😈 [ pdiscoveryio, ProjectDiscovery.io ]

The Ultimate Guide to Finding Bugs With Nuclei by @v3natoris

https://t.co/2GY3QZlTft

#hackwithautomation #cybersecurity #infosec #bugbounty

🔗 https://blog.projectdiscovery.io/ultimate-nuclei-guide/

🐥 [ tweet ]

😈 [ CaptMeelo, Meelo ]

I made some experiments over the past few days and I wanted share what I learned/observed.
#redteam #maldev #infosec
https://t.co/l1ANZbf6fg

🔗 https://captmeelo.com/redteam/maldev/2022/11/07/cloning-signing.html

🐥 [ tweet ]

😈 [ Ben0xA, Ben Ten (0xA) ]

Releasing a new tool: Orpheus! Bypasses most Kerberoast Detections (including my own). Blog post and video is up at @TrustedSec! Even used @HackingDave's old alias in the demo. https://t.co/qhP8r28s4K #infosec #security #kerberoast

🔗 https://trustedsec.com/blog/the-art-of-bypassing-kerberoast-detections-with-orpheus/

🐥 [ tweet ]

😈 [ Idov31, Ido Veltzman ]

I'm happy to release Venom - A C++ single header file for evasive network communication which using a stolen browser's socket to perform all of its network activities and by that can make it hard to trace it back to the process.

https://t.co/AVxQbNru3Z

#infosec #CyberSecurity

🔗 https://github.com/Idov31/Venom

🐥 [ tweet ]

😈 [ 0x0SojalSec, Md Ismail Šojal ]

Nuclei Automation.⚔️

https://t.co/CDes83cCD0

Full Nuclei automation script with logic explanation

#bugbountytips #infosec #nuclei #automation

🔗 https://github.com/iamthefrogy/nerdbug

🐥 [ tweet ]

😈 [ hetmehtaa, Het Mehta ]

Firefox Add-ons For Penetration Testers 🦊

#Infosec #Firefox #Bugbounty #TheSecureEdge

🐥 [ tweet ]

😈 [ 0x0SojalSec, Md Ismail Šojal ]

just scan for subdomain without downloding the tools:

curl -s -L https://github.com/cihanmehmet/sub.sh/raw/master/sub.sh | bash -s webscantest.com

#infosec #bugbounty #cybersec

🐥 [ tweet ]

😈 [ kleiton0x7e, Kleiton Kurti ]

Created a blogpost & a PoC for a custom Sleep Mask Kit that obfuscates data within a beacon's stack, prior to custom sleeping, by leveraging CPU cycles.
A great approach against memory investigation.

🗒️Blog: https://t.co/sop7XnF5tc

#cybersecurity #redteam #infosec

🔗 https://whiteknightlabs.com/2023/05/02/masking-the-implant-with-stack-encryption/

🐥 [ tweet ]

😈 [ kleiton0x7e, Kleiton Kurti ]

We took a Cobalt Strike profile, modified it, and bypassed Crowdstrike & Sophos without encrypting the shellcode. Also bypassed all published YARA rules, sleep detections, and string detections around a CS beacon.

Blog: https://t.co/m7FNOwV6Nx

#CyberSecurity #redteam #infosec

🔗 https://whiteknightlabs.com/2023/05/23/unleashing-the-unseen-harnessing-the-power-of-cobalt-strike-profiles-for-edr-evasion/

🐥 [ tweet ]

😈 [ DarkCoderSc, Jean-Pierre LESUEUR ]

🛸👽 Interested in C2 over FTP(S)? Explore my new project, SharpFtpC2, which enables execution of shell commands on remote systems via FTP(S). Currently in beta and lacking encryption, but it's on the way: https://t.co/9Dkf19MhJL

#InfoSec #Malware #Network #Evasion #FTP

🔗 https://github.com/DarkCoderSc/SharpFtpC2

🐥 [ tweet ]

😈 [ R0h1rr1m, Furkan Göksel ]

I developed a Fileless Lateral Movement tool called NimExec. It changes service configuration to execute the payload via manually crafted RPC packets. It's the improved version of @JulioUrena 's SharpNoPSExec with Pass the Hash support. Enjoy!

#infosec
https://t.co/G6xeyHVmnf

🔗 https://github.com/frkngksl/NimExec

🐥 [ tweet ]

😈 [ kleiton0x7e, Kleiton Kurti ]

Came up with an improved version of WMIExec. By leveraging the Win32_ScheduledJob class, we can remotely create scheduled jobs. This way it's not required anymore to rely on port 139 and 445.

Github:

#CyberSecurity #redteam #infosec #infosecurity

🔗 https://github.com/WKL-Sec/wmiexec/

🐥 [ tweet ]

😈 [ r1cksec, r1cksec ]

New cheatsheets pushed 🕵️‍♂️

🔗 https://github.com/r1cksec/cheatsheets

Including:

A well written blog post on how to read and parse LSASS memory dumps with PowerShell 🔍

#infosec #cybersecurity #pentesting #redteam #lsass #windows

🔗 https://powerseb.github.io/posts/LSASS-parsing-without-a-cat

🐥 [ tweet ]

😈 [ bishopfox, Bishop Fox ]

We just published a detailed analysis of #CVE-2023-3519, which we previously wrote about. Today, we’re going even further into how this #RCE vulnerability can be exploited.

Our team created a #python script for generating shellcode given the fixup address and callback URL by calling nasm from Python. The final #exploit with addresses for VPX version 13.1-48.47 is available on our #GitHub.

🔗 bfx.social/3YjMxpz

#infosec #Citrix

🐥 [ tweet ]

😈 [ Idov31, Ido Veltzman ]

Part 5 of Lord Of The Ring0 is out!

On this part, I explained how APC and thread injection made from the kernel to a user mode process, IRP & SSDT hook, why they don't work anymore (and their alternatives)

#infosec #CyberSecurity

🔗 https://idov31.github.io/2023/07/19/lord-of-the-ring0-p5.html

🐥 [ tweet ]

😈 [ Kleiton Kurti @kleiton0x7e ]

Spent some time reversing undocumented Syscalls residing in Kernel32/Ntdll and created a PoC for proxying DLL loads. This leads to a clean call stack as the return address pointing to shellcode won't be pushed to stack.

#CyberSecurity #redteam #infosec

🔗 https://github.com/kleiton0x00/Proxy-DLL-Loads

🐥 [ tweet ]

😈 [ WHOAMI @wh0amitz ]

To audit the security of read-only domain controllers, I created the SharpRODC project, a simple .NET tool for RODC-related misconfigurations.

🔗 https://github.com/wh0amitz/SharpRODC

#infosec #redteam #cybersecurity #pentesting

🐥 [ tweet ]

😈 [ Shashwat Shah 🇮🇳 @0xEr3bus ]

Just crafted a beacon object file for the 8th variant of the powerful process injection technique by @_0xDeku. An exciting journey into the Windows Thread Pool!
#cybersecurity #redteam #infosec #cobaltstrike

🔗 https://github.com/0xEr3bus/PoolPartyBof

🐥 [ tweet ]

😈 [ Ido Veltzman @Idov31 ]

There was no update for a while and the reason being a massive bug fixes, feature checking and a new feature (fun fact: it is the 23th feature!).
Now, you can use Nidhogg to dump credentials from LSASS!
Go check it out:

🔗 https://github.com/Idov31/Nidhogg/tree/dev

#infosec #CyberSecurity

🐥 [ tweet ]