π [ merill, Merill Fernando β’ π¦πΊ β’ π±π° ]
Trust me. PowerShell is not going to be the same again once you do this.
Update to the latest version of PowerShell and run this command.
Set-PSReadLineOption -PredictionViewStyle ListView
Your entire PowerShell history at your fingertips!
π₯ [ tweet ]
Trust me. PowerShell is not going to be the same again once you do this.
Update to the latest version of PowerShell and run this command.
Set-PSReadLineOption -PredictionViewStyle ListView
Your entire PowerShell history at your fingertips!
π₯ [ tweet ]
π [ splinter_code, Antonio Cocomazzi ]
My blog series "The hidden side of Seclogon" continues with part 3: Racing for LSASS dumps π₯
Enjoy the read :D
https://t.co/awa5i9ZoJE
π https://splintercod3.blogspot.com/p/the-hidden-side-of-seclogon-part-3.html
π₯ [ tweet ]
My blog series "The hidden side of Seclogon" continues with part 3: Racing for LSASS dumps π₯
Enjoy the read :D
https://t.co/awa5i9ZoJE
π https://splintercod3.blogspot.com/p/the-hidden-side-of-seclogon-part-3.html
π₯ [ tweet ]
π [ SEKTOR7net, SEKTOR7 Institute ]
"Things that were hard to bear are sweet to remember."
- Seneca Minor
π₯ [ tweet ][ quote ]
"Things that were hard to bear are sweet to remember."
- Seneca Minor
π₯ [ tweet ][ quote ]
π [ metasploit, Metasploit Project ]
EfsPotato-efspotahto
https://t.co/1yskSWb6qD
π https://youtu.be/QVorNIfY5Ow
π₯ [ tweet ]
EfsPotato-efspotahto
https://t.co/1yskSWb6qD
π https://youtu.be/QVorNIfY5Ow
π₯ [ tweet ]
π [ _mohemiv, Arseniy Sharoglazov ]
π£ If you have access to a Windows machine, try to get NAA credentials via Impacket:
1. https://t.co/HfDmnqOOl7 -rpc-auth-level privacy -namespace '//./root/ccm/policy/Machine/ActualConfig' CONTOSO/user:pass@host
2. SELECT * FROM CCM_NetworkAccessAccount
Credits: @subat0mik
π http://wmiquery.py
π₯ [ tweet ][ quote ]
π£ If you have access to a Windows machine, try to get NAA credentials via Impacket:
1. https://t.co/HfDmnqOOl7 -rpc-auth-level privacy -namespace '//./root/ccm/policy/Machine/ActualConfig' CONTOSO/user:pass@host
2. SELECT * FROM CCM_NetworkAccessAccount
Credits: @subat0mik
π http://wmiquery.py
π₯ [ tweet ][ quote ]
π [ JasonFossen, Jason Fossen ]
How to host the PowerShell engine inside of Python and then run PowerShell code inside Python (and not spawn an external process):
https://t.co/kDal7LhP1e
#PowerShell #Python #SEC573 #SEC505 @MarkBaggett
π https://devblogs.microsoft.com/powershell/hosting-powershell-in-a-python-script/
π₯ [ tweet ]
How to host the PowerShell engine inside of Python and then run PowerShell code inside Python (and not spawn an external process):
https://t.co/kDal7LhP1e
#PowerShell #Python #SEC573 #SEC505 @MarkBaggett
π https://devblogs.microsoft.com/powershell/hosting-powershell-in-a-python-script/
π₯ [ tweet ]
π [ Tarlogic, Tarlogic ]
#ZeroTrust is one of the trending concepts in the #cybersecurity world. But the hype around it is perhaps a bit excessive. In this article, we explain why... π
https://t.co/hUiMeq6bnR
π https://www.tarlogic.com/blog/demystifying-zero-trust/
π₯ [ tweet ]
#ZeroTrust is one of the trending concepts in the #cybersecurity world. But the hype around it is perhaps a bit excessive. In this article, we explain why... π
https://t.co/hUiMeq6bnR
π https://www.tarlogic.com/blog/demystifying-zero-trust/
π₯ [ tweet ]
π [ itm4n, ClΓ©ment Labro ]
@splinter_code Yeaaaaaaaah! Love this series! π
Recently, I also tested this technique to evade the LSASS dump detection. cc @k4nfr3
π https://t.co/e0rZHBcWZN
Overriding the first occurrence of "lsass.pdb" seems to be enough but of course there are plenty of ways to achieve the same result.
π https://www.bussink.net/lsass-minidump-file-seen-as-malicious-by-mcafee-av/
π₯ [ tweet ]
@splinter_code Yeaaaaaaaah! Love this series! π
Recently, I also tested this technique to evade the LSASS dump detection. cc @k4nfr3
π https://t.co/e0rZHBcWZN
Overriding the first occurrence of "lsass.pdb" seems to be enough but of course there are plenty of ways to achieve the same result.
π https://www.bussink.net/lsass-minidump-file-seen-as-malicious-by-mcafee-av/
π₯ [ tweet ]
π [ PortSwiggerRes, PortSwigger Research ]
Bypassing Firefox's HTML Sanitizer API by @garethheyes
https://t.co/ePGrxxTVDW
π https://portswigger.net/research/bypassing-firefoxs-html-sanitizer-api
π₯ [ tweet ]
Bypassing Firefox's HTML Sanitizer API by @garethheyes
https://t.co/ePGrxxTVDW
π https://portswigger.net/research/bypassing-firefoxs-html-sanitizer-api
π₯ [ tweet ]
π [ __mez0__, πΞ΅δΉοΌ ]
Obfuscating Reflective DLL Memory Regions with Timers: https://t.co/dxLLXjmZui
π https://mez0.cc/posts/vulpes-obfuscating-memory-regions/
π₯ [ tweet ]
Obfuscating Reflective DLL Memory Regions with Timers: https://t.co/dxLLXjmZui
π https://mez0.cc/posts/vulpes-obfuscating-memory-regions/
π₯ [ tweet ]
π€―1
π [ NinjaParanoid, Paranoid Ninja (Brute Ratel C4) ]
Recorded a video demonstration explaining full thread stack spoofing. Video includes Process Hacker for POC. Should be useful for both analysts on hunting suspicious threads and mapped regions in memory, unless of course someone is using Brute Ratel C4 π
https://t.co/qB6hzJESR9
π https://youtu.be/7EheXiC3MJE
π₯ [ tweet ]
Recorded a video demonstration explaining full thread stack spoofing. Video includes Process Hacker for POC. Should be useful for both analysts on hunting suspicious threads and mapped regions in memory, unless of course someone is using Brute Ratel C4 π
https://t.co/qB6hzJESR9
π https://youtu.be/7EheXiC3MJE
π₯ [ tweet ]
π [ joehowwolf, William Burgess ]
Ever wanted to make your sketchy sys calls look squeaky clean? I wrote a blog demonstrating a PoC which calls NtOpenProcess to grab a handle to lsass with an arbitrary/spoofed call stack: https://t.co/SWLenJazWW
PoC: https://t.co/jChX0KJrL8
π https://labs.withsecure.com/blog/spoofing-call-stacks-to-confuse-edrs/
π https://github.com/countercept/CallStackSpoofer
π₯ [ tweet ]
Ever wanted to make your sketchy sys calls look squeaky clean? I wrote a blog demonstrating a PoC which calls NtOpenProcess to grab a handle to lsass with an arbitrary/spoofed call stack: https://t.co/SWLenJazWW
PoC: https://t.co/jChX0KJrL8
π https://labs.withsecure.com/blog/spoofing-call-stacks-to-confuse-edrs/
π https://github.com/countercept/CallStackSpoofer
π₯ [ tweet ]
π [ TJ_Null, Tony ]
Since Microsoft plans to disable macros by default, I have decided to release a proof of concept that I use on my engagements by leveraging the document properties built in Microsoft Office.
Here is the link to the article: https://t.co/ZvgDxeuIJG
π https://www.offensive-security.com/offsec/macro-weaponization/
π₯ [ tweet ]
Since Microsoft plans to disable macros by default, I have decided to release a proof of concept that I use on my engagements by leveraging the document properties built in Microsoft Office.
Here is the link to the article: https://t.co/ZvgDxeuIJG
π https://www.offensive-security.com/offsec/macro-weaponization/
π₯ [ tweet ]
π [ HackAndDo, Pixis ]
Check out new lsassy release!
πΈNew dump modules
πΈUsable TGT are displayed alongside credentials
πΈDPAPI Masterkeys are retrieved
For more details you can check release 3.1.2 description
https://t.co/SgnyAW6sWN
π https://github.com/Hackndo/lsassy/releases/tag/v3.1.2
π₯ [ tweet ]
Check out new lsassy release!
πΈNew dump modules
πΈUsable TGT are displayed alongside credentials
πΈDPAPI Masterkeys are retrieved
For more details you can check release 3.1.2 description
https://t.co/SgnyAW6sWN
π https://github.com/Hackndo/lsassy/releases/tag/v3.1.2
π₯ [ tweet ]
π [ ShitSecure, S3cur3Th1sSh1t ]
An relatively easy way to use stack encryption for your implant?
@SolomonSklashβs SleepyCrypt can easily be used from any language:
https://t.co/IiMHZSLXY5
This for example is how to do it with Nim:
https://t.co/Pjr6MJT8hC
Can also be used for Nim C2 implants as Sleep π₯π
π https://github.com/SolomonSklash/SleepyCrypt
π https://gist.github.com/S3cur3Th1sSh1t/6022dc2050bb1b21be2105b8b0dc077d
π₯ [ tweet ]
An relatively easy way to use stack encryption for your implant?
@SolomonSklashβs SleepyCrypt can easily be used from any language:
https://t.co/IiMHZSLXY5
This for example is how to do it with Nim:
https://t.co/Pjr6MJT8hC
Can also be used for Nim C2 implants as Sleep π₯π
π https://github.com/SolomonSklash/SleepyCrypt
π https://gist.github.com/S3cur3Th1sSh1t/6022dc2050bb1b21be2105b8b0dc077d
π₯ [ tweet ]
π [ theluemmel, S4U2LuemmelSec ]
Wrote a small tool to check if RBCD can be abused by checking both ms-ds-machineaccountquota & SeMachineAccountPrivilege
https://t.co/1iYoI8bTCr
Happy pentesting / defending
π https://github.com/LuemmelSec/Pentest-Tools-Collection/blob/main/tools/RBCD_Abuse_Checker.ps1
π₯ [ tweet ]
Wrote a small tool to check if RBCD can be abused by checking both ms-ds-machineaccountquota & SeMachineAccountPrivilege
https://t.co/1iYoI8bTCr
Happy pentesting / defending
π https://github.com/LuemmelSec/Pentest-Tools-Collection/blob/main/tools/RBCD_Abuse_Checker.ps1
π₯ [ tweet ]
π [ chvancooten, Cas van Cooten ]
Kicked off my "MalDev for Dummies" workshop successfully yesterday, which means the repo is now public! Slides, exercises, example code and resources to get you started on your malware development journey. C# and Nim supported for now. Enjoy!!
https://t.co/Z8aQ41QvHQ
π https://github.com/chvancooten/maldev-for-dummies
π₯ [ tweet ]
Kicked off my "MalDev for Dummies" workshop successfully yesterday, which means the repo is now public! Slides, exercises, example code and resources to get you started on your malware development journey. C# and Nim supported for now. Enjoy!!
https://t.co/Z8aQ41QvHQ
π https://github.com/chvancooten/maldev-for-dummies
π₯ [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
π [ _wald0, Andy Robbins ]
Today is Friday, which means it's #BloodHoundBasics day.
Too many nodes on the screen? Press space bar to bring up the spotlight, which lists all drawn nodes. Click a node to highlight and zoom into it. You can also search for drawn nodes in the spotlight:
π₯ [ tweet ]
Today is Friday, which means it's #BloodHoundBasics day.
Too many nodes on the screen? Press space bar to bring up the spotlight, which lists all drawn nodes. Click a node to highlight and zoom into it. You can also search for drawn nodes in the spotlight:
π₯ [ tweet ]
π [ podalirius_, Podalirius ]
I published a tool to #bruteforce the key of @CodeIgniter's session #cookies, in order to sign arbitrary attacker-controlled cookiesπͺ
I wrote this tool for a use case encountered in #bugbounty recently, but we can find this in #pentest too.
https://t.co/7JIiYQskoG
π https://github.com/p0dalirius/CodeIgniter-session-unsign
π₯ [ tweet ]
I published a tool to #bruteforce the key of @CodeIgniter's session #cookies, in order to sign arbitrary attacker-controlled cookiesπͺ
I wrote this tool for a use case encountered in #bugbounty recently, but we can find this in #pentest too.
https://t.co/7JIiYQskoG
π https://github.com/p0dalirius/CodeIgniter-session-unsign
π₯ [ tweet ]
π [ 0gtweet, Grzegorz Tworek ]
Is #SysInternals Sysmon good for discovering the full historical process tree? Of course! Bored with manual process, I have create simple (but fully working) PowerShell script, displaying the tree in a nicely walkable form. Enjoy: https://t.co/eZFIDBT2lN
π https://github.com/gtworek/PSBits/blob/master/DFIR/GetSysmonTree.ps1
π₯ [ tweet ]
Is #SysInternals Sysmon good for discovering the full historical process tree? Of course! Bored with manual process, I have create simple (but fully working) PowerShell script, displaying the tree in a nicely walkable form. Enjoy: https://t.co/eZFIDBT2lN
π https://github.com/gtworek/PSBits/blob/master/DFIR/GetSysmonTree.ps1
π₯ [ tweet ]
π€2