π [ netero_1010, Chris Au ]
Having some fun to re-implement indirect syscall in C#.
https://t.co/7E0Ebk0Uub
π https://www.netero1010-securitylab.com/evasion/indirect-syscall-in-csharp
π₯ [ tweet ]
Having some fun to re-implement indirect syscall in C#.
https://t.co/7E0Ebk0Uub
π https://www.netero1010-securitylab.com/evasion/indirect-syscall-in-csharp
π₯ [ tweet ]
π [ TrimarcSecurity, Trimarc ]
If you happened to miss our webinar back in June on 10 Ways to Secure AD Quickly, @JimSycurity wrote you a whitepaper on how to do the very things we talked about. He's a champion.
It's available for download right now:
https://t.co/3wPehRbWP5
π https://www.hub.trimarcsecurity.com/post/ten-ways-to-improve-ad-security-quickly
π₯ [ tweet ]
If you happened to miss our webinar back in June on 10 Ways to Secure AD Quickly, @JimSycurity wrote you a whitepaper on how to do the very things we talked about. He's a champion.
It's available for download right now:
https://t.co/3wPehRbWP5
π https://www.hub.trimarcsecurity.com/post/ten-ways-to-improve-ad-security-quickly
π₯ [ tweet ]
Offensive Xwitter
π [ TrimarcSecurity, Trimarc ] If you happened to miss our webinar back in June on 10 Ways to Secure AD Quickly, @JimSycurity wrote you a whitepaper on how to do the very things we talked about. He's a champion. It's available for download right now: hβ¦
Improving AD Security Quickly Whitepaper.pdf
2.8 MB
This media is not supported in your browser
VIEW IN TELEGRAM
π [ gentilkiwi, π₯ Benjamin Delpy ]
Always fabulous to see editors low the Windows Security level
When Citrix SSO is enabled... passwords are stored in *user processes* (in addition to system ones)
Ho yeah, *even if you have Credential Guard*
Yeah, that's what Citrix is calling "SSO"
> Will be in #mimikatz 3 π₯
π₯ [ tweet ]
Always fabulous to see editors low the Windows Security level
When Citrix SSO is enabled... passwords are stored in *user processes* (in addition to system ones)
Ho yeah, *even if you have Credential Guard*
Yeah, that's what Citrix is calling "SSO"
> Will be in #mimikatz 3 π₯
π₯ [ tweet ]
π [ TrustedSec, TrustedSec ]
Does crack[.]sh being offline got you down? π Don't worry, you have options.
Find out how @n00py1 uses two different techniques to exploit systems that allow for the NTLMv1 authentication protocol.
https://t.co/eMqdnbZHLP
π https://hubs.la/Q01mpY-j0
π₯ [ tweet ]
Does crack[.]sh being offline got you down? π Don't worry, you have options.
Find out how @n00py1 uses two different techniques to exploit systems that allow for the NTLMv1 authentication protocol.
https://t.co/eMqdnbZHLP
π https://hubs.la/Q01mpY-j0
π₯ [ tweet ]
π [ SkelSec, SkelSec ]
Python. Asyncio. SSH. Client. (library)
Don't use it if you need security, use it when you want to test security :)
Public, MIT license.
As usual, thank you for all supporters of @porchetta_ind
https://t.co/hc6izOo6Xd
π https://github.com/skelsec/amurex
π₯ [ tweet ]
Python. Asyncio. SSH. Client. (library)
Don't use it if you need security, use it when you want to test security :)
Public, MIT license.
As usual, thank you for all supporters of @porchetta_ind
https://t.co/hc6izOo6Xd
π https://github.com/skelsec/amurex
π₯ [ tweet ]
πΉ [ snovvcrash, snπ₯Άvvcrπ₯sh ]
Being on a vacation I couldnβt resist from playing with a slightly modified example of internal credential phishing by @zux0x3a (which is not as complex as the CredentialPhisher from @foxit). Below is a quick demo of invoking a credential dialog with CME, DInjector and donut π©
π https://github.com/0xsp-SRD/0xsp.com/tree/main/creds_hunt
π₯ [ tweet ]
Being on a vacation I couldnβt resist from playing with a slightly modified example of internal credential phishing by @zux0x3a (which is not as complex as the CredentialPhisher from @foxit). Below is a quick demo of invoking a credential dialog with CME, DInjector and donut π©
π https://github.com/0xsp-SRD/0xsp.com/tree/main/creds_hunt
π₯ [ tweet ]
π [ 0xdf_, 0xdf ]
Streamio retires from @hackthebox_eu. A Windows box with MSSQL injection in a PHP site, local and remote file includes, and LAPS.
https://t.co/dE4dFy3n9F
π https://0xdf.gitlab.io/2022/09/17/htb-streamio.html
π₯ [ tweet ]
Streamio retires from @hackthebox_eu. A Windows box with MSSQL injection in a PHP site, local and remote file includes, and LAPS.
https://t.co/dE4dFy3n9F
π https://0xdf.gitlab.io/2022/09/17/htb-streamio.html
π₯ [ tweet ]
π [ ippsec, ippsec ]
#HackTheBox StreamIO video is live, this box has an excellent primer on manually enumerating MSSQL Databases after a successful inject. Thereβs a lot more to the box than that like active director and LAPS.
https://t.co/of1Puv1EBR
π https://youtu.be/qKcUKlwoGw8
π₯ [ tweet ]
#HackTheBox StreamIO video is live, this box has an excellent primer on manually enumerating MSSQL Databases after a successful inject. Thereβs a lot more to the box than that like active director and LAPS.
https://t.co/of1Puv1EBR
π https://youtu.be/qKcUKlwoGw8
π₯ [ tweet ]
π€―1
π [ theluemmel, S4U2LuemmelSec ]
Not sure if ADCS ESC 3 is abusable, because Certify and Certipy only give info on the 1st prerequisit "Certificate Request Agent"?
Use ldapfilter
(&(objectclass=pkicertificatetemplate)(msPKI-RA-Application-Policies=1.3.6.1.4.1.311.20.2.1)(pkiextendedkeyusage=1.3.6.1.5.5.7.3.2))'
π₯ [ tweet ]
Not sure if ADCS ESC 3 is abusable, because Certify and Certipy only give info on the 1st prerequisit "Certificate Request Agent"?
Use ldapfilter
(&(objectclass=pkicertificatetemplate)(msPKI-RA-Application-Policies=1.3.6.1.4.1.311.20.2.1)(pkiextendedkeyusage=1.3.6.1.5.5.7.3.2))'
π₯ [ tweet ]
π [ doc_guard, DOCGuard - Detect Maldocs in Seconds! ]
Strange PPT maldoc with low detection rates since 2022-02-02.
MD5: c0060c0741833af67121390922c44f91
PPT file>wscript.exe>powershell.exe>rundll32.exe
[+]Exec wscript when user moves mouse
[+]Wscript exec powershell
[+]PS download the XORed DLL.
[+]Exec it using rundll32.exe
π₯ [ tweet ]
Strange PPT maldoc with low detection rates since 2022-02-02.
MD5: c0060c0741833af67121390922c44f91
PPT file>wscript.exe>powershell.exe>rundll32.exe
[+]Exec wscript when user moves mouse
[+]Wscript exec powershell
[+]PS download the XORed DLL.
[+]Exec it using rundll32.exe
π₯ [ tweet ]
π₯3
π [ lkarlslund, Lars Karlslund ]
Stuck on a network with no credentials? No worry, you can anonymously bruteforce Active Directory controllers for usernames over LDAP Pings (cLDAP) using my new tool - with parallelization I get 10K usernames/sec
https://t.co/ETeKR4OVFP
π https://github.com/lkarlslund/ldapnomnom
π₯ [ tweet ]
Stuck on a network with no credentials? No worry, you can anonymously bruteforce Active Directory controllers for usernames over LDAP Pings (cLDAP) using my new tool - with parallelization I get 10K usernames/sec
https://t.co/ETeKR4OVFP
π https://github.com/lkarlslund/ldapnomnom
π₯ [ tweet ]
π₯1
π [ splinter_code, Antonio Cocomazzi ]
After more than 2 years, RunasCs got a big update! π₯³
Biggest changes:
- NetworkCleartext (8) default logon type
- UAC bypass (when admin pass is known)
Enjoy :D
https://t.co/WgAH4qpbZ6
π https://github.com/antonioCoco/RunasCs/releases/tag/v1.4
π₯ [ tweet ]
After more than 2 years, RunasCs got a big update! π₯³
Biggest changes:
- NetworkCleartext (8) default logon type
- UAC bypass (when admin pass is known)
Enjoy :D
https://t.co/WgAH4qpbZ6
π https://github.com/antonioCoco/RunasCs/releases/tag/v1.4
π₯ [ tweet ]
π [ mrd0x, mr.d0x ]
Stealing Access Tokens From Office Desktop Applications
https://t.co/12bMrugfe9
π https://mrd0x.com/stealing-tokens-from-office-applications/
π₯ [ tweet ]
Stealing Access Tokens From Office Desktop Applications
https://t.co/12bMrugfe9
π https://mrd0x.com/stealing-tokens-from-office-applications/
π₯ [ tweet ]
π [ cube0x0, Cube0x0 ]
A new blog post about relaying YubiKeys is up and tools have been uploaded to GitHub!
This would not have been possible without the previous work of @_EthicalChaos_ so big thanks to him
https://t.co/zfEV7RUAV5
π https://cube0x0.github.io/Relaying-YubiKeys/
π₯ [ tweet ]
A new blog post about relaying YubiKeys is up and tools have been uploaded to GitHub!
This would not have been possible without the previous work of @_EthicalChaos_ so big thanks to him
https://t.co/zfEV7RUAV5
π https://cube0x0.github.io/Relaying-YubiKeys/
π₯ [ tweet ]
π [ an0n_r0, an0n ]
Here is why NetNTLMv1 should be disabled in prod networks ASAP. Besides cracking the hash back to NTLM (and then forging Silver Tickets) is straightforward, there is also a lesser known but immediate relay attack path by removing the MIC and doing RBCD abuse. Demo in screenshots.
π₯ [ tweet ]
Here is why NetNTLMv1 should be disabled in prod networks ASAP. Besides cracking the hash back to NTLM (and then forging Silver Tickets) is straightforward, there is also a lesser known but immediate relay attack path by removing the MIC and doing RBCD abuse. Demo in screenshots.
π₯ [ tweet ]