π [ subtee, Casey Smith ]
Quick/easy alert if someone runs..
adfind.exe
qwinsta.exe
nltest.exe
tasklist.exe
seatbelt.exe
procdump64.exe
or _other_ odd, rare commands?
Give this a try?
β€οΈfeedback, ways to improve.
It's not perfect, we know.
Help us improve/refine it.
https://t.co/tJ3buUL49E
π https://github.com/thinkst/canarytokens
π₯ [ tweet ]
Quick/easy alert if someone runs..
adfind.exe
qwinsta.exe
nltest.exe
tasklist.exe
seatbelt.exe
procdump64.exe
or _other_ odd, rare commands?
Give this a try?
β€οΈfeedback, ways to improve.
It's not perfect, we know.
Help us improve/refine it.
https://t.co/tJ3buUL49E
π https://github.com/thinkst/canarytokens
π₯ [ tweet ]
π [ awakecoding, Marc-AndrΓ© Moreau ]
Get-RdpLogonEvent: extract the list of recent RDP logons from the event viewer and become a magician π§ββοΈ that can answer impossible questions like "is it really using Kerberos (nope), or did it downgrade to NTLM (again)"? π https://t.co/1TKpLfZB5w
π https://gist.github.com/awakecoding/5fda938a5fd2d29ebffb31eb023fe51c
π₯ [ tweet ]
Get-RdpLogonEvent: extract the list of recent RDP logons from the event viewer and become a magician π§ββοΈ that can answer impossible questions like "is it really using Kerberos (nope), or did it downgrade to NTLM (again)"? π https://t.co/1TKpLfZB5w
π https://gist.github.com/awakecoding/5fda938a5fd2d29ebffb31eb023fe51c
π₯ [ tweet ]
π [ ShitSecure, S3cur3Th1sSh1t ]
Still so much stuff to learn. Can really recommend going through the posts of @EmericNasi when some free timeslot is available π₯
https://t.co/XeJ7MoxxPj
π https://blog.sevagas.com/
π₯ [ tweet ]
Still so much stuff to learn. Can really recommend going through the posts of @EmericNasi when some free timeslot is available π₯
https://t.co/XeJ7MoxxPj
π https://blog.sevagas.com/
π₯ [ tweet ]
π [ HuskyHacksMK, Matt | HuskyHacks ]
ππ Landed!
Happy to announce my PR for Nim shellcode generation support has been merged into the Metasploit Framework/MSFVenom!
huge thank you to @gray_sec whose PR for Go shellcode support lit the path. and thank you to the @rapid7 team for their help with the process!
πβ
π₯ [ tweet ]
ππ Landed!
Happy to announce my PR for Nim shellcode generation support has been merged into the Metasploit Framework/MSFVenom!
huge thank you to @gray_sec whose PR for Go shellcode support lit the path. and thank you to the @rapid7 team for their help with the process!
πβ
π₯ [ tweet ]
π [ C5pider, 5pider ]
Open sourced the "assembly execute" and "powerpick" module/command. Have fun.
https://t.co/tn87aai7nY
π https://github.com/HavocFramework/Modules
π₯ [ tweet ]
Open sourced the "assembly execute" and "powerpick" module/command. Have fun.
https://t.co/tn87aai7nY
π https://github.com/HavocFramework/Modules
π₯ [ tweet ]
π [ mariuszbit, mgeeky | Mariusz Banach ]
Nice! LNK-ISO polyglot weaponisation idea:
1. Create LNK that copies & renames itself to ISO
2. Create LNK-ISO polyglot with @angealbertini Mitra
3. Double-click on LNK -> will pop with ISO's contents
4. Rename polyglot back to poly.lnk
Double-click & ISO pops up β¨
@domchell
π₯ [ tweet ]
Nice! LNK-ISO polyglot weaponisation idea:
1. Create LNK that copies & renames itself to ISO
2. Create LNK-ISO polyglot with @angealbertini Mitra
3. Double-click on LNK -> will pop with ISO's contents
4. Rename polyglot back to poly.lnk
Double-click & ISO pops up β¨
@domchell
π₯ [ tweet ]
π [ httpyxel, yxel ]
Single stub direct and indirect syscalling rust library for windows :)
* Single stub
* One single line for all your syscalls
* Function name hashing at compilation time
* x86_64, WOW64 and x86 native support
https://t.co/e9VW04M1bK
π https://github.com/janoglezcampos/rust_syscalls
π₯ [ tweet ]
Single stub direct and indirect syscalling rust library for windows :)
* Single stub
* One single line for all your syscalls
* Function name hashing at compilation time
* x86_64, WOW64 and x86 native support
https://t.co/e9VW04M1bK
π https://github.com/janoglezcampos/rust_syscalls
π₯ [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
π [ x86matthew, x86matthew ]
WriteProcessMemoryAPC - Write memory to a remote process using APC calls
Another alternative to WriteProcessMemory!
https://t.co/JIzWS927Uc
π https://www.x86matthew.com/view_post?id=writeprocessmemory_apc
π₯ [ tweet ]
WriteProcessMemoryAPC - Write memory to a remote process using APC calls
Another alternative to WriteProcessMemory!
https://t.co/JIzWS927Uc
π https://www.x86matthew.com/view_post?id=writeprocessmemory_apc
π₯ [ tweet ]
π [ ippsec, ippsec ]
Just uploaded my favorite way to detect Password Sprays and Kerberoasting on a budget by combining Event Log Filters, Scheduled Tasks, and CanaryTokens. The ability to create scheduled tasks that fire upon specific eventlog events is super powerful. https://t.co/ek3qh1O8Gl
π https://youtu.be/BT9pT1tAmX8
π₯ [ tweet ]
Just uploaded my favorite way to detect Password Sprays and Kerberoasting on a budget by combining Event Log Filters, Scheduled Tasks, and CanaryTokens. The ability to create scheduled tasks that fire upon specific eventlog events is super powerful. https://t.co/ek3qh1O8Gl
π https://youtu.be/BT9pT1tAmX8
π₯ [ tweet ]
π [ SkelSec, SkelSec ]
New pypykatz version 0.6.1 is out on Github and PIP. Now all
networking commands use the new interface!
One new feature added: dpapi masterkeyfile decryption with domain backupkey (.pvk)
Thanks @ProcessusT for the contribution.
https://t.co/qZRCcJBviJ
π https://github.com/skelsec/pypykatz
π₯ [ tweet ]
New pypykatz version 0.6.1 is out on Github and PIP. Now all
networking commands use the new interface!
One new feature added: dpapi masterkeyfile decryption with domain backupkey (.pvk)
Thanks @ProcessusT for the contribution.
https://t.co/qZRCcJBviJ
π https://github.com/skelsec/pypykatz
π₯ [ tweet ]
π [ aetsu, π¬ππππ ]
βGIFShellβ β Covert Attack Chain and C2 Utilizing Microsoft Teams GIFs -> https://t.co/6nx18oZmIk
π https://link.medium.com/xJDuMH0watb
π₯ [ tweet ]
βGIFShellβ β Covert Attack Chain and C2 Utilizing Microsoft Teams GIFs -> https://t.co/6nx18oZmIk
π https://link.medium.com/xJDuMH0watb
π₯ [ tweet ]
π [ splinter_code, Antonio Cocomazzi ]
We are releasing an alternative way for elevating to SYSTEM when you have SeTcbPrivilege
How?
Leveraging AcquireCredentialsHandle through an SSPI hook that allows authenticating as SYSTEM to SCM
Should be "lighter" than the classic S4U
cc @decoder_it
https://t.co/IQiMXoKIP7
π https://gist.github.com/antonioCoco/19563adef860614b56d010d92e67d178
π₯ [ tweet ]
We are releasing an alternative way for elevating to SYSTEM when you have SeTcbPrivilege
How?
Leveraging AcquireCredentialsHandle through an SSPI hook that allows authenticating as SYSTEM to SCM
Should be "lighter" than the classic S4U
cc @decoder_it
https://t.co/IQiMXoKIP7
π https://gist.github.com/antonioCoco/19563adef860614b56d010d92e67d178
π₯ [ tweet ]
π [ BlWasp_, BlackWasp ]
Just updated my ADCS cheatsheet with the new ESC9 & 10 attacks, and a refactor of the page : https://t.co/Ey8wayKWUz
Additionally, I have added these ESC to The Hacker Recipes of @_nwodtuhs with more explains on this page : https://t.co/vvbFhvLVaj
π https://hideandsec.sh/books/cheatsheets-82c/page/active-directory-certificate-services
π https://www.thehacker.recipes/ad/movement/ad-cs/certificate-templates
π₯ [ tweet ]
Just updated my ADCS cheatsheet with the new ESC9 & 10 attacks, and a refactor of the page : https://t.co/Ey8wayKWUz
Additionally, I have added these ESC to The Hacker Recipes of @_nwodtuhs with more explains on this page : https://t.co/vvbFhvLVaj
π https://hideandsec.sh/books/cheatsheets-82c/page/active-directory-certificate-services
π https://www.thehacker.recipes/ad/movement/ad-cs/certificate-templates
π₯ [ tweet ]