π [ C5pider, 5pider ]
Open sourced the "assembly execute" and "powerpick" module/command. Have fun.
https://t.co/tn87aai7nY
π https://github.com/HavocFramework/Modules
π₯ [ tweet ]
Open sourced the "assembly execute" and "powerpick" module/command. Have fun.
https://t.co/tn87aai7nY
π https://github.com/HavocFramework/Modules
π₯ [ tweet ]
π [ mariuszbit, mgeeky | Mariusz Banach ]
Nice! LNK-ISO polyglot weaponisation idea:
1. Create LNK that copies & renames itself to ISO
2. Create LNK-ISO polyglot with @angealbertini Mitra
3. Double-click on LNK -> will pop with ISO's contents
4. Rename polyglot back to poly.lnk
Double-click & ISO pops up β¨
@domchell
π₯ [ tweet ]
Nice! LNK-ISO polyglot weaponisation idea:
1. Create LNK that copies & renames itself to ISO
2. Create LNK-ISO polyglot with @angealbertini Mitra
3. Double-click on LNK -> will pop with ISO's contents
4. Rename polyglot back to poly.lnk
Double-click & ISO pops up β¨
@domchell
π₯ [ tweet ]
π [ httpyxel, yxel ]
Single stub direct and indirect syscalling rust library for windows :)
* Single stub
* One single line for all your syscalls
* Function name hashing at compilation time
* x86_64, WOW64 and x86 native support
https://t.co/e9VW04M1bK
π https://github.com/janoglezcampos/rust_syscalls
π₯ [ tweet ]
Single stub direct and indirect syscalling rust library for windows :)
* Single stub
* One single line for all your syscalls
* Function name hashing at compilation time
* x86_64, WOW64 and x86 native support
https://t.co/e9VW04M1bK
π https://github.com/janoglezcampos/rust_syscalls
π₯ [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
π [ x86matthew, x86matthew ]
WriteProcessMemoryAPC - Write memory to a remote process using APC calls
Another alternative to WriteProcessMemory!
https://t.co/JIzWS927Uc
π https://www.x86matthew.com/view_post?id=writeprocessmemory_apc
π₯ [ tweet ]
WriteProcessMemoryAPC - Write memory to a remote process using APC calls
Another alternative to WriteProcessMemory!
https://t.co/JIzWS927Uc
π https://www.x86matthew.com/view_post?id=writeprocessmemory_apc
π₯ [ tweet ]
π [ ippsec, ippsec ]
Just uploaded my favorite way to detect Password Sprays and Kerberoasting on a budget by combining Event Log Filters, Scheduled Tasks, and CanaryTokens. The ability to create scheduled tasks that fire upon specific eventlog events is super powerful. https://t.co/ek3qh1O8Gl
π https://youtu.be/BT9pT1tAmX8
π₯ [ tweet ]
Just uploaded my favorite way to detect Password Sprays and Kerberoasting on a budget by combining Event Log Filters, Scheduled Tasks, and CanaryTokens. The ability to create scheduled tasks that fire upon specific eventlog events is super powerful. https://t.co/ek3qh1O8Gl
π https://youtu.be/BT9pT1tAmX8
π₯ [ tweet ]
π [ SkelSec, SkelSec ]
New pypykatz version 0.6.1 is out on Github and PIP. Now all
networking commands use the new interface!
One new feature added: dpapi masterkeyfile decryption with domain backupkey (.pvk)
Thanks @ProcessusT for the contribution.
https://t.co/qZRCcJBviJ
π https://github.com/skelsec/pypykatz
π₯ [ tweet ]
New pypykatz version 0.6.1 is out on Github and PIP. Now all
networking commands use the new interface!
One new feature added: dpapi masterkeyfile decryption with domain backupkey (.pvk)
Thanks @ProcessusT for the contribution.
https://t.co/qZRCcJBviJ
π https://github.com/skelsec/pypykatz
π₯ [ tweet ]
π [ aetsu, π¬ππππ ]
βGIFShellβ β Covert Attack Chain and C2 Utilizing Microsoft Teams GIFs -> https://t.co/6nx18oZmIk
π https://link.medium.com/xJDuMH0watb
π₯ [ tweet ]
βGIFShellβ β Covert Attack Chain and C2 Utilizing Microsoft Teams GIFs -> https://t.co/6nx18oZmIk
π https://link.medium.com/xJDuMH0watb
π₯ [ tweet ]
π [ splinter_code, Antonio Cocomazzi ]
We are releasing an alternative way for elevating to SYSTEM when you have SeTcbPrivilege
How?
Leveraging AcquireCredentialsHandle through an SSPI hook that allows authenticating as SYSTEM to SCM
Should be "lighter" than the classic S4U
cc @decoder_it
https://t.co/IQiMXoKIP7
π https://gist.github.com/antonioCoco/19563adef860614b56d010d92e67d178
π₯ [ tweet ]
We are releasing an alternative way for elevating to SYSTEM when you have SeTcbPrivilege
How?
Leveraging AcquireCredentialsHandle through an SSPI hook that allows authenticating as SYSTEM to SCM
Should be "lighter" than the classic S4U
cc @decoder_it
https://t.co/IQiMXoKIP7
π https://gist.github.com/antonioCoco/19563adef860614b56d010d92e67d178
π₯ [ tweet ]
π [ BlWasp_, BlackWasp ]
Just updated my ADCS cheatsheet with the new ESC9 & 10 attacks, and a refactor of the page : https://t.co/Ey8wayKWUz
Additionally, I have added these ESC to The Hacker Recipes of @_nwodtuhs with more explains on this page : https://t.co/vvbFhvLVaj
π https://hideandsec.sh/books/cheatsheets-82c/page/active-directory-certificate-services
π https://www.thehacker.recipes/ad/movement/ad-cs/certificate-templates
π₯ [ tweet ]
Just updated my ADCS cheatsheet with the new ESC9 & 10 attacks, and a refactor of the page : https://t.co/Ey8wayKWUz
Additionally, I have added these ESC to The Hacker Recipes of @_nwodtuhs with more explains on this page : https://t.co/vvbFhvLVaj
π https://hideandsec.sh/books/cheatsheets-82c/page/active-directory-certificate-services
π https://www.thehacker.recipes/ad/movement/ad-cs/certificate-templates
π₯ [ tweet ]
π [ ippsec, ippsec ]
HTB Scanned video is up! I haven't seen anything like this box. It's a Malware Sandbox Platform - Tou can exfil data by via syscalls. User requires escaping a chroot jail. This enables you to manipulate the jail and exploit a race for root by creating libs https://t.co/d2gFiC1aCt
π https://youtu.be/FoQuNsCyQz0
π₯ [ tweet ]
HTB Scanned video is up! I haven't seen anything like this box. It's a Malware Sandbox Platform - Tou can exfil data by via syscalls. User requires escaping a chroot jail. This enables you to manipulate the jail and exploit a race for root by creating libs https://t.co/d2gFiC1aCt
π https://youtu.be/FoQuNsCyQz0
π₯ [ tweet ]
π [ 0xdf_, 0xdf ]
Scanned from @hackthebox_eu was really hard. It's a clinic in Linux system exploitation where details matter, and once I learned how all of it worked, the box is a work of art. It's all about abusing a chroot jail through some slight misconfigurations.
https://t.co/NWnJKcyUoa
π https://0xdf.gitlab.io/2022/09/10/htb-scanned.html
π₯ [ tweet ]
Scanned from @hackthebox_eu was really hard. It's a clinic in Linux system exploitation where details matter, and once I learned how all of it worked, the box is a work of art. It's all about abusing a chroot jail through some slight misconfigurations.
https://t.co/NWnJKcyUoa
π https://0xdf.gitlab.io/2022/09/10/htb-scanned.html
π₯ [ tweet ]
π [ daem0nc0re, daem0nc0re ]
Added my implementation of Ghostly Hollowing and WMI execution.
The PoC for WMI process execution supports not only local machine process but also remote machine process.
It can use NTLM authentication and Kerberos authentication.
https://t.co/z49sc9DYFw
https://t.co/Dukz9j9jmU
π https://github.com/daem0nc0re/TangledWinExec/tree/main/WmiSpawn
π https://github.com/daem0nc0re/TangledWinExec/commit/7eecbc25f1a636c357373faa5639d8a3136f4403
π₯ [ tweet ]
Added my implementation of Ghostly Hollowing and WMI execution.
The PoC for WMI process execution supports not only local machine process but also remote machine process.
It can use NTLM authentication and Kerberos authentication.
https://t.co/z49sc9DYFw
https://t.co/Dukz9j9jmU
π https://github.com/daem0nc0re/TangledWinExec/tree/main/WmiSpawn
π https://github.com/daem0nc0re/TangledWinExec/commit/7eecbc25f1a636c357373faa5639d8a3136f4403
π₯ [ tweet ]