π [ M4yFly, Mayfly ]
Let's play with the ad lab, goadv2:
https://t.co/zvysxTYQlq
https://t.co/xdd4UD44TN
https://t.co/NTvxzojcAv
π https://mayfly277.github.io/posts/GOADv2-pwning_part1/
π https://mayfly277.github.io/posts/GOADv2-pwning-part2/
π https://mayfly277.github.io/posts/GOADv2-pwning-part3/
π₯ [ tweet ]
Let's play with the ad lab, goadv2:
https://t.co/zvysxTYQlq
https://t.co/xdd4UD44TN
https://t.co/NTvxzojcAv
π https://mayfly277.github.io/posts/GOADv2-pwning_part1/
π https://mayfly277.github.io/posts/GOADv2-pwning-part2/
π https://mayfly277.github.io/posts/GOADv2-pwning-part3/
π₯ [ tweet ]
π [ mpgn_x64, mpgn ]
Dumping SAM from a live Kali Linux in 2022 π½
1β£ cd Windows/System32/config
2β£ pypykatz registry --sam SAM SYSTEM
Tools like chntpw, bkhive, pwdump, samdump2 are not working on latest Windows 10 π
https://t.co/LyHlBnvcCX
π https://security.stackexchange.com/a/158174/41351
π₯ [ tweet ]
Dumping SAM from a live Kali Linux in 2022 π½
1β£ cd Windows/System32/config
2β£ pypykatz registry --sam SAM SYSTEM
Tools like chntpw, bkhive, pwdump, samdump2 are not working on latest Windows 10 π
https://t.co/LyHlBnvcCX
π https://security.stackexchange.com/a/158174/41351
π₯ [ tweet ]
π1
π [ _mohemiv, Arseniy Sharoglazov ]
𧨠Be aware, dnSpy .NET Debugger / Assembly Editor has been trojaned again!
In Google's TOP 2, there was a malicious site maintained by threat actors, who also distributed infected CPU-Z, Notepad++, MinGW, and many more.
π― Thanks to NameSilo, the domain has been deactivated!
π₯ [ tweet ]
𧨠Be aware, dnSpy .NET Debugger / Assembly Editor has been trojaned again!
In Google's TOP 2, there was a malicious site maintained by threat actors, who also distributed infected CPU-Z, Notepad++, MinGW, and many more.
π― Thanks to NameSilo, the domain has been deactivated!
π₯ [ tweet ]
π [ 0xdeaddood, leandro ]
Just merged to Impacket the [MS-TSTS] Terminal Services Terminal Server Runtime Interface Protocol implementation ππ₯
The PR also includes a new tool that allows you to run qwinsta, tasklist, taskkill, and more commands remotely!
Thanks @nopernikπ
https://t.co/uZgHTChSPe
π https://github.com/SecureAuthCorp/impacket/pull/1327
π₯ [ tweet ]
Just merged to Impacket the [MS-TSTS] Terminal Services Terminal Server Runtime Interface Protocol implementation ππ₯
The PR also includes a new tool that allows you to run qwinsta, tasklist, taskkill, and more commands remotely!
Thanks @nopernikπ
https://t.co/uZgHTChSPe
π https://github.com/SecureAuthCorp/impacket/pull/1327
π₯ [ tweet ]
π [ ippsec, ippsec ]
HackTheBox RouterSpace video is now up, the tough thing with this box was getting an Android VM up and running to test the APK File. I'm always amazed at how much trouble I have with the normal Android SDK Manager, thankful for Genymotion here. https://t.co/LQ1UP6k9F3
π https://youtu.be/bilgniEPOfs
π₯ [ tweet ]
HackTheBox RouterSpace video is now up, the tough thing with this box was getting an Android VM up and running to test the APK File. I'm always amazed at how much trouble I have with the normal Android SDK Manager, thankful for Genymotion here. https://t.co/LQ1UP6k9F3
π https://youtu.be/bilgniEPOfs
π₯ [ tweet ]
π₯1
π [ DirectoryRanger, DirectoryRanger ]
Implementing Global Injection and Hooking in Windows, by @m417z
https://t.co/ayx9cFZPdp
π https://m417z.com/Implementing-Global-Injection-and-Hooking-in-Windows/
π₯ [ tweet ]
Implementing Global Injection and Hooking in Windows, by @m417z
https://t.co/ayx9cFZPdp
π https://m417z.com/Implementing-Global-Injection-and-Hooking-in-Windows/
π₯ [ tweet ]
π [ DirectoryRanger, DirectoryRanger ]
Good series on AD sec by @Bhaskarpal__
(1) https://t.co/LT3oD9bqDU
(2) https://t.co/CCkeWe3Nuy
(3) https://t.co/B4egj79cUg
(4) https://t.co/zN0GkXlZfS
(5) https://t.co/kgKlIxla0I
π https://0xstarlight.github.io/posts/Active-Directory-Introduction/
π https://0xstarlight.github.io/posts/Offensive-PowerShell/
π https://0xstarlight.github.io/posts/Active-Directory-Local-Privilege-Escalation/
π https://0xstarlight.github.io/posts/Active-Directory-Lateral-Movement/
π https://0xstarlight.github.io/posts/Active-Directory-Domain-Persistence/
π₯ [ tweet ]
Good series on AD sec by @Bhaskarpal__
(1) https://t.co/LT3oD9bqDU
(2) https://t.co/CCkeWe3Nuy
(3) https://t.co/B4egj79cUg
(4) https://t.co/zN0GkXlZfS
(5) https://t.co/kgKlIxla0I
π https://0xstarlight.github.io/posts/Active-Directory-Introduction/
π https://0xstarlight.github.io/posts/Offensive-PowerShell/
π https://0xstarlight.github.io/posts/Active-Directory-Local-Privilege-Escalation/
π https://0xstarlight.github.io/posts/Active-Directory-Lateral-Movement/
π https://0xstarlight.github.io/posts/Active-Directory-Domain-Persistence/
π₯ [ tweet ]
π [ ghostlulz1337, ghostlulz ]
Cool blog on abusing callback functions to execute shellcode. There are so many windows APIs that can be leveraged to execute your shellcode. Really cool stuff!
https://t.co/D1WJT80ehW
#redteam #infosec
π http://ropgadget.com/posts/abusing_win_functions.html
π₯ [ tweet ]
Cool blog on abusing callback functions to execute shellcode. There are so many windows APIs that can be leveraged to execute your shellcode. Really cool stuff!
https://t.co/D1WJT80ehW
#redteam #infosec
π http://ropgadget.com/posts/abusing_win_functions.html
π₯ [ tweet ]
π [ al3x_m3rcer, m3rcer ]
Here's the official release of Chisel-Strike: A .NET XOR encrypted Cobalt Strike Aggressor implementation for chisel to utilize faster proxy and advanced socks5 capabilities.
https://t.co/1wlwABP71E
#RedTeaming #CobaltStrike #Pentesting
π https://github.com/m3rcer/Chisel-Strike
π₯ [ tweet ]
Here's the official release of Chisel-Strike: A .NET XOR encrypted Cobalt Strike Aggressor implementation for chisel to utilize faster proxy and advanced socks5 capabilities.
https://t.co/1wlwABP71E
#RedTeaming #CobaltStrike #Pentesting
π https://github.com/m3rcer/Chisel-Strike
π₯ [ tweet ]
π [ C5pider, 5pider ]
Perform HTTP/s requests using WinHTTP and optional get response.
https://t.co/HAwhep2Pyv
π https://gist.github.com/Cracked5pider/4f784ad7405eeda45a13a2b2638b85ec
π₯ [ tweet ]
Perform HTTP/s requests using WinHTTP and optional get response.
https://t.co/HAwhep2Pyv
π https://gist.github.com/Cracked5pider/4f784ad7405eeda45a13a2b2638b85ec
π₯ [ tweet ]
π [ _dirkjan, Dirk-jan ]
New blog: "Abusing forgotten permissions on computer objects in Active Directory".
The post is a dive into permissions that are set when you pre-create computer accounts the wrong way, why BloodHound missed those and how to abuse, fix, or monitor for this. https://t.co/T8WmiIoL53
π https://dirkjanm.io/abusing-forgotten-permissions-on-precreated-computer-objects-in-active-directory/
π₯ [ tweet ]
New blog: "Abusing forgotten permissions on computer objects in Active Directory".
The post is a dive into permissions that are set when you pre-create computer accounts the wrong way, why BloodHound missed those and how to abuse, fix, or monitor for this. https://t.co/T8WmiIoL53
π https://dirkjanm.io/abusing-forgotten-permissions-on-precreated-computer-objects-in-active-directory/
π₯ [ tweet ]
π [ m3g9tr0n, Spiros Fraganastasis ]
P2P Remote Desktop - Portable, No Configuration or Installation Needed https://t.co/taaggUyfC0
π https://github.com/miroslavpejic85/p2p
π₯ [ tweet ]
P2P Remote Desktop - Portable, No Configuration or Installation Needed https://t.co/taaggUyfC0
π https://github.com/miroslavpejic85/p2p
π₯ [ tweet ]
π [ m3g9tr0n, Spiros Fraganastasis ]
tokenduplicator: can also be used to access disconnected sessions, without knowing the password of the victim user https://t.co/VMeIQdwMdg
π https://github.com/magnusstubman/tokenduplicator
π₯ [ tweet ]
tokenduplicator: can also be used to access disconnected sessions, without knowing the password of the victim user https://t.co/VMeIQdwMdg
π https://github.com/magnusstubman/tokenduplicator
π₯ [ tweet ]
π [ M4yFly, Mayfly ]
GOAD pwning part4 - poison and relay
https://t.co/g4seCCWrif
π https://mayfly277.github.io/posts/GOADv2-pwning-part4/
π₯ [ tweet ]
GOAD pwning part4 - poison and relay
https://t.co/g4seCCWrif
π https://mayfly277.github.io/posts/GOADv2-pwning-part4/
π₯ [ tweet ]
π [ mikeloss, l0ss ]
Hey kids, you ever wanted to use Snaffler or Group3r via inlineExecuteAssembly or whatever, but couldn't because it used Environment.Exit() and that would kill your beacon? Well, I fixed that, so now it's not a problem any more. https://t.co/Ts8WFVojcY and https://t.co/QePyTfNcbm
π http://github.com/SnaffCon/Snaffler
π http://github.com/Group3r/Group3r
π₯ [ tweet ]
Hey kids, you ever wanted to use Snaffler or Group3r via inlineExecuteAssembly or whatever, but couldn't because it used Environment.Exit() and that would kill your beacon? Well, I fixed that, so now it's not a problem any more. https://t.co/Ts8WFVojcY and https://t.co/QePyTfNcbm
π http://github.com/SnaffCon/Snaffler
π http://github.com/Group3r/Group3r
π₯ [ tweet ]
π [ 0gtweet, Grzegorz Tworek ]
As a fan of non-obvious persistence mechanisms I had to try to collect (and categorize!) them all. It has just started, first 10 entries appeared, and more is coming each day.
I am happy to share it. Enjoy, contribute, use freely - https://t.co/PWb2ofSZjQ
π https://persistence-info.github.io/
π₯ [ tweet ]
As a fan of non-obvious persistence mechanisms I had to try to collect (and categorize!) them all. It has just started, first 10 entries appeared, and more is coming each day.
I am happy to share it. Enjoy, contribute, use freely - https://t.co/PWb2ofSZjQ
π https://persistence-info.github.io/
π₯ [ tweet ]
π [ SkelSec, SkelSec ]
YOUπDON'TπNEEDπAπREDTEAMπ
The security consultants identified that the domain controller XXX uses an outdated Apache server running as βNT/SYSTEMβ which uses the default βcgi-binβ folder to host the application logic. This folder was found to be writable by any domain user..
π₯ [ tweet ]
YOUπDON'TπNEEDπAπREDTEAMπ
The security consultants identified that the domain controller XXX uses an outdated Apache server running as βNT/SYSTEMβ which uses the default βcgi-binβ folder to host the application logic. This folder was found to be writable by any domain user..
π₯ [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
π [ podalirius_, Podalirius ]
Want to play around with @Microsoft #RPC? I'm releasing a few #tools that I use in my lab π
Today I'm releasing a tool that lists all open #SMB #pipes remotely in live mode. With this you can easily see which pipes will open when starting services. π₯³
https://t.co/PWNQFkGDag
π https://github.com/p0dalirius/microsoft-rpc-fuzzing-tools
π₯ [ tweet ]
Want to play around with @Microsoft #RPC? I'm releasing a few #tools that I use in my lab π
Today I'm releasing a tool that lists all open #SMB #pipes remotely in live mode. With this you can easily see which pipes will open when starting services. π₯³
https://t.co/PWNQFkGDag
π https://github.com/p0dalirius/microsoft-rpc-fuzzing-tools
π₯ [ tweet ]
π [ mariuszbit, mgeeky | Mariusz Banach ]
- "... and then he said to sign my malware.exe with faked Microsoft cert to evade AVs/EDRs. Would you believe?"
(οΏ£yβ½οΏ£)β Ohohoho.....
Sign-Artifact.ps1 - based on @mattifestation research & implementation shamelessly borrowed here:
https://t.co/6LAVgCrOVN
π https://github.com/mgeeky/Penetration-Testing-Tools/tree/master/red-teaming/Self-Signed%20Threat
π₯ [ tweet ]
- "... and then he said to sign my malware.exe with faked Microsoft cert to evade AVs/EDRs. Would you believe?"
(οΏ£yβ½οΏ£)β Ohohoho.....
Sign-Artifact.ps1 - based on @mattifestation research & implementation shamelessly borrowed here:
https://t.co/6LAVgCrOVN
π https://github.com/mgeeky/Penetration-Testing-Tools/tree/master/red-teaming/Self-Signed%20Threat
π₯ [ tweet ]