😈 [ 404death, sailay(valen) ]
I just recently found out the way
XSS <a> tag without user action
<a/autofocus/onfocus=alert(0) href>valen</a>
<a/href="#"/autofocus/onfocus=alert`valen`>you don't need user action on a tag</a>
Tested on:
https://t.co/RkGdfpNWli
https://t.co/bPvMeBlba1
🔗 https://xss-game.appspot.com/level1/frame
🔗 http://testphp.vulnweb.com/search.php?test=query
🐥 [ tweet ]
I just recently found out the way
XSS <a> tag without user action
<a/autofocus/onfocus=alert(0) href>valen</a>
<a/href="#"/autofocus/onfocus=alert`valen`>you don't need user action on a tag</a>
Tested on:
https://t.co/RkGdfpNWli
https://t.co/bPvMeBlba1
🔗 https://xss-game.appspot.com/level1/frame
🔗 http://testphp.vulnweb.com/search.php?test=query
🐥 [ tweet ]
😈 [ tiraniddo, James Forshaw ]
Final LSA bug from last month is now open. An interesting one which breaks common assumptions of impersonation security over the LSA's RPC interface. Me and @monoxgas will describe a way of abusing the bug at BH next month to get SYSTEM privileges. https://t.co/v523Q1EXLD
🔗 https://bugs.chromium.org/p/project-zero/issues/detail?id=2278
🐥 [ tweet ]
Final LSA bug from last month is now open. An interesting one which breaks common assumptions of impersonation security over the LSA's RPC interface. Me and @monoxgas will describe a way of abusing the bug at BH next month to get SYSTEM privileges. https://t.co/v523Q1EXLD
🔗 https://bugs.chromium.org/p/project-zero/issues/detail?id=2278
🐥 [ tweet ]
😈 [ aniqfakhrul, Aniq Fakhrul ]
Our version of PywerView is now publicly available. Python version or PowerView, remotely interacts with ldap server. Also included with mini interactive console with auto completion. Yeet! @h0j3n @imnirfn
https://t.co/c0cdk2fGPr
🔗 https://github.com/aniqfakhrul/PywerView
🐥 [ tweet ]
Our version of PywerView is now publicly available. Python version or PowerView, remotely interacts with ldap server. Also included with mini interactive console with auto completion. Yeet! @h0j3n @imnirfn
https://t.co/c0cdk2fGPr
🔗 https://github.com/aniqfakhrul/PywerView
🐥 [ tweet ]
😈 [ eric_capuano, Eric Capuano ⬡ ]
Interesting API details on how a process is launched in Windows
Specifically dig the part on Protected Processes
https://t.co/V5lWrEqKaT
🔗 https://fourcore.io/blogs/how-a-windows-process-is-created-part-1
🐥 [ tweet ]
Interesting API details on how a process is launched in Windows
Specifically dig the part on Protected Processes
https://t.co/V5lWrEqKaT
🔗 https://fourcore.io/blogs/how-a-windows-process-is-created-part-1
🐥 [ tweet ]
😈 [ aniqfakhrul, Aniq Fakhrul ]
TIL: If ldap/ldaps ports are blocked by firewall but gc port (3268) is accessible. In my case, kerberoasting with impacket can't be achieved. Simply switch ldap:// protocol to gc:// in impacket and win!
🐥 [ tweet ]
TIL: If ldap/ldaps ports are blocked by firewall but gc port (3268) is accessible. In my case, kerberoasting with impacket can't be achieved. Simply switch ldap:// protocol to gc:// in impacket and win!
🐥 [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ citronneur, Sylvain Peyrefitte ]
Disable SSL certificate verification using #eBPF :
https://t.co/UBsT4TU43H
🔗 https://github.com/citronneur/blindssl
🐥 [ tweet ]
Disable SSL certificate verification using #eBPF :
https://t.co/UBsT4TU43H
🔗 https://github.com/citronneur/blindssl
🐥 [ tweet ]
😈 [ 0xdf_, 0xdf ]
Acute from @hackthebox_eu was just a hard pure Windows box. I'll pivot between two hosts largely relying on credentials and enumeration to get domain admin.
https://t.co/p0Fhgak2dI
🔗 https://0xdf.gitlab.io/2022/07/16/htb-acute.html
🐥 [ tweet ]
Acute from @hackthebox_eu was just a hard pure Windows box. I'll pivot between two hosts largely relying on credentials and enumeration to get domain admin.
https://t.co/p0Fhgak2dI
🔗 https://0xdf.gitlab.io/2022/07/16/htb-acute.html
🐥 [ tweet ]
😈 [ ippsec, ippsec ]
#HackTheBox Acute video is now up! This was a tough Windows box with all the pivots between users. I decided to try out ConPtyShell to get a full PTY on Windows, had to do some light modifications to bypass Defender. https://t.co/hey5QSjGDr
🔗 https://youtu.be/jDYte7xNY1g
🐥 [ tweet ]
#HackTheBox Acute video is now up! This was a tough Windows box with all the pivots between users. I decided to try out ConPtyShell to get a full PTY on Windows, had to do some light modifications to bypass Defender. https://t.co/hey5QSjGDr
🔗 https://youtu.be/jDYte7xNY1g
🐥 [ tweet ]
😈 [ HuskyHacksMK, Matt | HuskyHacks ]
📝New note is up on https://t.co/DIZF98zvlm
Threat emulation for Windows Installer (MSI) -> DLL malware. Learn how to make a malicious MSI like all the cool kids!
https://t.co/6vWFQckIWE
🔗 http://notes.huskyhacks.dev
🔗 https://notes.huskyhacks.dev/notes/ms-interloper-on-the-subject-of-malicious-msis
🐥 [ tweet ]
📝New note is up on https://t.co/DIZF98zvlm
Threat emulation for Windows Installer (MSI) -> DLL malware. Learn how to make a malicious MSI like all the cool kids!
https://t.co/6vWFQckIWE
🔗 http://notes.huskyhacks.dev
🔗 https://notes.huskyhacks.dev/notes/ms-interloper-on-the-subject-of-malicious-msis
🐥 [ tweet ]
😈 [ an0n_r0, an0n ]
may be obsolete, because impacket has already included this in its examples, but added Kerberos auth support for writing msDS-AllowedToActOnBehalfOfOtherIdentity property. https://t.co/UGjU3Rt357
🔗 https://github.com/tothi/rbcd-attack
🐥 [ tweet ]
may be obsolete, because impacket has already included this in its examples, but added Kerberos auth support for writing msDS-AllowedToActOnBehalfOfOtherIdentity property. https://t.co/UGjU3Rt357
🔗 https://github.com/tothi/rbcd-attack
🐥 [ tweet ]
😈 [ campuscodi, Catalin Cimpanu ]
Pretender, a cross-platform tool to obtain a machine-in-the-middle position inside Windows networks
Blog: https://t.co/RS2REMMeA1
GitHub: https://t.co/GCXEgBsOPF
🔗 https://blog.redteam-pentesting.de/2022/introducing-pretender/
🔗 https://github.com/RedTeamPentesting/pretender
🐥 [ tweet ]
Pretender, a cross-platform tool to obtain a machine-in-the-middle position inside Windows networks
Blog: https://t.co/RS2REMMeA1
GitHub: https://t.co/GCXEgBsOPF
🔗 https://blog.redteam-pentesting.de/2022/introducing-pretender/
🔗 https://github.com/RedTeamPentesting/pretender
🐥 [ tweet ]
😈 [ LittleJoeTables, Moloch ]
For anyone that wants wants to follow along with the Sliver GUI development I've open sourced what I've completed so far. However, it's not a priority and no timeline on feature-complete: https://t.co/YcKmTL0nRi
PRs welcome :)
🔗 https://github.com/BishopFox/sliver-gui
🐥 [ tweet ]
For anyone that wants wants to follow along with the Sliver GUI development I've open sourced what I've completed so far. However, it's not a priority and no timeline on feature-complete: https://t.co/YcKmTL0nRi
PRs welcome :)
🔗 https://github.com/BishopFox/sliver-gui
🐥 [ tweet ]
😈 [ tiraniddo, James Forshaw ]
I recommended to @_dirkjan to try my NtObjectManager PS module to do an AD access check, but of course I provided no guidance. Therefore, here's a quick blog post with an overview of the checking process and how to use the Get-AccessibleDsObject command. https://t.co/ZOoJe6DHAS
🔗 https://www.tiraniddo.dev/2022/07/access-checking-active-directory.html
🐥 [ tweet ]
I recommended to @_dirkjan to try my NtObjectManager PS module to do an AD access check, but of course I provided no guidance. Therefore, here's a quick blog post with an overview of the checking process and how to use the Get-AccessibleDsObject command. https://t.co/ZOoJe6DHAS
🔗 https://www.tiraniddo.dev/2022/07/access-checking-active-directory.html
🐥 [ tweet ]
😈 [ 0gtweet, Grzegorz Tworek ]
Didn't described it precisely so far:
If you put 'mpnotify' value into the HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, your exe will be launched by winlogon.exe when user logs on. After 30s the process will be terminated.
https://t.co/36luTJ3vqB
🔗 https://persistence-info.github.io/Data/mpnotify.html
🐥 [ tweet ]
Didn't described it precisely so far:
If you put 'mpnotify' value into the HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, your exe will be launched by winlogon.exe when user logs on. After 30s the process will be terminated.
https://t.co/36luTJ3vqB
🔗 https://persistence-info.github.io/Data/mpnotify.html
🐥 [ tweet ]
😈 [ m3g9tr0n, Spiros Fraganastasis ]
Malware Mutation Using Reinforcement Learning and Generative Adversarial Networks https://t.co/WxPdaOEkhj
🔗 https://github.com/CyberForce/Pesidious
🐥 [ tweet ]
Malware Mutation Using Reinforcement Learning and Generative Adversarial Networks https://t.co/WxPdaOEkhj
🔗 https://github.com/CyberForce/Pesidious
🐥 [ tweet ]
👹 [ snovvcrash, sn🥶vvcr💥sh ]
[#Tooling ⚔️] Inspired by @s4ntiago_p and NanoDump I’ve fully switched to API Hashing for Windows API and syscalls resolution in DInjector. A quick re-hashing can be performed before compilation with a Python script.
🐥 [ tweet ]
[#Tooling ⚔️] Inspired by @s4ntiago_p and NanoDump I’ve fully switched to API Hashing for Windows API and syscalls resolution in DInjector. A quick re-hashing can be performed before compilation with a Python script.
🐥 [ tweet ]