Gibler ]
ποΈ Awesome RCE Techniques
A list of techniques to achieve Remote Code Execution on various apps
Including:
CMS - Joomla, Wordpress
LMS - Moodle
Frameworks - JBoss, Tomcat
Other - GiTea, Jenkins
By @podalirius_
#bugbounty #bugbountytips
https://t.co/9kOdw4ammT
π https://github.com/p0dalirius/Awesome-RCE-techniques
π₯ [ tweet ]
ποΈ Awesome RCE Techniques
A list of techniques to achieve Remote Code Execution on various apps
Including:
CMS - Joomla, Wordpress
LMS - Moodle
Frameworks - JBoss, Tomcat
Other - GiTea, Jenkins
By @podalirius_
#bugbounty #bugbountytips
https://t.co/9kOdw4ammT
π https://github.com/p0dalirius/Awesome-RCE-techniques
π₯ [ tweet ]
π₯2
π [ Tyl0us, Matt Eidelberg ]
Mangle is a tool that manipulates aspects of compiled PEs to avoid detection from EDRs. It can strip out IoCs and inflate files to avoid detection and more. Check it out https://t.co/lpQCrDGnd1 #netsec #redteam #evasion
π https://github.com/optiv/Mangle
π₯ [ tweet ]
Mangle is a tool that manipulates aspects of compiled PEs to avoid detection from EDRs. It can strip out IoCs and inflate files to avoid detection and more. Check it out https://t.co/lpQCrDGnd1 #netsec #redteam #evasion
π https://github.com/optiv/Mangle
π₯ [ tweet ]
π₯1
π [ am0nsec, Paul L. ]
Been trying to find a way to dynamically (introspection?) resolve symbols within the kernel in order to experiment with undocumented/non-exported symbols with the help of PDBs. Getting the inspiration from reversing WinDBG/kdexts and the way they evaluate expressions.
π₯ [ tweet ]
Been trying to find a way to dynamically (introspection?) resolve symbols within the kernel in order to experiment with undocumented/non-exported symbols with the help of PDBs. Getting the inspiration from reversing WinDBG/kdexts and the way they evaluate expressions.
π₯ [ tweet ]
π [ adamsvoboda, Adam Svoboda ]
Want to dump LSASS but dealing with MDE/ATP and ASR rules? Learn how to extract a list of whitelisted exclusion paths from Defender's signature update files in this blog post: https://t.co/08Uo0UpQcm
π https://adamsvoboda.net/extracting-asr-rules/
π₯ [ tweet ]
Want to dump LSASS but dealing with MDE/ATP and ASR rules? Learn how to extract a list of whitelisted exclusion paths from Defender's signature update files in this blog post: https://t.co/08Uo0UpQcm
π https://adamsvoboda.net/extracting-asr-rules/
π₯ [ tweet ]
π₯1
π [ NinjaParanoid, Paranoid Ninja (Brute Ratel C4) ]
Going forward Brute Ratel will focus only on evasions and Red Team and not the purple team counterpart. Anything that does not contribute to Red Team will be Open Sourced. The PowerShell loader which was used in BRc4 is now added here:
https://t.co/PLbYVX93X9
π https://github.com/paranoidninja/Brute-Ratel-C4-Community-Kit
π₯ [ tweet ]
Going forward Brute Ratel will focus only on evasions and Red Team and not the purple team counterpart. Anything that does not contribute to Red Team will be Open Sourced. The PowerShell loader which was used in BRc4 is now added here:
https://t.co/PLbYVX93X9
π https://github.com/paranoidninja/Brute-Ratel-C4-Community-Kit
π₯ [ tweet ]
Offensive Xwitter
π [ adamsvoboda, Adam Svoboda ] Want to dump LSASS but dealing with MDE/ATP and ASR rules? Learn how to extract a list of whitelisted exclusion paths from Defender's signature update files in this blog post: https://t.co/08Uo0UpQcm π https://adamsvoboda.net/extractingβ¦
π [ HackingLZ, Justin Elze ]
The original research has been out over a year now and flew under the radar. This might be useful for people wanting to look at Defender ASR rules/other things. All credit goes to others im just trying to get these semi structured https://t.co/c8J2rBDJKH
π https://github.com/HackingLZ/ExtractedDefender
π₯ [ tweet ]
The original research has been out over a year now and flew under the radar. This might be useful for people wanting to look at Defender ASR rules/other things. All credit goes to others im just trying to get these semi structured https://t.co/c8J2rBDJKH
π https://github.com/HackingLZ/ExtractedDefender
π₯ [ tweet ]
π [ SecurePeacock, Christopher Peacock π¦ ]
Pentests and adversary emulation are not the same...
π₯ [ tweet ]
Pentests and adversary emulation are not the same...
π₯ [ tweet ]
ΠΠΏΡΡΡ ΠΏΠ΅Π½ΡΠ΅ΡΡΠ΅ΡΠΎΠ² ΠΎΠ±ΠΈΠΆΠ°ΡΡβ¦π₯1π’1
π [ praetorianlabs, Praetorian ]
Praetorian has developed and is releasing an open source tool ADFSRelay and NTLMParse, which can be used for performing relaying attacks targeting ADFS and analyzing NTLM messages respectively.
https://t.co/Zzxb5cUDsa
π https://www.praetorian.com/blog/relaying-to-adfs-attacks/
π₯ [ tweet ]
Praetorian has developed and is releasing an open source tool ADFSRelay and NTLMParse, which can be used for performing relaying attacks targeting ADFS and analyzing NTLM messages respectively.
https://t.co/Zzxb5cUDsa
π https://www.praetorian.com/blog/relaying-to-adfs-attacks/
π₯ [ tweet ]
π₯1
π [ s4ntiago_p, S4ntiagoP ]
New update to nanodump!
You can now force WerFault.exe to dump LSASS for you. Thanks to @asaf_gilboa for the original research.
https://t.co/R2lVXtd3uX
π https://github.com/helpsystems/nanodump/commit/578116faea3d278d53d70ea932e2bbfe42569507
π₯ [ tweet ]
New update to nanodump!
You can now force WerFault.exe to dump LSASS for you. Thanks to @asaf_gilboa for the original research.
https://t.co/R2lVXtd3uX
π https://github.com/helpsystems/nanodump/commit/578116faea3d278d53d70ea932e2bbfe42569507
π₯ [ tweet ]
π [ praetorianlabs, Praetorian ]
For the last 48 hours, our red teams have been leveraging the new dfscoerce security flaw to achieve domain admin with wild success. Here are some tips on detecting the activity
https://t.co/awSFENDvpO
#dfscoerce
π https://www.praetorian.com/blog/how-to-detect-dfscoerce/
π₯ [ tweet ]
For the last 48 hours, our red teams have been leveraging the new dfscoerce security flaw to achieve domain admin with wild success. Here are some tips on detecting the activity
https://t.co/awSFENDvpO
#dfscoerce
π https://www.praetorian.com/blog/how-to-detect-dfscoerce/
π₯ [ tweet ]
π [ s4ntiago_p, S4ntiagoP ]
New update to nanodump!
You can now force WerFault.exe to dump LSASS for you. Thanks to @asaf_gilboa for the original research.
https://t.co/R2lVXtd3uX
π https://github.com/helpsystems/nanodump/commit/578116faea3d278d53d70ea932e2bbfe42569507
π₯ [ tweet ]
New update to nanodump!
You can now force WerFault.exe to dump LSASS for you. Thanks to @asaf_gilboa for the original research.
https://t.co/R2lVXtd3uX
π https://github.com/helpsystems/nanodump/commit/578116faea3d278d53d70ea932e2bbfe42569507
π₯ [ tweet ]
π [ DirectoryRanger, DirectoryRanger ]
Offensive Windows IPC Internals, by @0xcsandker
Part 1: Named Pipes https://t.co/Ug3gPKHrza
Part 2: RPC https://t.co/cfgY8eaOVa
Part 3: ALPC https://t.co/avXPjh8d6W
π https://csandker.io/2021/01/10/Offensive-Windows-IPC-1-NamedPipes.html
π https://csandker.io/2021/02/21/Offensive-Windows-IPC-2-RPC.html
π https://csandker.io/2022/05/24/Offensive-Windows-IPC-3-ALPC.html
π₯ [ tweet ]
Offensive Windows IPC Internals, by @0xcsandker
Part 1: Named Pipes https://t.co/Ug3gPKHrza
Part 2: RPC https://t.co/cfgY8eaOVa
Part 3: ALPC https://t.co/avXPjh8d6W
π https://csandker.io/2021/01/10/Offensive-Windows-IPC-1-NamedPipes.html
π https://csandker.io/2021/02/21/Offensive-Windows-IPC-2-RPC.html
π https://csandker.io/2022/05/24/Offensive-Windows-IPC-3-ALPC.html
π₯ [ tweet ]
π [ DirectoryRanger, DirectoryRanger ]
SharpWSUS. CSharp tool for lateral movement through WSUS
https://t.co/0hDHe6ePZs
π https://github.com/nettitude/SharpWSUS
π₯ [ tweet ]
SharpWSUS. CSharp tool for lateral movement through WSUS
https://t.co/0hDHe6ePZs
π https://github.com/nettitude/SharpWSUS
π₯ [ tweet ]
π [ clearbluejar, clearbluejar ]
Cheers to @itm4n for inspiration, @topotam77 for PetitPotam, and @tiraniddo for NtObjectManager.
New post detailing #RPC auditing with NtObjectManager
https://t.co/7brWus4LoV
π https://clearbluejar.github.io/posts/from-ntobjectmanager-to-petitpotam/
π₯ [ tweet ]
Cheers to @itm4n for inspiration, @topotam77 for PetitPotam, and @tiraniddo for NtObjectManager.
New post detailing #RPC auditing with NtObjectManager
https://t.co/7brWus4LoV
π https://clearbluejar.github.io/posts/from-ntobjectmanager-to-petitpotam/
π₯ [ tweet ]
π [ vxunderground, vx-underground ]
We've update the VXUG Windows Malware paper collection
-Studying Next Generation Malware: NightHawks attempt as Sleep obfuscation
-About: Remote Library Injection
-KCTHIJACK - KernelCallbackTableInjection
-Sleep Obfuscation: Ekko
-Gargoyle x64: DeepSleep
https://t.co/cLyIwMexhc
π https://www.vx-underground.org/windows.html
π₯ [ tweet ]
We've update the VXUG Windows Malware paper collection
-Studying Next Generation Malware: NightHawks attempt as Sleep obfuscation
-About: Remote Library Injection
-KCTHIJACK - KernelCallbackTableInjection
-Sleep Obfuscation: Ekko
-Gargoyle x64: DeepSleep
https://t.co/cLyIwMexhc
π https://www.vx-underground.org/windows.html
π₯ [ tweet ]
π [ jsecurity101, Jonny Johnson ]
See a scheduled task using <ComHandler> in the actions tag where the principal is SYSTEM but can't modify the CLSID in HKLM?
Impersonate TrustedInstaller, change the registry value to point to your DLL and send it.
π₯ [ tweet ]
See a scheduled task using <ComHandler> in the actions tag where the principal is SYSTEM but can't modify the CLSID in HKLM?
Impersonate TrustedInstaller, change the registry value to point to your DLL and send it.
π₯ [ tweet ]